ID OPENVAS:1361412562310840663 Type openvas Reporter Copyright (c) 2011 Greenbone Networks GmbH Modified 2019-03-13T00:00:00
Description
Ubuntu Update for Linux kernel vulnerabilities USN-1133-1
###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_ubuntu_USN_1133_1.nasl 14132 2019-03-13 09:25:59Z cfischer $
#
# Ubuntu Update for linux USN-1133-1
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
if(description)
{
script_xref(name:"URL", value:"http://www.ubuntu.com/usn/usn-1133-1/");
script_oid("1.3.6.1.4.1.25623.1.0.840663");
script_version("$Revision: 14132 $");
script_tag(name:"last_modification", value:"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $");
script_tag(name:"creation_date", value:"2011-06-03 09:20:26 +0200 (Fri, 03 Jun 2011)");
script_tag(name:"cvss_base", value:"7.1");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:N/A:C");
script_xref(name:"USN", value:"1133-1");
script_cve_id("CVE-2010-4342", "CVE-2010-4527", "CVE-2010-4529", "CVE-2011-0521", "CVE-2011-0711");
script_name("Ubuntu Update for linux USN-1133-1");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
script_family("Ubuntu Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/ubuntu_linux", "ssh/login/packages", re:"ssh/login/release=UBUNTU8\.04 LTS");
script_tag(name:"summary", value:"Ubuntu Update for Linux kernel vulnerabilities USN-1133-1");
script_tag(name:"affected", value:"linux on Ubuntu 8.04 LTS");
script_tag(name:"solution", value:"Please Install the Updated Packages.");
script_tag(name:"insight", value:"Nelson Elhage discovered that Econet did not correctly handle AUN packets
over UDP. A local attacker could send specially crafted traffic to crash
the system, leading to a denial of service. (CVE-2010-4342)
Dan Rosenberg discovered that the OSS subsystem did not handle name
termination correctly. A local attacker could exploit this crash the system
or gain root privileges. (CVE-2010-4527)
Dan Rosenberg discovered that IRDA did not correctly check the size of
buffers. On non-x86 systems, a local attacker could exploit this to read
kernel heap memory, leading to a loss of privacy. (CVE-2010-4529)
Dan Carpenter discovered that the TTPCI DVB driver did not check certain
values during an ioctl. If the dvb-ttpci module was loaded, a local
attacker could exploit this to crash the system, leading to a denial of
service, or possibly gain root privileges. (CVE-2011-0521)
Dan Rosenberg discovered that XFS did not correctly initialize memory. A
local attacker could make crafted ioctl calls to leak portions of kernel
stack memory, leading to a loss of privacy. (CVE-2011-0711)");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-deb.inc");
release = dpkg_get_ssh_release();
if(!release)
exit(0);
res = "";
if(release == "UBUNTU8.04 LTS")
{
if ((res = isdpkgvuln(pkg:"linux-image-2.6.24-29-386", ver:"2.6.24-29.89", rls:"UBUNTU8.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"linux-image-2.6.24-29-generic", ver:"2.6.24-29.89", rls:"UBUNTU8.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"linux-image-2.6.24-29-hppa32", ver:"2.6.24-29.89", rls:"UBUNTU8.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"linux-image-2.6.24-29-hppa64", ver:"2.6.24-29.89", rls:"UBUNTU8.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"linux-image-2.6.24-29-itanium", ver:"2.6.24-29.89", rls:"UBUNTU8.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"linux-image-2.6.24-29-lpia", ver:"2.6.24-29.89", rls:"UBUNTU8.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"linux-image-2.6.24-29-lpiacompat", ver:"2.6.24-29.89", rls:"UBUNTU8.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"linux-image-2.6.24-29-mckinley", ver:"2.6.24-29.89", rls:"UBUNTU8.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"linux-image-2.6.24-29-openvz", ver:"2.6.24-29.89", rls:"UBUNTU8.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"linux-image-2.6.24-29-powerpc", ver:"2.6.24-29.89", rls:"UBUNTU8.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"linux-image-2.6.24-29-powerpc-smp", ver:"2.6.24-29.89", rls:"UBUNTU8.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"linux-image-2.6.24-29-powerpc64-smp", ver:"2.6.24-29.89", rls:"UBUNTU8.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"linux-image-2.6.24-29-rt", ver:"2.6.24-29.89", rls:"UBUNTU8.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"linux-image-2.6.24-29-server", ver:"2.6.24-29.89", rls:"UBUNTU8.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"linux-image-2.6.24-29-sparc64", ver:"2.6.24-29.89", rls:"UBUNTU8.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"linux-image-2.6.24-29-sparc64-smp", ver:"2.6.24-29.89", rls:"UBUNTU8.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"linux-image-2.6.24-29-virtual", ver:"2.6.24-29.89", rls:"UBUNTU8.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"linux-image-2.6.24-29-xen", ver:"2.6.24-29.89", rls:"UBUNTU8.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99);
exit(0);
}
{"id": "OPENVAS:1361412562310840663", "type": "openvas", "bulletinFamily": "scanner", "title": "Ubuntu Update for linux USN-1133-1", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1133-1", "published": "2011-06-03T00:00:00", "modified": "2019-03-13T00:00:00", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840663", "reporter": "Copyright (c) 2011 Greenbone Networks GmbH", "references": ["http://www.ubuntu.com/usn/usn-1133-1/", "1133-1"], "cvelist": ["CVE-2011-0521", "CVE-2010-4529", "CVE-2010-4527", "CVE-2011-0711", "CVE-2010-4342"], "lastseen": "2020-08-13T20:26:54", "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:11588", "SECURITYVULNS:VULN:11394", "SECURITYVULNS:DOC:26447", "SECURITYVULNS:DOC:26397", "SECURITYVULNS:DOC:26323", "SECURITYVULNS:DOC:25594"]}, {"type": "nessus", "idList": ["SUSE_KERNEL-7381.NASL", "UBUNTU_USN-1133-1.NASL", "UBUNTU_USN-1164-1.NASL", "SUSE_11_KERNEL-110228.NASL", "REDHAT-RHSA-2011-0263.NASL", "SUSE_KERNEL-7384.NASL", "SL_20110216_KERNEL_ON_SL4_X.NASL", "ORACLELINUX_ELSA-2011-0263.NASL", "DEBIAN_DSA-2153.NASL", "UBUNTU_USN-1111-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:68992", "OPENVAS:840671", "OPENVAS:1361412562310870396", "OPENVAS:1361412562310840671", "OPENVAS:1361412562310840693", "OPENVAS:840663", "OPENVAS:136141256231068992", "OPENVAS:1361412562310840638", "OPENVAS:840638", "OPENVAS:870396"]}, {"type": "ubuntu", "idList": ["USN-1133-1", "USN-1119-1", "USN-1187-1", "USN-1081-1", "USN-1141-1", "USN-1111-1", "USN-1164-1"]}, {"type": "cve", "idList": ["CVE-2010-4527", "CVE-2011-0521", "CVE-2010-4342", "CVE-2010-4529", "CVE-2011-0711"]}, {"type": "redhat", "idList": ["RHSA-2011:0429", "RHSA-2011:0263", "RHSA-2011:0439"]}, {"type": "suse", "idList": ["SUSE-SA:2011:012", "SUSE-SA:2011:017", "SUSE-SA:2011:020", "SUSE-SA:2011:015", "SUSE-SA:2011:008", "SUSE-SA:2011:021"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2153-1:FDD6A"]}, {"type": "oraclelinux", "idList": ["ELSA-2011-2014", "ELSA-2011-0263", "ELSA-2011-0429"]}, {"type": "centos", "idList": ["CESA-2011:0429"]}], "modified": "2020-08-13T20:26:54", "rev": 2}, "score": {"value": 7.3, "vector": "NONE", "modified": "2020-08-13T20:26:54", "rev": 2}, "vulnersScore": 7.3}, "pluginID": "1361412562310840663", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1133_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux USN-1133-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1133-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840663\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-06-03 09:20:26 +0200 (Fri, 03 Jun 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_xref(name:\"USN\", value:\"1133-1\");\n script_cve_id(\"CVE-2010-4342\", \"CVE-2010-4527\", \"CVE-2010-4529\", \"CVE-2011-0521\", \"CVE-2011-0711\");\n script_name(\"Ubuntu Update for linux USN-1133-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU8\\.04 LTS\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1133-1\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 8.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Nelson Elhage discovered that Econet did not correctly handle AUN packets\n over UDP. A local attacker could send specially crafted traffic to crash\n the system, leading to a denial of service. (CVE-2010-4342)\n\n Dan Rosenberg discovered that the OSS subsystem did not handle name\n termination correctly. A local attacker could exploit this crash the system\n or gain root privileges. (CVE-2010-4527)\n\n Dan Rosenberg discovered that IRDA did not correctly check the size of\n buffers. On non-x86 systems, a local attacker could exploit this to read\n kernel heap memory, leading to a loss of privacy. (CVE-2010-4529)\n\n Dan Carpenter discovered that the TTPCI DVB driver did not check certain\n values during an ioctl. If the dvb-ttpci module was loaded, a local\n attacker could exploit this to crash the system, leading to a denial of\n service, or possibly gain root privileges. (CVE-2011-0521)\n\n Dan Rosenberg discovered that XFS did not correctly initialize memory. A\n local attacker could make crafted ioctl calls to leak portions of kernel\n stack memory, leading to a loss of privacy. (CVE-2011-0711)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-386\", ver:\"2.6.24-29.89\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-generic\", ver:\"2.6.24-29.89\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-hppa32\", ver:\"2.6.24-29.89\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-hppa64\", ver:\"2.6.24-29.89\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-itanium\", ver:\"2.6.24-29.89\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-lpia\", ver:\"2.6.24-29.89\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-lpiacompat\", ver:\"2.6.24-29.89\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-mckinley\", ver:\"2.6.24-29.89\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-openvz\", ver:\"2.6.24-29.89\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-powerpc\", ver:\"2.6.24-29.89\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-powerpc-smp\", ver:\"2.6.24-29.89\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-powerpc64-smp\", ver:\"2.6.24-29.89\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-rt\", ver:\"2.6.24-29.89\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-server\", ver:\"2.6.24-29.89\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-sparc64\", ver:\"2.6.24-29.89\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-sparc64-smp\", ver:\"2.6.24-29.89\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-virtual\", ver:\"2.6.24-29.89\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-xen\", ver:\"2.6.24-29.89\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "naslFamily": "Ubuntu Local Security Checks"}
{"securityvulns": [{"lastseen": "2018-08-31T11:10:40", "bulletinFamily": "software", "cvelist": ["CVE-2011-0521", "CVE-2010-4529", "CVE-2010-4527", "CVE-2011-0711", "CVE-2010-4342"], "description": "==========================================================================\r\nUbuntu Security Notice USN-1133-1\r\nMay 24, 2011\r\n\r\nlinux vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its\r\nderivatives:\r\n\r\n- Ubuntu 8.04 LTS\r\n\r\nSummary:\r\n\r\nMultiple flaws in the Linux kernel.\r\n\r\nSoftware Description:\r\n- linux: Linux kernel\r\n\r\nDetails:\r\n\r\nNelson Elhage discovered that Econet did not correctly handle AUN\r\npackets\r\nover UDP. A local attacker could send specially crafted traffic to\r\ncrash\r\nthe system, leading to a denial of service. (CVE-2010-4342)\r\n\r\nDan Rosenberg discovered that the OSS subsystem did not handle name\r\ntermination correctly. A local attacker could exploit this crash the\r\nsystem\r\nor gain root privileges. (CVE-2010-4527)\r\n\r\nDan Rosenberg discovered that IRDA did not correctly check the size\r\nof\r\nbuffers. On non-x86 systems, a local attacker could exploit this to\r\nread\r\nkernel heap memory, leading to a loss of privacy. (CVE-2010-4529)\r\n\r\nDan Carpenter discovered that the TTPCI DVB driver did not check\r\ncertain\r\nvalues during an ioctl. If the dvb-ttpci module was loaded, a local\r\nattacker could exploit this to crash the system, leading to a denial\r\nof\r\nservice, or possibly gain root privileges. (CVE-2011-0521)\r\n\r\nDan Rosenberg discovered that XFS did not correctly initialize\r\nmemory. A\r\nlocal attacker could make crafted ioctl calls to leak portions of\r\nkernel\r\nstack memory, leading to a loss of privacy. (CVE-2011-0711)\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 8.04 LTS:\r\n linux-image-2.6.24-29-386 2.6.24-29.89\r\n linux-image-2.6.24-29-generic 2.6.24-29.89\r\n linux-image-2.6.24-29-hppa32 2.6.24-29.89\r\n linux-image-2.6.24-29-hppa64 2.6.24-29.89\r\n linux-image-2.6.24-29-itanium 2.6.24-29.89\r\n linux-image-2.6.24-29-lpia 2.6.24-29.89\r\n linux-image-2.6.24-29-lpiacompat 2.6.24-29.89\r\n linux-image-2.6.24-29-mckinley 2.6.24-29.89\r\n linux-image-2.6.24-29-openvz 2.6.24-29.89\r\n linux-image-2.6.24-29-powerpc 2.6.24-29.89\r\n linux-image-2.6.24-29-powerpc-smp 2.6.24-29.89\r\n linux-image-2.6.24-29-powerpc64-smp 2.6.24-29.89\r\n linux-image-2.6.24-29-rt 2.6.24-29.89\r\n linux-image-2.6.24-29-server 2.6.24-29.89\r\n linux-image-2.6.24-29-sparc64 2.6.24-29.89\r\n linux-image-2.6.24-29-sparc64-smp 2.6.24-29.89\r\n linux-image-2.6.24-29-virtual 2.6.24-29.89\r\n linux-image-2.6.24-29-xen 2.6.24-29.89\r\n\r\nAfter a standard system update you need to reboot your computer to\r\nmake\r\nall the necessary changes.\r\n\r\nReferences:\r\n CVE-2010-4342, CVE-2010-4527, CVE-2010-4529, CVE-2011-0521,\r\n CVE-2011-0711\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/linux/2.6.24-29.89\r\n", "edition": 1, "modified": "2011-05-25T00:00:00", "published": "2011-05-25T00:00:00", "id": "SECURITYVULNS:DOC:26397", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:26397", "title": "[USN-1133-1] Linux kernel vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:40", "bulletinFamily": "software", "cvelist": ["CVE-2011-1017", "CVE-2011-0521", "CVE-2010-4529", "CVE-2011-0695", "CVE-2010-4527", "CVE-2010-4258", "CVE-2010-4249", "CVE-2010-4342", "CVE-2010-4164"], "description": "==========================================================================\r\nUbuntu Security Notice USN-1111-1\r\nMay 05, 2011\r\n\r\nlinux-source-2.6.15 vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 6.06 LTS\r\n\r\nSummary:\r\n\r\nMultiple flaws fixed in the Linux kernel.\r\n\r\nSoftware Description:\r\n- linux-source-2.6.15: Linux kernel\r\n\r\nDetails:\r\n\r\nDan Rosenberg discovered multiple flaws in the X.25 facilities parsing. If\r\na system was using X.25, a remote attacker could exploit this to crash the\r\nsystem, leading to a denial of service. (CVE-2010-4164)\r\n\r\nVegard Nossum discovered that memory garbage collection was not handled\r\ncorrectly for active sockets. A local attacker could exploit this to\r\nallocate all available kernel memory, leading to a denial of service.\r\n(CVE-2010-4249)\r\n\r\nNelson Elhage discovered that the kernel did not correctly handle process\r\ncleanup after triggering a recoverable kernel bug. If a local attacker were\r\nable to trigger certain kinds of kernel bugs, they could create a specially\r\ncrafted process to gain root privileges. (CVE-2010-4258)\r\n\r\nNelson Elhage discovered that Econet did not correctly handle AUN packets\r\nover UDP. A local attacker could send specially crafted traffic to crash\r\nthe system, leading to a denial of service. (CVE-2010-4342)\r\n\r\nDan Rosenberg discovered that the OSS subsystem did not handle name\r\ntermination correctly. A local attacker could exploit this crash the system\r\nor gain root privileges. (CVE-2010-4527)\r\n\r\nDan Rosenberg discovered that IRDA did not correctly check the size of\r\nbuffers. On non-x86 systems, a local attacker could exploit this to read\r\nkernel heap memory, leading to a loss of privacy. (CVE-2010-4529)\r\n\r\nDan Carpenter discovered that the TTPCI DVB driver did not check certain\r\nvalues during an ioctl. If the dvb-ttpci module was loaded, a local\r\nattacker could exploit this to crash the system, leading to a denial of\r\nservice, or possibly gain root privileges. (CVE-2011-0521)\r\n\r\nJens Kuehnel discovered that the InfiniBand driver contained a race\r\ncondition. On systems using InfiniBand, a local attacker could send\r\nspecially crafted requests to crash the system, leading to a denial of\r\nservice. (CVE-2011-0695)\r\n\r\nTimo Warns discovered that the LDM disk partition handling code did not\r\ncorrectly handle certain values. By inserting a specially crafted disk\r\ndevice, a local attacker could exploit this to gain root privileges.\r\n(CVE-2011-1017)\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 6.06 LTS:\r\n linux-image-2.6.15-57-386 2.6.15-57.97\r\n linux-image-2.6.15-57-686 2.6.15-57.97\r\n linux-image-2.6.15-57-amd64-generic 2.6.15-57.97\r\n linux-image-2.6.15-57-amd64-k8 2.6.15-57.97\r\n linux-image-2.6.15-57-amd64-server 2.6.15-57.97\r\n linux-image-2.6.15-57-amd64-xeon 2.6.15-57.97\r\n linux-image-2.6.15-57-hppa32 2.6.15-57.97\r\n linux-image-2.6.15-57-hppa32-smp 2.6.15-57.97\r\n linux-image-2.6.15-57-hppa64 2.6.15-57.97\r\n linux-image-2.6.15-57-hppa64-smp 2.6.15-57.97\r\n linux-image-2.6.15-57-itanium 2.6.15-57.97\r\n linux-image-2.6.15-57-itanium-smp 2.6.15-57.97\r\n linux-image-2.6.15-57-k7 2.6.15-57.97\r\n linux-image-2.6.15-57-mckinley 2.6.15-57.97\r\n linux-image-2.6.15-57-mckinley-smp 2.6.15-57.97\r\n linux-image-2.6.15-57-powerpc 2.6.15-57.97\r\n linux-image-2.6.15-57-powerpc-smp 2.6.15-57.97\r\n linux-image-2.6.15-57-powerpc64-smp 2.6.15-57.97\r\n linux-image-2.6.15-57-server 2.6.15-57.97\r\n linux-image-2.6.15-57-server-bigiron 2.6.15-57.97\r\n linux-image-2.6.15-57-sparc64 2.6.15-57.97\r\n linux-image-2.6.15-57-sparc64-smp 2.6.15-57.97\r\n\r\nAfter a standard system update you need to reboot your computer to make\r\nall the necessary changes.\r\n\r\nReferences:\r\n CVE-2010-4164, CVE-2010-4249, CVE-2010-4258, CVE-2010-4342,\r\n CVE-2010-4527, CVE-2010-4529, CVE-2011-0521, CVE-2011-0695,\r\n CVE-2011-1017\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/linux-source-2.6.15/2.6.15-57.97\r\n", "edition": 1, "modified": "2011-05-08T00:00:00", "published": "2011-05-08T00:00:00", "id": "SECURITYVULNS:DOC:26323", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:26323", "title": "[USN-1111-1] Linux kernel vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:38", "bulletinFamily": "software", "cvelist": ["CVE-2010-4242", "CVE-2011-0521", "CVE-2010-4163", "CVE-2010-4529", "CVE-2010-4668", "CVE-2010-4346", "CVE-2010-4527", "CVE-2010-4649", "CVE-2010-0435", "CVE-2010-4656", "CVE-2010-4158", "CVE-2010-4526", "CVE-2010-4162", "CVE-2010-4258", "CVE-2010-4248", "CVE-2010-4243", "CVE-2010-4249", "CVE-2010-4342", "CVE-2010-3699", "CVE-2010-4565"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA256\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2153-1 security@debian.org\r\nhttp://www.debian.org/security/ dann frazier\r\nJanuary 30, 2011 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : linux-2.6\r\nVulnerability : privilege escalation/denial of service/information leak\r\nProblem type : local/remote\r\nDebian-specific: no\r\nCVE Id(s) : CVE-2010-0435 CVE-2010-3699 CVE-2010-4158 CVE-2010-4162 \r\n CVE-2010-4163 CVE-2010-4242 CVE-2010-4243 CVE-2010-4248 \r\n CVE-2010-4249 CVE-2010-4258 CVE-2010-4342 CVE-2010-4346 \r\n CVE-2010-4526 CVE-2010-4527 CVE-2010-4529 CVE-2010-4565 \r\n CVE-2010-4649 CVE-2010-4656 CVE-2010-4668 CVE-2011-0521\r\n\r\nSeveral vulnerabilities have been discovered in the Linux kernel that may lead\r\nto a privilege escalation, denial of service or information leak. The Common\r\nVulnerabilities and Exposures project identifies the following problems:\r\n\r\nCVE-2010-0435\r\n\r\n Gleb Napatov reported an issue in the KVM subsystem that allows virtual\r\n machines to cause a denial of service of the host machine by executing mov\r\n to/from DR instructions.\r\n\r\nCVE-2010-3699\r\n\r\n Keir Fraser provided a fix for an issue in the Xen subsystem. A guest can\r\n cause a denial of service on the host by retaining a leaked reference to a\r\n device. This can result in a zombie domain, xenwatch process hangs, and xm\r\n command failures.\r\n\r\nCVE-2010-4158\r\n\r\n Dan Rosenberg discovered an issue in the socket filters subsystem, allowing\r\n local unprivileged users to obtain the contents of sensitive kernel memory.\r\n\r\nCVE-2010-4162\r\n\r\n Dan Rosenberg discovered an overflow issue in the block I/O subsystem that\r\n allows local users to map large numbers of pages, resulting in a denial of\r\n service due to invocation of the out of memory killer.\r\n\r\nCVE-2010-4163\r\n\r\n Dan Rosenberg discovered an issue in the block I/O subsystem. Due to\r\n improper validation of iov segments, local users can trigger a kernel panic\r\n resulting in a denial of service.\r\n\r\nCVE-2010-4242\r\n\r\n Alan Cox reported an issue in the Bluetooth subsystem. Local users with\r\n sufficient permission to access HCI UART devices can cause a denial of\r\n service (NULL pointer dereference) due to a missing check for an existing\r\n tty write operation.\r\n\r\nCVE-2010-4243\r\n\r\n Brad Spengler reported a denial-of-service issue in the kernel memory\r\n accounting system. By passing large argv/envp values to exec, local users\r\n can cause the out of memory killer to kill processes owned by other users.\r\n\r\nCVE-2010-4248\r\n\r\n Oleg Nesterov reported an issue in the POSIX CPU timers subsystem. Local\r\n users can cause a denial of service (Oops) due to incorrect assumptions\r\n about thread group leader behavior.\r\n\r\nCVE-2010-4249\r\n\r\n Vegard Nossum reported an issue with the UNIX socket garbage collector.\r\n Local users can consume all of LOWMEM and decrease system performance by\r\n overloading the system with inflight sockets.\r\n\r\nCVE-2010-4258\r\n\r\n Nelson Elhage reported an issue in Linux oops handling. Local users may be\r\n able to obtain elevated privileges if they are able to trigger an oops with\r\n a process' fs set to KERNEL_DS.\r\n\r\nCVE-2010-4342\r\n\r\n Nelson Elhage reported an issue in the econet protocol. Remote attackers can\r\n cause a denial of service by sending an Acorn Universal Networking packet\r\n over UDP.\r\n\r\nCVE-2010-4346\r\n\r\n Tavis Ormandy discovered an issue in the install_special_mapping routine\r\n which allows local users to bypass the mmap_min_addr security restriction.\r\n Combined with an otherwise low severity local denial of service\r\n vulnerability (NULL pointer dereference), a local user could obtain elevated\r\n privileges.\r\n\r\nCVE-2010-4526\r\n\r\n Eugene Teo reported a race condition in the Linux SCTP implementation.\r\n Remote users can cause a denial of service (kernel memory corruption) by\r\n transmitting an ICMP unreachable message to a locked socket.\r\n\r\nCVE-2010-4527\r\n\r\n Dan Rosenberg reported two issues in the OSS soundcard driver. Local users\r\n with access to the device (members of group 'audio' on default Debian\r\n installations) may contain access to sensitive kernel memory or cause a\r\n buffer overflow, potentially leading to an escalation of privileges.\r\n\r\nCVE-2010-4529\r\n\r\n Dan Rosenberg reported an issue in the Linux kernel IrDA socket\r\n implementation on non-x86 architectures. Local users may be able to gain\r\n access to sensitive kernel memory via a specially crafted IRLMP_ENUMDEVICES\r\n getsockopt call.\r\n\r\nCVE-2010-4565\r\n\r\n Dan Rosenberg reported an issue in the Linux CAN protocol implementation.\r\n Local users can obtain the address of a kernel heap object which might help\r\n facilitate system exploitation.\r\n\r\nCVE-2010-4649\r\n\r\n Dan Carpenter reported an issue in the uverb handling of the InfiniBand\r\n subsystem. A potential buffer overflow may allow local users to cause a\r\n denial of service (memory corruption) by passing in a large cmd.ne value.\r\n\r\nCVE-2010-4656\r\n\r\n Kees Cook reported an issue in the driver for I/O-Warrior USB devices.\r\n Local users with access to these devices maybe able to overrun kernel\r\n buffers, resulting in a denial of service or privilege escalation.\r\n\r\nCVE-2010-4668\r\n\r\n Dan Rosenberg reported an issue in the block subsystem. A local user can\r\n cause a denial of service (kernel panic) by submitting certain 0-length I/O\r\n requests.\r\n\r\nCVE-2011-0521\r\n\r\n Dan Carpenter reported an issue in the DVB driver for AV7110 cards. Local\r\n users can pass a negative info->num value, corrupting kernel memory and\r\n causing a denial of service.\r\n\r\nFor the stable distribution (lenny), this problem has been fixed in\r\nversion 2.6.26-26lenny2.\r\n\r\nThe following matrix lists additional source packages that were rebuilt for\r\ncompatibility with or to take advantage of this update:\r\n\r\n Debian 5.0 (lenny)\r\n user-mode-linux 2.6.26-1um-2+26lenny2\r\n\r\nWe recommend that you upgrade your linux-2.6 and user-mode-linux packages.\r\n\r\nNote that these updates will not become active until after your system is\r\nrebooted.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: http://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.10 (GNU/Linux)\r\n\r\niQIcBAEBCAAGBQJNRQQVAAoJEBv4PF5U/IZAH/4P/RxhngAjXnE7T6V2ReVQ7U0U\r\nqh0NKKHfEUIRmK6v4t3LkKiVTDswArOUtt3JUThs9J/TgLJjQyAIjOAQWk7Hgy6G\r\n5BNyCkndO5X2Cfl1Q69NhPljpjPD5emyqytw39Q0MyTWQf91DpXz+sgmozij52nk\r\ncR1pl7UcCzUozr5DVgNTOtuRjbgavSiuEXwpfDF9rX7+I+zkLyfs70uH3FcNvK0k\r\nfcl6rFTG25pGGHyEC9uW5VfZ/EKJn1QFlxabwACvxL/sODQtGg7obWFvxYKUSuBh\r\n7yRfsxOaZeKPco7SLG0aI4JAk7rpRgAkbpPq2/su/LtOXsP67xuus0X1O4scp+eW\r\nPojK7ESyE89GCoVCHEVqh1HjQW3OeBea0j9oLWHe4K0enswcpc2b3MzvOXf0lU53\r\nhx1QTzMGHcH19a/LDDZ5AtdP2mkxSChOFAvQMBJW0fAu4Dd/w7VxwK2znMg3UnR+\r\nuRsLlYk75jlKjlZ2Ol1E/KHmW2RP/Msn9HgWxywvMPaFoOcwZhDPUKl+H5uEhux6\r\nprHCrL70Uo/MwSp6N3u2qH2Rtkk8OK1OdefdMp+/Tn7AHu4FlbqMKI41OFOtLxME\r\nwkXSy//QGPm/pLNOsd4Jp8AtC/2UeHNv1m46GgiCGGvc7fngKIpBgQLst1pgWsjZ\r\nMC+/ZgUkQGUrY/0pi/dN\r\n=wlsd\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2011-02-02T00:00:00", "published": "2011-02-02T00:00:00", "id": "SECURITYVULNS:DOC:25594", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:25594", "title": "[SECURITY] [DSA 2153-1] linux-2.6 security update", "type": "securityvulns", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:40", "bulletinFamily": "software", "cvelist": ["CVE-2011-0521", "CVE-2010-4163", "CVE-2010-4529", "CVE-2010-4668", "CVE-2010-4165", "CVE-2010-4346", "CVE-2010-4527", "CVE-2010-4649", "CVE-2010-0435", "CVE-2010-3086", "CVE-2010-4169", "CVE-2010-4656", "CVE-2010-4158", "CVE-2010-4526", "CVE-2010-4162", "CVE-2011-1044", "CVE-2010-4249", "CVE-2010-4157", "CVE-2010-4342", "CVE-2010-4160", "CVE-2010-4565"], "description": "DoS via sendmsg, mprotect, setsockopt, Hypervisor/KVM etc, information leaks, privilege escalation.", "edition": 1, "modified": "2011-02-02T00:00:00", "published": "2011-02-02T00:00:00", "id": "SECURITYVULNS:VULN:11394", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11394", "title": "Linux kernel multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:41", "bulletinFamily": "software", "cvelist": ["CVE-2011-1776", "CVE-2011-0711", "CVE-2011-1577"], "description": "Buffer overflow on partiotion GUID parsing.", "edition": 1, "modified": "2011-05-25T00:00:00", "published": "2011-05-25T00:00:00", "id": "SECURITYVULNS:VULN:11588", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11588", "title": "Linux kernel EFI/XFS DoS", "type": "securityvulns", "cvss": {"score": 5.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:40", "bulletinFamily": "software", "cvelist": ["CVE-2011-0521", "CVE-2010-4529", "CVE-2011-0695", "CVE-2011-1083", "CVE-2011-1012", "CVE-2010-4656", "CVE-2011-0463", "CVE-2010-4263", "CVE-2011-0712", "CVE-2011-1019", "CVE-2010-4243", "CVE-2011-1013", "CVE-2010-4342", "CVE-2011-1010", "CVE-2011-1016", "CVE-2011-1082", "CVE-2011-0726", "CVE-2011-1182", "CVE-2010-4565"], "description": "==========================================================================\r\nUbuntu Security Notice USN-1141-1\r\nMay 31, 2011\r\n\r\nlinux, linux-ec2 vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 10.04 LTS\r\n\r\nSummary:\r\n\r\nMultiple kernel vulnerabilities have been fixed.\r\n\r\nSoftware Description:\r\n- linux: Linux kernel\r\n- linux-ec2: Linux kernel for EC2\r\n\r\nDetails:\r\n\r\nBrad Spengler discovered that the kernel did not correctly account for\r\nuserspace memory allocations during exec() calls. A local attacker could\r\nexploit this to consume all system memory, leading to a denial of service.\r\n(CVE-2010-4243)\r\n\r\nAlexander Duyck discovered that the Intel Gigabit Ethernet driver did not\r\ncorrectly handle certain configurations. If such a device was configured\r\nwithout VLANs, a remote attacker could crash the system, leading to a\r\ndenial of service. (CVE-2010-4263)\r\n\r\nNelson Elhage discovered that Econet did not correctly handle AUN packets\r\nover UDP. A local attacker could send specially crafted traffic to crash\r\nthe system, leading to a denial of service. (CVE-2010-4342)\r\n\r\nDan Rosenberg discovered that IRDA did not correctly check the size of\r\nbuffers. On non-x86 systems, a local attacker could exploit this to read\r\nkernel heap memory, leading to a loss of privacy. (CVE-2010-4529)\r\n\r\nDan Rosenburg discovered that the CAN subsystem leaked kernel addresses\r\ninto the /proc filesystem. A local attacker could use this to increase\r\nthe chances of a successful memory corruption exploit. (CVE-2010-4565)\r\n\r\nKees Cook discovered that the IOWarrior USB device driver did not\r\ncorrectly check certain size fields. A local attacker with physical\r\naccess could plug in a specially crafted USB device to crash the system\r\nor potentially gain root privileges. (CVE-2010-4656)\r\n\r\nGoldwyn Rodrigues discovered that the OCFS2 filesystem did not correctly\r\nclear memory when writing certain file holes. A local attacker could\r\nexploit this to read uninitialized data from the disk, leading to a loss\r\nof privacy. (CVE-2011-0463)\r\n\r\nDan Carpenter discovered that the TTPCI DVB driver did not check certain\r\nvalues during an ioctl. If the dvb-ttpci module was loaded, a local\r\nattacker could exploit this to crash the system, leading to a denial of\r\nservice, or possibly gain root privileges. (CVE-2011-0521)\r\n\r\nJens Kuehnel discovered that the InfiniBand driver contained a race\r\ncondition. On systems using InfiniBand, a local attacker could send\r\nspecially crafted requests to crash the system, leading to a denial of\r\nservice. (CVE-2011-0695)\r\n\r\nRafael Dominguez Vega discovered that the caiaq Native Instruments USB\r\ndriver did not correctly validate string lengths. A local attacker with\r\nphysical access could plug in a specially crafted USB device to crash\r\nthe system or potentially gain root privileges. (CVE-2011-0712)\r\n\r\nKees Cook reported that /proc/pid/stat did not correctly filter certain\r\nmemory locations. A local attacker could determine the memory layout of\r\nprocesses in an attempt to increase the chances of a successful memory\r\ncorruption exploit. (CVE-2011-0726)\r\n\r\nTimo Warns discovered that MAC partition parsing routines did not\r\ncorrectly calculate block counts. A local attacker with physical access\r\ncould plug in a specially crafted block device to crash the system or\r\npotentially gain root privileges. (CVE-2011-1010)\r\n\r\nTimo Warns discovered that LDM partition parsing routines did not\r\ncorrectly calculate block counts. A local attacker with physical access\r\ncould plug in a specially crafted block device to crash the system, leading\r\nto a denial of service. (CVE-2011-1012)\r\n\r\nMatthiew Herrb discovered that the drm modeset interface did not correctly\r\nhandle a signed comparison. A local attacker could exploit this to crash\r\nthe system or possibly gain root privileges. (CVE-2011-1013)\r\n\r\nMarek Olsak discovered that the Radeon GPU drivers did not correctly\r\nvalidate certain registers. On systems with specific hardware,\r\na local attacker could exploit this to write to arbitrary video\r\nmemory. (CVE-2011-1016)\r\n\r\nVasiliy Kulikov discovered that the CAP_SYS_MODULE capability was not\r\nneeded to load kernel modules. A local attacker with the CAP_NET_ADMIN\r\ncapability could load existing kernel modules, possibly increasing the\r\nattack surface available on the system. (CVE-2011-1019)\r\n\r\nNelson Elhage discovered that the epoll subsystem did not correctly handle\r\ncertain structures. A local attacker could create malicious requests that\r\nwould hang the system, leading to a denial of service. (CVE-2011-1082)\r\n\r\nNelson Elhage discovered that the epoll subsystem did not correctly handle\r\ncertain structures. A local attacker could create malicious requests that\r\nwould consume large amounts of CPU, leading to a denial of service.\r\n(CVE-2011-1083)\r\n\r\nJulien Tinnes discovered that the kernel did not correctly validate\r\nthe signal structure from tkill(). A local attacker could exploit\r\nthis to send signals to arbitrary threads, possibly bypassing expected\r\nrestrictions. (CVE-2011-1182)\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 10.04 LTS:\r\n linux-image-2.6.32-316-ec2 2.6.32-316.31\r\n linux-image-2.6.32-32-386 2.6.32-32.62\r\n linux-image-2.6.32-32-generic 2.6.32-32.62\r\n linux-image-2.6.32-32-generic-pae 2.6.32-32.62\r\n linux-image-2.6.32-32-ia64 2.6.32-32.62\r\n linux-image-2.6.32-32-lpia 2.6.32-32.62\r\n linux-image-2.6.32-32-powerpc 2.6.32-32.62\r\n linux-image-2.6.32-32-powerpc-smp 2.6.32-32.62\r\n linux-image-2.6.32-32-powerpc64-smp 2.6.32-32.62\r\n linux-image-2.6.32-32-preempt 2.6.32-32.62\r\n linux-image-2.6.32-32-server 2.6.32-32.62\r\n linux-image-2.6.32-32-sparc64 2.6.32-32.62\r\n linux-image-2.6.32-32-sparc64-smp 2.6.32-32.62\r\n linux-image-2.6.32-32-versatile 2.6.32-32.62\r\n linux-image-2.6.32-32-virtual 2.6.32-32.62\r\n\r\nAfter a standard system update you need to reboot your computer to make\r\nall the necessary changes.\r\n\r\nATTENTION: Due to an unavoidable ABI change the kernel updates have\r\nbeen given a new version number, which requires you to recompile and\r\nreinstall all third party kernel modules you might have installed. If\r\nyou use linux-restricted-modules, you have to update that package as\r\nwell to get modules which work with the new kernel version. Unless you\r\nmanually uninstalled the standard kernel metapackages (e.g. linux-generic,\r\nlinux-server, linux-powerpc), a standard system upgrade will automatically\r\nperform this as well.\r\n\r\nReferences:\r\n CVE-2010-4243, CVE-2010-4263, CVE-2010-4342, CVE-2010-4529,\r\n CVE-2010-4565, CVE-2010-4656, CVE-2011-0463, CVE-2011-0521,\r\n CVE-2011-0695, CVE-2011-0712, CVE-2011-0726, CVE-2011-1010,\r\n CVE-2011-1012, CVE-2011-1013, CVE-2011-1016, CVE-2011-1019,\r\n CVE-2011-1082, CVE-2011-1083, CVE-2011-1182\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/linux/2.6.32-32.62\r\n https://launchpad.net/ubuntu/+source/linux-ec2/2.6.32-316.31\r\n", "edition": 1, "modified": "2011-06-02T00:00:00", "published": "2011-06-02T00:00:00", "id": "SECURITYVULNS:DOC:26447", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:26447", "title": "[USN-1141-1] Linux kernel vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2017-12-04T11:26:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0521", "CVE-2010-4529", "CVE-2010-4527", "CVE-2011-0711", "CVE-2010-4342"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1133-1", "modified": "2017-12-01T00:00:00", "published": "2011-06-03T00:00:00", "id": "OPENVAS:840663", "href": "http://plugins.openvas.org/nasl.php?oid=840663", "type": "openvas", "title": "Ubuntu Update for linux USN-1133-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1133_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for linux USN-1133-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Nelson Elhage discovered that Econet did not correctly handle AUN packets\n over UDP. A local attacker could send specially crafted traffic to crash\n the system, leading to a denial of service. (CVE-2010-4342)\n\n Dan Rosenberg discovered that the OSS subsystem did not handle name\n termination correctly. A local attacker could exploit this crash the system\n or gain root privileges. (CVE-2010-4527)\n \n Dan Rosenberg discovered that IRDA did not correctly check the size of\n buffers. On non-x86 systems, a local attacker could exploit this to read\n kernel heap memory, leading to a loss of privacy. (CVE-2010-4529)\n \n Dan Carpenter discovered that the TTPCI DVB driver did not check certain\n values during an ioctl. If the dvb-ttpci module was loaded, a local\n attacker could exploit this to crash the system, leading to a denial of\n service, or possibly gain root privileges. (CVE-2011-0521)\n \n Dan Rosenberg discovered that XFS did not correctly initialize memory. A\n local attacker could make crafted ioctl calls to leak portions of kernel\n stack memory, leading to a loss of privacy. (CVE-2011-0711)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1133-1\";\ntag_affected = \"linux on Ubuntu 8.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1133-1/\");\n script_id(840663);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-06-03 09:20:26 +0200 (Fri, 03 Jun 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"USN\", value: \"1133-1\");\n script_cve_id(\"CVE-2010-4342\", \"CVE-2010-4527\", \"CVE-2010-4529\", \"CVE-2011-0521\", \"CVE-2011-0711\");\n script_name(\"Ubuntu Update for linux USN-1133-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-386\", ver:\"2.6.24-29.89\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-generic\", ver:\"2.6.24-29.89\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-hppa32\", ver:\"2.6.24-29.89\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-hppa64\", ver:\"2.6.24-29.89\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-itanium\", ver:\"2.6.24-29.89\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-lpia\", ver:\"2.6.24-29.89\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-lpiacompat\", ver:\"2.6.24-29.89\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-mckinley\", ver:\"2.6.24-29.89\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-openvz\", ver:\"2.6.24-29.89\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-powerpc\", ver:\"2.6.24-29.89\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-powerpc-smp\", ver:\"2.6.24-29.89\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-powerpc64-smp\", ver:\"2.6.24-29.89\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-rt\", ver:\"2.6.24-29.89\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-server\", ver:\"2.6.24-29.89\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-sparc64\", ver:\"2.6.24-29.89\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-sparc64-smp\", ver:\"2.6.24-29.89\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-virtual\", ver:\"2.6.24-29.89\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-xen\", ver:\"2.6.24-29.89\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:27:15", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1017", "CVE-2011-0521", "CVE-2010-4529", "CVE-2011-0695", "CVE-2010-4527", "CVE-2010-4258", "CVE-2010-4249", "CVE-2010-4342", "CVE-2010-4164"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1111-1", "modified": "2017-12-01T00:00:00", "published": "2011-05-10T00:00:00", "id": "OPENVAS:840638", "href": "http://plugins.openvas.org/nasl.php?oid=840638", "type": "openvas", "title": "Ubuntu Update for linux-source-2.6.15 USN-1111-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1111_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for linux-source-2.6.15 USN-1111-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Dan Rosenberg discovered multiple flaws in the X.25 facilities parsing. If\n a system was using X.25, a remote attacker could exploit this to crash the\n system, leading to a denial of service. (CVE-2010-4164)\n\n Vegard Nossum discovered that memory garbage collection was not handled\n correctly for active sockets. A local attacker could exploit this to\n allocate all available kernel memory, leading to a denial of service.\n (CVE-2010-4249)\n \n Nelson Elhage discovered that the kernel did not correctly handle process\n cleanup after triggering a recoverable kernel bug. If a local attacker were\n able to trigger certain kinds of kernel bugs, they could create a specially\n crafted process to gain root privileges. (CVE-2010-4258)\n \n Nelson Elhage discovered that Econet did not correctly handle AUN packets\n over UDP. A local attacker could send specially crafted traffic to crash\n the system, leading to a denial of service. (CVE-2010-4342)\n \n Dan Rosenberg discovered that the OSS subsystem did not handle name\n termination correctly. A local attacker could exploit this crash the system\n or gain root privileges. (CVE-2010-4527)\n \n Dan Rosenberg discovered that IRDA did not correctly check the size of\n buffers. On non-x86 systems, a local attacker could exploit this to read\n kernel heap memory, leading to a loss of privacy. (CVE-2010-4529)\n \n Dan Carpenter discovered that the TTPCI DVB driver did not check certain\n values during an ioctl. If the dvb-ttpci module was loaded, a local\n attacker could exploit this to crash the system, leading to a denial of\n service, or possibly gain root privileges. (CVE-2011-0521)\n \n Jens Kuehnel discovered that the InfiniBand driver contained a race\n condition. On systems using InfiniBand, a local attacker could send\n specially crafted requests to crash the system, leading to a denial of\n service. (CVE-2011-0695)\n \n Timo Warns discovered that the LDM disk partition handling code did not\n correctly handle certain values. By inserting a specially crafted disk\n device, a local attacker could exploit this to gain root privileges.\n (CVE-2011-1017)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1111-1\";\ntag_affected = \"linux-source-2.6.15 on Ubuntu 6.06 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1111-1/\");\n script_id(840638);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-05-10 14:04:15 +0200 (Tue, 10 May 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"USN\", value: \"1111-1\");\n script_cve_id(\"CVE-2010-4164\", \"CVE-2010-4249\", \"CVE-2010-4258\", \"CVE-2010-4342\", \"CVE-2010-4527\", \"CVE-2010-4529\", \"CVE-2011-0521\", \"CVE-2011-0695\", \"CVE-2011-1017\");\n script_name(\"Ubuntu Update for linux-source-2.6.15 USN-1111-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU6.06 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.15-57-386\", ver:\"2.6.15-57.97\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.15-57-686\", ver:\"2.6.15-57.97\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.15-57-amd64-generic\", ver:\"2.6.15-57.97\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.15-57-amd64-k8\", ver:\"2.6.15-57.97\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.15-57-amd64-server\", ver:\"2.6.15-57.97\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.15-57-amd64-xeon\", ver:\"2.6.15-57.97\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.15-57-hppa32\", ver:\"2.6.15-57.97\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.15-57-hppa32-smp\", ver:\"2.6.15-57.97\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.15-57-hppa64\", ver:\"2.6.15-57.97\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.15-57-hppa64-smp\", ver:\"2.6.15-57.97\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.15-57-itanium\", ver:\"2.6.15-57.97\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.15-57-itanium-smp\", ver:\"2.6.15-57.97\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.15-57-k7\", ver:\"2.6.15-57.97\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.15-57-mckinley\", ver:\"2.6.15-57.97\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.15-57-mckinley-smp\", ver:\"2.6.15-57.97\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.15-57-powerpc\", ver:\"2.6.15-57.97\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.15-57-powerpc-smp\", ver:\"2.6.15-57.97\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.15-57-powerpc64-smp\", ver:\"2.6.15-57.97\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.15-57-server\", ver:\"2.6.15-57.97\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.15-57-server-bigiron\", ver:\"2.6.15-57.97\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.15-57-sparc64\", ver:\"2.6.15-57.97\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.15-57-sparc64-smp\", ver:\"2.6.15-57.97\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:29", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1017", "CVE-2011-0521", "CVE-2010-4529", "CVE-2011-0695", "CVE-2010-4527", "CVE-2010-4258", "CVE-2010-4249", "CVE-2010-4342", "CVE-2010-4164"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1111-1", "modified": "2019-03-13T00:00:00", "published": "2011-05-10T00:00:00", "id": "OPENVAS:1361412562310840638", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840638", "type": "openvas", "title": "Ubuntu Update for linux-source-2.6.15 USN-1111-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1111_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux-source-2.6.15 USN-1111-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1111-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840638\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-05-10 14:04:15 +0200 (Tue, 10 May 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name:\"USN\", value:\"1111-1\");\n script_cve_id(\"CVE-2010-4164\", \"CVE-2010-4249\", \"CVE-2010-4258\", \"CVE-2010-4342\", \"CVE-2010-4527\", \"CVE-2010-4529\", \"CVE-2011-0521\", \"CVE-2011-0695\", \"CVE-2011-1017\");\n script_name(\"Ubuntu Update for linux-source-2.6.15 USN-1111-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU6\\.06 LTS\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1111-1\");\n script_tag(name:\"affected\", value:\"linux-source-2.6.15 on Ubuntu 6.06 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Dan Rosenberg discovered multiple flaws in the X.25 facilities parsing. If\n a system was using X.25, a remote attacker could exploit this to crash the\n system, leading to a denial of service. (CVE-2010-4164)\n\n Vegard Nossum discovered that memory garbage collection was not handled\n correctly for active sockets. A local attacker could exploit this to\n allocate all available kernel memory, leading to a denial of service.\n (CVE-2010-4249)\n\n Nelson Elhage discovered that the kernel did not correctly handle process\n cleanup after triggering a recoverable kernel bug. If a local attacker were\n able to trigger certain kinds of kernel bugs, they could create a specially\n crafted process to gain root privileges. (CVE-2010-4258)\n\n Nelson Elhage discovered that Econet did not correctly handle AUN packets\n over UDP. A local attacker could send specially crafted traffic to crash\n the system, leading to a denial of service. (CVE-2010-4342)\n\n Dan Rosenberg discovered that the OSS subsystem did not handle name\n termination correctly. A local attacker could exploit this crash the system\n or gain root privileges. (CVE-2010-4527)\n\n Dan Rosenberg discovered that IRDA did not correctly check the size of\n buffers. On non-x86 systems, a local attacker could exploit this to read\n kernel heap memory, leading to a loss of privacy. (CVE-2010-4529)\n\n Dan Carpenter discovered that the TTPCI DVB driver did not check certain\n values during an ioctl. If the dvb-ttpci module was loaded, a local\n attacker could exploit this to crash the system, leading to a denial of\n service, or possibly gain root privileges. (CVE-2011-0521)\n\n Jens Kuehnel discovered that the InfiniBand driver contained a race\n condition. On systems using InfiniBand, a local attacker could send\n specially crafted requests to crash the system, leading to a denial of\n service. (CVE-2011-0695)\n\n Timo Warns discovered that the LDM disk partition handling code did not\n correctly handle certain values. By inserting a specially crafted disk\n device, a local attacker could exploit this to gain root privileges.\n (CVE-2011-1017)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU6.06 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.15-57-386\", ver:\"2.6.15-57.97\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.15-57-686\", ver:\"2.6.15-57.97\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.15-57-amd64-generic\", ver:\"2.6.15-57.97\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.15-57-amd64-k8\", ver:\"2.6.15-57.97\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.15-57-amd64-server\", ver:\"2.6.15-57.97\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.15-57-amd64-xeon\", ver:\"2.6.15-57.97\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.15-57-hppa32\", ver:\"2.6.15-57.97\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.15-57-hppa32-smp\", ver:\"2.6.15-57.97\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.15-57-hppa64\", ver:\"2.6.15-57.97\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.15-57-hppa64-smp\", ver:\"2.6.15-57.97\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.15-57-itanium\", ver:\"2.6.15-57.97\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.15-57-itanium-smp\", ver:\"2.6.15-57.97\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.15-57-k7\", ver:\"2.6.15-57.97\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.15-57-mckinley\", ver:\"2.6.15-57.97\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.15-57-mckinley-smp\", ver:\"2.6.15-57.97\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.15-57-powerpc\", ver:\"2.6.15-57.97\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.15-57-powerpc-smp\", ver:\"2.6.15-57.97\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.15-57-powerpc64-smp\", ver:\"2.6.15-57.97\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.15-57-server\", ver:\"2.6.15-57.97\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.15-57-server-bigiron\", ver:\"2.6.15-57.97\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.15-57-sparc64\", ver:\"2.6.15-57.97\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.15-57-sparc64-smp\", ver:\"2.6.15-57.97\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2017-07-27T10:55:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0521", "CVE-2010-4527", "CVE-2010-4655"], "description": "Check for the Version of Red Hat Enterprise Linux 4.9 kernel", "modified": "2017-07-12T00:00:00", "published": "2011-02-18T00:00:00", "id": "OPENVAS:870396", "href": "http://plugins.openvas.org/nasl.php?oid=870396", "type": "openvas", "title": "RedHat Update for Red Hat Enterprise Linux 4.9 kernel RHSA-2011:0263-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for Red Hat Enterprise Linux 4.9 kernel RHSA-2011:0263-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n This update fixes the following security issues:\n \n * A buffer overflow flaw was found in the load_mixer_volumes() function in\n the Linux kernel's Open Sound System (OSS) sound driver. On 64-bit PowerPC\n systems, a local, unprivileged user could use this flaw to cause a denial\n of service or escalate their privileges. (CVE-2010-4527, Important)\n \n * A missing boundary check was found in the dvb_ca_ioctl() function in the\n Linux kernel's av7110 module. On systems that use old DVB cards that\n require the av7110 module, a local, unprivileged user could use this flaw\n to cause a denial of service or escalate their privileges. (CVE-2011-0521,\n Important)\n \n * A missing initialization flaw was found in the ethtool_get_regs()\n function in the Linux kernel's ethtool IOCTL handler. A local user who has\n the CAP_NET_ADMIN capability could use this flaw to cause an information\n leak. (CVE-2010-4655, Low)\n \n Red Hat would like to thank Dan Rosenberg for reporting CVE-2010-4527, and\n Kees Cook for reporting CVE-2010-4655.\n \n These updated kernel packages also fix hundreds of bugs and add numerous\n enhancements. For details on individual bug fixes and enhancements included\n in this update, refer to the Red Hat Enterprise Linux 4.9 Release Notes,\n linked to in the References section.\n \n Users should upgrade to these updated packages, which contain backported\n patches to correct these issues and add these enhancements. The system must\n be rebooted for this update to take effect.\";\n\ntag_affected = \"Red Hat Enterprise Linux 4.9 kernel on Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2011-February/msg00021.html\");\n script_id(870396);\n script_version(\"$Revision: 6685 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:44:46 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-02-18 15:15:05 +0100 (Fri, 18 Feb 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2011:0263-01\");\n script_cve_id(\"CVE-2010-4527\", \"CVE-2010-4655\", \"CVE-2011-0521\");\n script_name(\"RedHat Update for Red Hat Enterprise Linux 4.9 kernel RHSA-2011:0263-01\");\n\n script_summary(\"Check for the Version of Red Hat Enterprise Linux 4.9 kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.9~100.EL\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.9~100.EL\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.9~100.EL\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-hugemem\", rpm:\"kernel-hugemem~2.6.9~100.EL\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-hugemem-devel\", rpm:\"kernel-hugemem-devel~2.6.9~100.EL\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-smp\", rpm:\"kernel-smp~2.6.9~100.EL\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-smp-devel\", rpm:\"kernel-smp-devel~2.6.9~100.EL\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xenU\", rpm:\"kernel-xenU~2.6.9~100.EL\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xenU-devel\", rpm:\"kernel-xenU-devel~2.6.9~100.EL\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.9~100.EL\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-largesmp\", rpm:\"kernel-largesmp~2.6.9~100.EL\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-largesmp-devel\", rpm:\"kernel-largesmp-devel~2.6.9~100.EL\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-08-13T20:25:45", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0521", "CVE-2010-4527", "CVE-2010-4655"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2011-02-18T00:00:00", "id": "OPENVAS:1361412562310870396", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870396", "type": "openvas", "title": "RedHat Update for Red Hat Enterprise Linux 4.9 kernel RHSA-2011:0263-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for Red Hat Enterprise Linux 4.9 kernel RHSA-2011:0263-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2011-February/msg00021.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870396\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-02-18 15:15:05 +0100 (Fri, 18 Feb 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"RHSA\", value:\"2011:0263-01\");\n script_cve_id(\"CVE-2010-4527\", \"CVE-2010-4655\", \"CVE-2011-0521\");\n script_name(\"RedHat Update for Red Hat Enterprise Linux 4.9 kernel RHSA-2011:0263-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'Red Hat Enterprise Linux 4.9 kernel'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_4\");\n script_tag(name:\"affected\", value:\"Red Hat Enterprise Linux 4.9 kernel on Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n This update fixes the following security issues:\n\n * A buffer overflow flaw was found in the load_mixer_volumes() function in\n the Linux kernel's Open Sound System (OSS) sound driver. On 64-bit PowerPC\n systems, a local, unprivileged user could use this flaw to cause a denial\n of service or escalate their privileges. (CVE-2010-4527, Important)\n\n * A missing boundary check was found in the dvb_ca_ioctl() function in the\n Linux kernel's av7110 module. On systems that use old DVB cards that\n require the av7110 module, a local, unprivileged user could use this flaw\n to cause a denial of service or escalate their privileges. (CVE-2011-0521,\n Important)\n\n * A missing initialization flaw was found in the ethtool_get_regs()\n function in the Linux kernel's ethtool IOCTL handler. A local user who has\n the CAP_NET_ADMIN capability could use this flaw to cause an information\n leak. (CVE-2010-4655, Low)\n\n Red Hat would like to thank Dan Rosenberg for reporting CVE-2010-4527, and\n Kees Cook for reporting CVE-2010-4655.\n\n These updated kernel packages also fix hundreds of bugs and add numerous\n enhancements. For details on individual bug fixes and enhancements included\n in this update, refer to the Red Hat Enterprise Linux 4.9 Release Notes,\n linked to in the References section.\n\n Users should upgrade to these updated packages, which contain backported\n patches to correct these issues and add these enhancements. The system must\n be rebooted for this update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.9~100.EL\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.9~100.EL\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.9~100.EL\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-hugemem\", rpm:\"kernel-hugemem~2.6.9~100.EL\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-hugemem-devel\", rpm:\"kernel-hugemem-devel~2.6.9~100.EL\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-smp\", rpm:\"kernel-smp~2.6.9~100.EL\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-smp-devel\", rpm:\"kernel-smp-devel~2.6.9~100.EL\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xenU\", rpm:\"kernel-xenU~2.6.9~100.EL\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xenU-devel\", rpm:\"kernel-xenU-devel~2.6.9~100.EL\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.9~100.EL\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-largesmp\", rpm:\"kernel-largesmp~2.6.9~100.EL\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-largesmp-devel\", rpm:\"kernel-largesmp-devel~2.6.9~100.EL\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:55:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4242", "CVE-2011-0521", "CVE-2010-4163", "CVE-2010-4529", "CVE-2010-4668", "CVE-2010-4346", "CVE-2010-4527", "CVE-2010-4649", "CVE-2010-0435", "CVE-2010-4656", "CVE-2010-4158", "CVE-2010-4526", "CVE-2010-4162", "CVE-2010-4258", "CVE-2010-4248", "CVE-2010-4243", "CVE-2010-4249", "CVE-2010-4342", "CVE-2010-3699", "CVE-2010-4565"], "description": "The remote host is missing an update to linux-2.6\nannounced via advisory DSA 2153-1.", "modified": "2017-07-07T00:00:00", "published": "2011-03-07T00:00:00", "id": "OPENVAS:68992", "href": "http://plugins.openvas.org/nasl.php?oid=68992", "type": "openvas", "title": "Debian Security Advisory DSA 2153-1 (linux-2.6)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2153_1.nasl 6613 2017-07-07 12:08:40Z cfischer $\n# Description: Auto-generated from advisory DSA 2153-1 (linux-2.6)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"CVE-2010-0435\nGleb Napatov reported an issue in the KVM subsystem that allows virtual\nmachines to cause a denial of service of the host machine.\n\nCVE-2010-3699\nKeir Fraser provided a fix for an issue in the Xen subsystem.\n\nCVE-2010-4158\nDan Rosenberg discovered an issue in the socket filters subsystem.\n\nCVE-2010-4162\nDan Rosenberg discovered an overflow issue in the block I/O subsystem.\n\nCVE-2010-4163\nDan Rosenberg discovered an issue in the block I/O subsystem.\n\nCVE-2010-4242\nAlan Cox reported an issue in the Bluetooth subsystem.\n\nCVE-2010-4243\nBrad Spengler reported a denial-of-service issue in the kernel memory\naccounting system.\n\nCVE-2010-4248\nOleg Nesterov reported an issue in the POSIX CPU timers subsystem.\n\nCVE-2010-4249\nVegard Nossum reported an issue with the UNIX socket garbage collector.\n\nCVE-2010-4258\nNelson Elhage reported an issue in Linux oops handling.\n\nCVE-2010-4342\nNelson Elhage reported an issue in the econet protocol.\n\nCVE-2010-4346\nTavis Ormandy discovered an issue in the install_special_mapping routine\nwhich allows local users to bypass the mmap_min_addr security restriction.\n\nCVE-2010-4526\nEugene Teo reported a race condition in the Linux SCTP implementation.\n\nCVE-2010-4527\nDan Rosenberg reported two issues in the OSS soundcard driver. Local users\nwith access to the device (members of group 'audio' on default Debian\ninstallations) may contain access to sensitive kernel memory or cause a\nbuffer overflow.\n\nCVE-2010-4529\nDan Rosenberg reported an issue in the Linux kernel IrDA socket\nimplementation on non-x86 architectures. Local users may be able to gain\naccess to sensitive kernel memory via a specially crafted IRLMP_ENUMDEVICES\ngetsockopt call.\n\nCVE-2010-4565\nDan Rosenberg reported an issue in the Linux CAN protocol implementation.\nLocal users can obtain the address of a kernel heap object which might help\nfacilitate system exploitation.\n\nCVE-2010-4649\nDan Carpenter reported an issue in the uverb handling of the InfiniBand\nsubsystem. A potential buffer overflow may allow local users to cause a\ndenial of service (memory corruption) by passing in a large cmd.ne value.\n\nCVE-2010-4656\nKees Cook reported an issue in the driver for I/O-Warrior USB devices.\nLocal users with access to these devices maybe able to overrun kernel\nbuffers, resulting in a denial of service or privilege escalation.\n\nCVE-2010-4668\nDan Rosenberg reported an issue in the block subsystem. A local user can\ncause a denial of service (kernel panic) by submitting certain 0-length I/O\nrequests.\n\nCVE-2011-0521\nDan Carpenter reported an issue in the DVB driver for AV7110 cards. Local\nusers can pass a negative info->num value, corrupting kernel memory and\ncausing a denial of service.\nFor the stable distribution (lenny), this problem has been fixed in\nversion 2.6.26-26lenny2.\";\ntag_summary = \"The remote host is missing an update to linux-2.6\nannounced via advisory DSA 2153-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202153-1\";\n\n\nif(description)\n{\n script_id(68992);\n script_version(\"$Revision: 6613 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:40 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-03-07 16:04:02 +0100 (Mon, 07 Mar 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_cve_id(\"CVE-2010-0435\", \"CVE-2010-3699\", \"CVE-2010-4158\", \"CVE-2010-4162\", \"CVE-2010-4163\", \"CVE-2010-4242\", \"CVE-2010-4243\", \"CVE-2010-4248\", \"CVE-2010-4249\", \"CVE-2010-4258\", \"CVE-2010-4342\", \"CVE-2010-4346\", \"CVE-2010-4526\", \"CVE-2010-4527\", \"CVE-2010-4529\", \"CVE-2010-4565\", \"CVE-2010-4649\", \"CVE-2010-4656\", \"CVE-2010-4668\", \"CVE-2011-0521\");\n script_name(\"Debian Security Advisory DSA 2153-1 (linux-2.6)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"26\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"26-2-486\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"26-2-4kc-malta\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"26-2-5kc-malta\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"26-2-686\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"26-2-686-bigmem\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"26-2-all\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"26-2-all-alpha\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"26-2-all-amd64\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"26-2-all-arm\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"26-2-all-armel\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"26-2-all-hppa\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"26-2-all-i386\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"26-2-all-ia64\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"26-2-all-mips\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"26-2-all-mipsel\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"26-2-all-powerpc\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"26-2-all-s390\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"26-2-all-sparc\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"26-2-alpha-generic\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"26-2-alpha-legacy\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"26-2-alpha-smp\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"26-2-amd64\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"26-2-common\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"26-2-common-openvz\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"26-2-common-vserver\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"26-2-common-xen\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"26-2-footbridge\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"26-2-iop32x\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"26-2-itanium\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"26-2-ixp4xx\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"26-2-mckinley\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"26-2-openvz-686\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"26-2-openvz-amd64\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"26-2-orion5x\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"26-2-parisc\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"26-2-parisc-smp\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"26-2-parisc64\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"26-2-parisc64-smp\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"26-2-powerpc\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"26-2-powerpc-smp\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"26-2-powerpc64\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"26-2-r4k-ip22\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"26-2-r5k-cobalt\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"26-2-r5k-ip32\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"26-2-s390\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"26-2-s390x\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"26-2-sb1-bcm91250a\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"26-2-sb1a-bcm91480b\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"26-2-sparc64\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"26-2-sparc64-smp\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"26-2-versatile\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"26-2-vserver-686\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"26-2-vserver-686-bigmem\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"26-2-vserver-amd64\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"26-2-vserver-itanium\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"26-2-vserver-mckinley\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"26-2-vserver-powerpc\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"26-2-vserver-powerpc64\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"26-2-vserver-s390x\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"26-2-vserver-sparc64\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"26-2-xen-686\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"26-2-xen-amd64\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"26-2-s390-tape\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-libc-dev\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"26-2\", ver:\"2.6.26-26lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2020-08-04T16:12:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4242", "CVE-2011-0521", "CVE-2010-4163", "CVE-2010-4529", "CVE-2010-4668", "CVE-2010-4346", "CVE-2010-4527", "CVE-2010-4649", "CVE-2010-0435", "CVE-2010-4656", "CVE-2010-4158", "CVE-2010-4526", "CVE-2010-4162", "CVE-2010-4258", "CVE-2010-4248", "CVE-2010-4243", "CVE-2010-4249", "CVE-2010-4342", "CVE-2010-3699", "CVE-2010-4565"], "description": "The remote host is missing an update to linux-2.6\nannounced via advisory DSA 2153-1.", "modified": "2019-03-18T00:00:00", "published": "2011-03-07T00:00:00", "id": "OPENVAS:136141256231068992", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231068992", "type": "openvas", "title": "Debian Security Advisory DSA 2153-1 (linux-2.6)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2153_1.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2153-1 (linux-2.6)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.68992\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-03-07 16:04:02 +0100 (Mon, 07 Mar 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_cve_id(\"CVE-2010-0435\", \"CVE-2010-3699\", \"CVE-2010-4158\", \"CVE-2010-4162\", \"CVE-2010-4163\", \"CVE-2010-4242\", \"CVE-2010-4243\", \"CVE-2010-4248\", \"CVE-2010-4249\", \"CVE-2010-4258\", \"CVE-2010-4342\", \"CVE-2010-4346\", \"CVE-2010-4526\", \"CVE-2010-4527\", \"CVE-2010-4529\", \"CVE-2010-4565\", \"CVE-2010-4649\", \"CVE-2010-4656\", \"CVE-2010-4668\", \"CVE-2011-0521\");\n script_name(\"Debian Security Advisory DSA 2153-1 (linux-2.6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB5\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202153-1\");\n script_tag(name:\"insight\", value:\"CVE-2010-0435\nGleb Napatov reported an issue in the KVM subsystem that allows virtual\nmachines to cause a denial of service of the host machine.\n\nCVE-2010-3699\nKeir Fraser provided a fix for an issue in the Xen subsystem.\n\nCVE-2010-4158\nDan Rosenberg discovered an issue in the socket filters subsystem.\n\nCVE-2010-4162\nDan Rosenberg discovered an overflow issue in the block I/O subsystem.\n\nCVE-2010-4163\nDan Rosenberg discovered an issue in the block I/O subsystem.\n\nCVE-2010-4242\nAlan Cox reported an issue in the Bluetooth subsystem.\n\nCVE-2010-4243\nBrad Spengler reported a denial-of-service issue in the kernel memory\naccounting system.\n\nCVE-2010-4248\nOleg Nesterov reported an issue in the POSIX CPU timers subsystem.\n\nCVE-2010-4249\nVegard Nossum reported an issue with the UNIX socket garbage collector.\n\nCVE-2010-4258\nNelson Elhage reported an issue in Linux oops handling.\n\nCVE-2010-4342\nNelson Elhage reported an issue in the econet protocol.\n\nCVE-2010-4346\nTavis Ormandy discovered an issue in the install_special_mapping routine\nwhich allows local users to bypass the mmap_min_addr security restriction.\n\nCVE-2010-4526\nEugene Teo reported a race condition in the Linux SCTP implementation.\n\nCVE-2010-4527\nDan Rosenberg reported two issues in the OSS soundcard driver. Local users\nwith access to the device (members of group 'audio' on default Debian\ninstallations) may contain access to sensitive kernel memory or cause a\nbuffer overflow.\n\nCVE-2010-4529\nDan Rosenberg reported an issue in the Linux kernel IrDA socket\nimplementation on non-x86 architectures. Local users may be able to gain\naccess to sensitive kernel memory via a specially crafted IRLMP_ENUMDEVICES\ngetsockopt call.\n\nCVE-2010-4565\nDan Rosenberg reported an issue in the Linux CAN protocol implementation.\nLocal users can obtain the address of a kernel heap object which might help\nfacilitate system exploitation.\n\nCVE-2010-4649\nDan Carpenter reported an issue in the uverb handling of the InfiniBand\nsubsystem. A potential buffer overflow may allow local users to cause a\ndenial of service (memory corruption) by passing in a large cmd.ne value.\n\nCVE-2010-4656\nKees Cook reported an issue in the driver for I/O-Warrior USB devices.\nLocal users with access to these devices maybe able to overrun kernel\nbuffers, resulting in a denial of service or privilege escalation.\n\nCVE-2010-4668\nDan Rosenberg reported an issue in the block subsystem. A local user can\ncause a denial of service (kernel panic) by submitting certain 0-length I/O\nrequests.\n\nCVE-2011-0521\nDan Carpenter reported an issue in the DVB driver for AV7110 cards. Local\nusers can pass a negative info->num value, corrupting kernel memory and\ncausing a denial of service.\nFor the stable distribution (lenny), this problem has been fixed in\nversion 2.6.26-26lenny2.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to linux-2.6\nannounced via advisory DSA 2153-1.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"26\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"26-2-486\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"26-2-4kc-malta\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"26-2-5kc-malta\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"26-2-686\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"26-2-686-bigmem\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"26-2-all\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"26-2-all-alpha\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"26-2-all-amd64\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"26-2-all-arm\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"26-2-all-armel\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"26-2-all-hppa\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"26-2-all-i386\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"26-2-all-ia64\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"26-2-all-mips\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"26-2-all-mipsel\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"26-2-all-powerpc\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"26-2-all-s390\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"26-2-all-sparc\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"26-2-alpha-generic\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"26-2-alpha-legacy\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"26-2-alpha-smp\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"26-2-amd64\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"26-2-common\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"26-2-common-openvz\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"26-2-common-vserver\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"26-2-common-xen\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"26-2-footbridge\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"26-2-iop32x\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"26-2-itanium\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"26-2-ixp4xx\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"26-2-mckinley\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"26-2-openvz-686\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"26-2-openvz-amd64\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"26-2-orion5x\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"26-2-parisc\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"26-2-parisc-smp\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"26-2-parisc64\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"26-2-parisc64-smp\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"26-2-powerpc\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"26-2-powerpc-smp\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"26-2-powerpc64\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"26-2-r4k-ip22\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"26-2-r5k-cobalt\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"26-2-r5k-ip32\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"26-2-s390\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"26-2-s390x\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"26-2-sb1-bcm91250a\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"26-2-sb1a-bcm91480b\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"26-2-sparc64\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"26-2-sparc64-smp\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"26-2-versatile\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"26-2-vserver-686\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"26-2-vserver-686-bigmem\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"26-2-vserver-amd64\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"26-2-vserver-itanium\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"26-2-vserver-mckinley\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"26-2-vserver-powerpc\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"26-2-vserver-powerpc64\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"26-2-vserver-s390x\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"26-2-vserver-sparc64\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"26-2-xen-686\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"26-2-xen-amd64\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"26-2-s390-tape\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-libc-dev\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"26-2\", ver:\"2.6.26-26lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-08T14:23:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0521", "CVE-2010-4529", "CVE-2011-0695", "CVE-2011-1083", "CVE-2011-1012", "CVE-2010-4656", "CVE-2011-0463", "CVE-2010-4263", "CVE-2011-0712", "CVE-2011-1019", "CVE-2010-4243", "CVE-2011-1013", "CVE-2010-4342", "CVE-2011-1010", "CVE-2011-1016", "CVE-2011-1082", "CVE-2011-0726", "CVE-2011-1182", "CVE-2010-4565"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1141-1", "modified": "2019-03-13T00:00:00", "published": "2011-06-06T00:00:00", "id": "OPENVAS:1361412562310840671", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840671", "type": "openvas", "title": "Ubuntu Update for linux USN-1141-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1141_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux USN-1141-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1141-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840671\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-06-06 16:56:27 +0200 (Mon, 06 Jun 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"USN\", value:\"1141-1\");\n script_cve_id(\"CVE-2010-4243\", \"CVE-2010-4263\", \"CVE-2010-4342\", \"CVE-2010-4529\", \"CVE-2010-4565\", \"CVE-2010-4656\", \"CVE-2011-0463\", \"CVE-2011-0521\", \"CVE-2011-0695\", \"CVE-2011-0712\", \"CVE-2011-0726\", \"CVE-2011-1010\", \"CVE-2011-1012\", \"CVE-2011-1013\", \"CVE-2011-1016\", \"CVE-2011-1019\", \"CVE-2011-1082\", \"CVE-2011-1083\", \"CVE-2011-1182\");\n script_name(\"Ubuntu Update for linux USN-1141-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU10\\.04 LTS\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1141-1\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Brad Spengler discovered that the kernel did not correctly account for\n userspace memory allocations during exec() calls. A local attacker could\n exploit this to consume all system memory, leading to a denial of service.\n (CVE-2010-4243)\n\n Alexander Duyck discovered that the Intel Gigabit Ethernet driver did not\n correctly handle certain configurations. If such a device was configured\n without VLANs, a remote attacker could crash the system, leading to a\n denial of service. (CVE-2010-4263)\n\n Nelson Elhage discovered that Econet did not correctly handle AUN packets\n over UDP. A local attacker could send specially crafted traffic to crash\n the system, leading to a denial of service. (CVE-2010-4342)\n\n Dan Rosenberg discovered that IRDA did not correctly check the size of\n buffers. On non-x86 systems, a local attacker could exploit this to read\n kernel heap memory, leading to a loss of privacy. (CVE-2010-4529)\n\n Dan Rosenburg discovered that the CAN subsystem leaked kernel addresses\n into the /proc filesystem. A local attacker could use this to increase\n the chances of a successful memory corruption exploit. (CVE-2010-4565)\n\n Kees Cook discovered that the IOWarrior USB device driver did not\n correctly check certain size fields. A local attacker with physical\n access could plug in a specially crafted USB device to crash the system\n or potentially gain root privileges. (CVE-2010-4656)\n\n Goldwyn Rodrigues discovered that the OCFS2 filesystem did not correctly\n clear memory when writing certain file holes. A local attacker could\n exploit this to read uninitialized data from the disk, leading to a loss\n of privacy. (CVE-2011-0463)\n\n Dan Carpenter discovered that the TTPCI DVB driver did not check certain\n values during an ioctl. If the dvb-ttpci module was loaded, a local\n attacker could exploit this to crash the system, leading to a denial of\n service, or possibly gain root privileges. (CVE-2011-0521)\n\n Jens Kuehnel discovered that the InfiniBand driver contained a race\n condition. On systems using InfiniBand, a local attacker could send\n specially crafted requests to crash the system, leading to a denial of\n service. (CVE-2011-0695)\n\n Rafael Dominguez Vega discovered that the caiaq Native Instruments USB\n driver did not correctly validate string lengths. A local attacker with\n physical access could plug in a specially crafted USB device to crash\n the system or potentially gain root privileges. (CVE-2011-0712)\n\n Kees Cook reported that /proc/pid/stat did not correctly filter certain\n memory locations. A local attacker could determine the mem ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-316-ec2\", ver:\"2.6.32-316.31\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-32-386\", ver:\"2.6.32-32.62\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-32-generic\", ver:\"2.6.32-32.62\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-32-generic-pae\", ver:\"2.6.32-32.62\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-32-ia64\", ver:\"2.6.32-32.62\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-32-lpia\", ver:\"2.6.32-32.62\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-32-powerpc\", ver:\"2.6.32-32.62\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-32-powerpc-smp\", ver:\"2.6.32-32.62\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-32-powerpc64-smp\", ver:\"2.6.32-32.62\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-32-preempt\", ver:\"2.6.32-32.62\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-32-server\", ver:\"2.6.32-32.62\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-32-sparc64\", ver:\"2.6.32-32.62\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-32-sparc64-smp\", ver:\"2.6.32-32.62\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-32-versatile\", ver:\"2.6.32-32.62\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-32-virtual\", ver:\"2.6.32-32.62\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-12-04T11:26:35", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0521", "CVE-2010-4529", "CVE-2011-0695", "CVE-2011-1083", "CVE-2011-1012", "CVE-2010-4656", "CVE-2011-0463", "CVE-2010-4263", "CVE-2011-0712", "CVE-2011-1019", "CVE-2010-4243", "CVE-2011-1013", "CVE-2010-4342", "CVE-2011-1010", "CVE-2011-1016", "CVE-2011-1082", "CVE-2011-0726", "CVE-2011-1182", "CVE-2010-4565"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1141-1", "modified": "2017-12-01T00:00:00", "published": "2011-06-06T00:00:00", "id": "OPENVAS:840671", "href": "http://plugins.openvas.org/nasl.php?oid=840671", "type": "openvas", "title": "Ubuntu Update for linux USN-1141-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1141_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for linux USN-1141-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Brad Spengler discovered that the kernel did not correctly account for\n userspace memory allocations during exec() calls. A local attacker could\n exploit this to consume all system memory, leading to a denial of service.\n (CVE-2010-4243)\n\n Alexander Duyck discovered that the Intel Gigabit Ethernet driver did not\n correctly handle certain configurations. If such a device was configured\n without VLANs, a remote attacker could crash the system, leading to a\n denial of service. (CVE-2010-4263)\n \n Nelson Elhage discovered that Econet did not correctly handle AUN packets\n over UDP. A local attacker could send specially crafted traffic to crash\n the system, leading to a denial of service. (CVE-2010-4342)\n \n Dan Rosenberg discovered that IRDA did not correctly check the size of\n buffers. On non-x86 systems, a local attacker could exploit this to read\n kernel heap memory, leading to a loss of privacy. (CVE-2010-4529)\n \n Dan Rosenburg discovered that the CAN subsystem leaked kernel addresses\n into the /proc filesystem. A local attacker could use this to increase\n the chances of a successful memory corruption exploit. (CVE-2010-4565)\n \n Kees Cook discovered that the IOWarrior USB device driver did not\n correctly check certain size fields. A local attacker with physical\n access could plug in a specially crafted USB device to crash the system\n or potentially gain root privileges. (CVE-2010-4656)\n \n Goldwyn Rodrigues discovered that the OCFS2 filesystem did not correctly\n clear memory when writing certain file holes. A local attacker could\n exploit this to read uninitialized data from the disk, leading to a loss\n of privacy. (CVE-2011-0463)\n \n Dan Carpenter discovered that the TTPCI DVB driver did not check certain\n values during an ioctl. If the dvb-ttpci module was loaded, a local\n attacker could exploit this to crash the system, leading to a denial of\n service, or possibly gain root privileges. (CVE-2011-0521)\n \n Jens Kuehnel discovered that the InfiniBand driver contained a race\n condition. On systems using InfiniBand, a local attacker could send\n specially crafted requests to crash the system, leading to a denial of\n service. (CVE-2011-0695)\n \n Rafael Dominguez Vega discovered that the caiaq Native Instruments USB\n driver did not correctly validate string lengths. A local attacker with\n physical access could plug in a specially crafted USB device to crash\n the system or potentially gain root privileges. (CVE-2011-0712)\n \n Kees Cook reported that /proc/pid/stat did not correctly filter certain\n memory locations. A local attacker could determine the mem ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1141-1\";\ntag_affected = \"linux on Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1141-1/\");\n script_id(840671);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-06-06 16:56:27 +0200 (Mon, 06 Jun 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"1141-1\");\n script_cve_id(\"CVE-2010-4243\", \"CVE-2010-4263\", \"CVE-2010-4342\", \"CVE-2010-4529\", \"CVE-2010-4565\", \"CVE-2010-4656\", \"CVE-2011-0463\", \"CVE-2011-0521\", \"CVE-2011-0695\", \"CVE-2011-0712\", \"CVE-2011-0726\", \"CVE-2011-1010\", \"CVE-2011-1012\", \"CVE-2011-1013\", \"CVE-2011-1016\", \"CVE-2011-1019\", \"CVE-2011-1082\", \"CVE-2011-1083\", \"CVE-2011-1182\");\n script_name(\"Ubuntu Update for linux USN-1141-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-316-ec2\", ver:\"2.6.32-316.31\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-32-386\", ver:\"2.6.32-32.62\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-32-generic\", ver:\"2.6.32-32.62\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-32-generic-pae\", ver:\"2.6.32-32.62\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-32-ia64\", ver:\"2.6.32-32.62\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-32-lpia\", ver:\"2.6.32-32.62\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-32-powerpc\", ver:\"2.6.32-32.62\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-32-powerpc-smp\", ver:\"2.6.32-32.62\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-32-powerpc64-smp\", ver:\"2.6.32-32.62\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-32-preempt\", ver:\"2.6.32-32.62\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-32-server\", ver:\"2.6.32-32.62\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-32-sparc64\", ver:\"2.6.32-32.62\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-32-sparc64-smp\", ver:\"2.6.32-32.62\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-32-versatile\", ver:\"2.6.32-32.62\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-32-virtual\", ver:\"2.6.32-32.62\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:40", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1017", "CVE-2011-0521", "CVE-2010-4081", "CVE-2010-3865", "CVE-2010-4529", "CVE-2010-4346", "CVE-2011-1746", "CVE-2011-0695", "CVE-2010-4527", "CVE-2010-4083", "CVE-2010-4082", "CVE-2011-1494", "CVE-2010-4080", "CVE-2010-3877", "CVE-2010-3875", "CVE-2010-4656", "CVE-2010-3876", "CVE-2011-0463", "CVE-2011-0711", "CVE-2011-2022", "CVE-2010-4258", "CVE-2011-0712", "CVE-2011-1747", "CVE-2010-4248", "CVE-2011-1495", "CVE-2010-3880", "CVE-2010-3874", "CVE-2010-4157", "CVE-2010-4342", "CVE-2011-1593", "CVE-2011-1748", "CVE-2010-4164", "CVE-2011-1745", "CVE-2011-1182", "CVE-2010-4565", "CVE-2010-4655"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1164-1", "modified": "2019-03-13T00:00:00", "published": "2011-07-08T00:00:00", "id": "OPENVAS:1361412562310840693", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840693", "type": "openvas", "title": "Ubuntu Update for linux-fsl-imx51 USN-1164-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1164_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux-fsl-imx51 USN-1164-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1164-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840693\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-07-08 16:31:28 +0200 (Fri, 08 Jul 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name:\"USN\", value:\"1164-1\");\n script_cve_id(\"CVE-2010-3865\", \"CVE-2010-3874\", \"CVE-2010-3875\", \"CVE-2010-3876\", \"CVE-2010-3877\", \"CVE-2010-3880\", \"CVE-2010-4080\", \"CVE-2010-4081\", \"CVE-2010-4082\", \"CVE-2010-4083\", \"CVE-2010-4157\", \"CVE-2010-4164\", \"CVE-2010-4248\", \"CVE-2010-4258\", \"CVE-2010-4342\", \"CVE-2010-4346\", \"CVE-2010-4527\", \"CVE-2010-4529\", \"CVE-2010-4565\", \"CVE-2010-4655\", \"CVE-2010-4656\", \"CVE-2011-0463\", \"CVE-2011-0521\", \"CVE-2011-0695\", \"CVE-2011-0711\", \"CVE-2011-0712\", \"CVE-2011-1017\", \"CVE-2011-1182\", \"CVE-2011-1494\", \"CVE-2011-1495\", \"CVE-2011-1593\", \"CVE-2011-1745\", \"CVE-2011-2022\", \"CVE-2011-1746\", \"CVE-2011-1747\", \"CVE-2011-1748\");\n script_name(\"Ubuntu Update for linux-fsl-imx51 USN-1164-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU10\\.04 LTS\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1164-1\");\n script_tag(name:\"affected\", value:\"linux-fsl-imx51 on Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Thomas Pollet discovered that the RDS network protocol did not check\n certain iovec buffers. A local attacker could exploit this to crash the\n system or possibly execute arbitrary code as the root user. (CVE-2010-3865)\n\n Dan Rosenberg discovered that the CAN protocol on 64bit systems did not\n correctly calculate the size of certain buffers. A local attacker could\n exploit this to crash the system or possibly execute arbitrary code as the\n root user. (CVE-2010-3874)\n\n Vasiliy Kulikov discovered that the Linux kernel X.25 implementation did\n not correctly clear kernel memory. A local attacker could exploit this to\n read kernel stack memory, leading to a loss of privacy. (CVE-2010-3875)\n\n Vasiliy Kulikov discovered that the Linux kernel sockets implementation did\n not properly initialize certain structures. A local attacker could exploit\n this to read kernel stack memory, leading to a loss of privacy.\n (CVE-2010-3876)\n\n Vasiliy Kulikov discovered that the TIPC interface did not correctly\n initialize certain structures. A local attacker could exploit this to read\n kernel stack memory, leading to a loss of privacy. (CVE-2010-3877)\n\n Nelson Elhage discovered that the Linux kernel IPv4 implementation did not\n properly audit certain bytecodes in netlink messages. A local attacker\n could exploit this to cause the kernel to hang, leading to a denial of\n service. (CVE-2010-3880)\n\n Dan Rosenberg discovered that the RME Hammerfall DSP audio interface driver\n did not correctly clear kernel memory. A local attacker could exploit this\n to read kernel stack memory, leading to a loss of privacy. (CVE-2010-4080,\n CVE-2010-4081)\n\n Dan Rosenberg discovered that the VIA video driver did not correctly clear\n kernel memory. A local attacker could exploit this to read kernel stack\n memory, leading to a loss of privacy. (CVE-2010-4082)\n\n Dan Rosenberg discovered that the semctl syscall did not correctly clear\n kernel memory. A local attacker could exploit this to read kernel stack\n memory, leading to a loss of privacy. (CVE-2010-4083)\n\n James Bottomley discovered that the ICP vortex storage array controller\n driver did not validate certain sizes. A local attacker on a 64bit system\n could exploit this to crash the kernel, leading to a denial of service.\n (CVE-2010-4157)\n\n Dan Rosenberg discovered multiple flaws in the X.25 facilities parsing. If\n a system was using X.25, a remote attacker could exploit this to crash the\n system, leading to a denial of service. (CVE-2010-4164)\n\n It was discovered that multithreaded exec did not handle CPU timers\n c ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.31-609-imx51\", ver:\"2.6.31-609.26\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "nessus": [{"lastseen": "2021-01-01T06:35:03", "description": "Nelson Elhage discovered that Econet did not correctly handle AUN\npackets over UDP. A local attacker could send specially crafted\ntraffic to crash the system, leading to a denial of service.\n(CVE-2010-4342)\n\nDan Rosenberg discovered that the OSS subsystem did not handle name\ntermination correctly. A local attacker could exploit this crash the\nsystem or gain root privileges. (CVE-2010-4527)\n\nDan Rosenberg discovered that IRDA did not correctly check the size of\nbuffers. On non-x86 systems, a local attacker could exploit this to\nread kernel heap memory, leading to a loss of privacy. (CVE-2010-4529)\n\nDan Carpenter discovered that the TTPCI DVB driver did not check\ncertain values during an ioctl. If the dvb-ttpci module was loaded, a\nlocal attacker could exploit this to crash the system, leading to a\ndenial of service, or possibly gain root privileges. (CVE-2011-0521).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2011-06-13T00:00:00", "title": "Ubuntu 8.04 LTS : linux vulnerabilities (USN-1133-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0521", "CVE-2010-4529", "CVE-2010-4527", "CVE-2011-0711", "CVE-2010-4342"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-rt", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpiacompat", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-openvz", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-xen", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpia"], "id": "UBUNTU_USN-1133-1.NASL", "href": "https://www.tenable.com/plugins/nessus/55094", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1133-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55094);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2010-4342\", \"CVE-2010-4527\", \"CVE-2010-4529\", \"CVE-2011-0521\", \"CVE-2011-0711\");\n script_bugtraq_id(45321, 45556, 45629, 45986, 46417);\n script_xref(name:\"USN\", value:\"1133-1\");\n\n script_name(english:\"Ubuntu 8.04 LTS : linux vulnerabilities (USN-1133-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Nelson Elhage discovered that Econet did not correctly handle AUN\npackets over UDP. A local attacker could send specially crafted\ntraffic to crash the system, leading to a denial of service.\n(CVE-2010-4342)\n\nDan Rosenberg discovered that the OSS subsystem did not handle name\ntermination correctly. A local attacker could exploit this crash the\nsystem or gain root privileges. (CVE-2010-4527)\n\nDan Rosenberg discovered that IRDA did not correctly check the size of\nbuffers. On non-x86 systems, a local attacker could exploit this to\nread kernel heap memory, leading to a loss of privacy. (CVE-2010-4529)\n\nDan Carpenter discovered that the TTPCI DVB driver did not check\ncertain values during an ioctl. If the dvb-ttpci module was loaded, a\nlocal attacker could exploit this to crash the system, leading to a\ndenial of service, or possibly gain root privileges. (CVE-2011-0521).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1133-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpia\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpiacompat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-openvz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/12/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/06/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(8\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2010-4342\", \"CVE-2010-4527\", \"CVE-2010-4529\", \"CVE-2011-0521\", \"CVE-2011-0711\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-1133-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-29-386\", pkgver:\"2.6.24-29.89\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-29-generic\", pkgver:\"2.6.24-29.89\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-29-lpia\", pkgver:\"2.6.24-29.89\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-29-lpiacompat\", pkgver:\"2.6.24-29.89\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-29-openvz\", pkgver:\"2.6.24-29.89\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-29-rt\", pkgver:\"2.6.24-29.89\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-29-server\", pkgver:\"2.6.24-29.89\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-29-virtual\", pkgver:\"2.6.24-29.89\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-29-xen\", pkgver:\"2.6.24-29.89\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-2.6-386 / linux-image-2.6-generic / etc\");\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-01T06:34:41", "description": "Dan Rosenberg discovered multiple flaws in the X.25 facilities\nparsing. If a system was using X.25, a remote attacker could exploit\nthis to crash the system, leading to a denial of service.\n(CVE-2010-4164)\n\nVegard Nossum discovered that memory garbage collection was not\nhandled correctly for active sockets. A local attacker could exploit\nthis to allocate all available kernel memory, leading to a denial of\nservice. (CVE-2010-4249)\n\nNelson Elhage discovered that the kernel did not correctly handle\nprocess cleanup after triggering a recoverable kernel bug. If a local\nattacker were able to trigger certain kinds of kernel bugs, they could\ncreate a specially crafted process to gain root privileges.\n(CVE-2010-4258)\n\nNelson Elhage discovered that Econet did not correctly handle AUN\npackets over UDP. A local attacker could send specially crafted\ntraffic to crash the system, leading to a denial of service.\n(CVE-2010-4342)\n\nDan Rosenberg discovered that the OSS subsystem did not handle name\ntermination correctly. A local attacker could exploit this crash the\nsystem or gain root privileges. (CVE-2010-4527)\n\nDan Rosenberg discovered that IRDA did not correctly check the size of\nbuffers. On non-x86 systems, a local attacker could exploit this to\nread kernel heap memory, leading to a loss of privacy. (CVE-2010-4529)\n\nDan Carpenter discovered that the TTPCI DVB driver did not check\ncertain values during an ioctl. If the dvb-ttpci module was loaded, a\nlocal attacker could exploit this to crash the system, leading to a\ndenial of service, or possibly gain root privileges. (CVE-2011-0521)\n\nJens Kuehnel discovered that the InfiniBand driver contained a race\ncondition. On systems using InfiniBand, a local attacker could send\nspecially crafted requests to crash the system, leading to a denial of\nservice. (CVE-2011-0695)\n\nTimo Warns discovered that the LDM disk partition handling code did\nnot correctly handle certain values. By inserting a specially crafted\ndisk device, a local attacker could exploit this to gain root\nprivileges. (CVE-2011-1017).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2011-06-13T00:00:00", "title": "Ubuntu 6.06 LTS : linux-source-2.6.15 vulnerabilities (USN-1111-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1017", "CVE-2011-0521", "CVE-2010-4529", "CVE-2011-0695", "CVE-2010-4527", "CVE-2010-4258", "CVE-2010-4249", "CVE-2010-4342", "CVE-2010-4164"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-xeon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-server", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-k8", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-686", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts"], "id": "UBUNTU_USN-1111-1.NASL", "href": "https://www.tenable.com/plugins/nessus/55069", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1111-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55069);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2010-4164\", \"CVE-2010-4249\", \"CVE-2010-4258\", \"CVE-2010-4342\", \"CVE-2010-4527\", \"CVE-2010-4529\", \"CVE-2011-0521\", \"CVE-2011-0695\", \"CVE-2011-1017\");\n script_bugtraq_id(45037, 45055, 45159, 45321, 45556, 45629, 45986, 46512, 46839);\n script_xref(name:\"USN\", value:\"1111-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS : linux-source-2.6.15 vulnerabilities (USN-1111-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Dan Rosenberg discovered multiple flaws in the X.25 facilities\nparsing. If a system was using X.25, a remote attacker could exploit\nthis to crash the system, leading to a denial of service.\n(CVE-2010-4164)\n\nVegard Nossum discovered that memory garbage collection was not\nhandled correctly for active sockets. A local attacker could exploit\nthis to allocate all available kernel memory, leading to a denial of\nservice. (CVE-2010-4249)\n\nNelson Elhage discovered that the kernel did not correctly handle\nprocess cleanup after triggering a recoverable kernel bug. If a local\nattacker were able to trigger certain kinds of kernel bugs, they could\ncreate a specially crafted process to gain root privileges.\n(CVE-2010-4258)\n\nNelson Elhage discovered that Econet did not correctly handle AUN\npackets over UDP. A local attacker could send specially crafted\ntraffic to crash the system, leading to a denial of service.\n(CVE-2010-4342)\n\nDan Rosenberg discovered that the OSS subsystem did not handle name\ntermination correctly. A local attacker could exploit this crash the\nsystem or gain root privileges. (CVE-2010-4527)\n\nDan Rosenberg discovered that IRDA did not correctly check the size of\nbuffers. On non-x86 systems, a local attacker could exploit this to\nread kernel heap memory, leading to a loss of privacy. (CVE-2010-4529)\n\nDan Carpenter discovered that the TTPCI DVB driver did not check\ncertain values during an ioctl. If the dvb-ttpci module was loaded, a\nlocal attacker could exploit this to crash the system, leading to a\ndenial of service, or possibly gain root privileges. (CVE-2011-0521)\n\nJens Kuehnel discovered that the InfiniBand driver contained a race\ncondition. On systems using InfiniBand, a local attacker could send\nspecially crafted requests to crash the system, leading to a denial of\nservice. (CVE-2011-0695)\n\nTimo Warns discovered that the LDM disk partition handling code did\nnot correctly handle certain values. By inserting a specially crafted\ndisk device, a local attacker could exploit this to gain root\nprivileges. (CVE-2011-1017).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1111-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-k8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-xeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/11/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/06/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(6\\.06)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2010-4164\", \"CVE-2010-4249\", \"CVE-2010-4258\", \"CVE-2010-4342\", \"CVE-2010-4527\", \"CVE-2010-4529\", \"CVE-2011-0521\", \"CVE-2011-0695\", \"CVE-2011-1017\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-1111-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-image-2.6.15-57-386\", pkgver:\"2.6.15-57.97\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-image-2.6.15-57-686\", pkgver:\"2.6.15-57.97\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-image-2.6.15-57-amd64-generic\", pkgver:\"2.6.15-57.97\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-image-2.6.15-57-amd64-k8\", pkgver:\"2.6.15-57.97\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-image-2.6.15-57-amd64-server\", pkgver:\"2.6.15-57.97\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-image-2.6.15-57-amd64-xeon\", pkgver:\"2.6.15-57.97\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-image-2.6.15-57-server\", pkgver:\"2.6.15-57.97\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-2.6-386 / linux-image-2.6-686 / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-17T13:45:26", "description": "This update fixes the following security issues :\n\n - A buffer overflow flaw was found in the\n load_mixer_volumes() function in the Linux kernel's Open\n Sound System (OSS) sound driver. On 64-bit PowerPC\n systems, a local, unprivileged user could use this flaw\n to cause a denial of service or escalate their\n privileges. (CVE-2010-4527, Important)\n\n - A missing boundary check was found in the dvb_ca_ioctl()\n function in the Linux kernel's av7110 module. On systems\n that use old DVB cards that require the av7110 module, a\n local, unprivileged user could use this flaw to cause a\n denial of service or escalate their privileges.\n (CVE-2011-0521, Important)\n\n - A missing initialization flaw was found in the\n ethtool_get_regs() function in the Linux kernel's\n ethtool IOCTL handler. A local user who has the\n CAP_NET_ADMIN capability could use this flaw to cause an\n information leak. (CVE-2010-4655, Low)\n\nThese updated kernel packages also fix hundreds of bugs and add\nnumerous enhancements.\n\nThe system must be rebooted for this update to take effect.", "edition": 25, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : kernel on SL4.x i386/x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0521", "CVE-2010-4527", "CVE-2010-4655"], "modified": "2012-08-01T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20110216_KERNEL_ON_SL4_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60959", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60959);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-4527\", \"CVE-2010-4655\", \"CVE-2011-0521\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL4.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes the following security issues :\n\n - A buffer overflow flaw was found in the\n load_mixer_volumes() function in the Linux kernel's Open\n Sound System (OSS) sound driver. On 64-bit PowerPC\n systems, a local, unprivileged user could use this flaw\n to cause a denial of service or escalate their\n privileges. (CVE-2010-4527, Important)\n\n - A missing boundary check was found in the dvb_ca_ioctl()\n function in the Linux kernel's av7110 module. On systems\n that use old DVB cards that require the av7110 module, a\n local, unprivileged user could use this flaw to cause a\n denial of service or escalate their privileges.\n (CVE-2011-0521, Important)\n\n - A missing initialization flaw was found in the\n ethtool_get_regs() function in the Linux kernel's\n ethtool IOCTL handler. A local user who has the\n CAP_NET_ADMIN capability could use this flaw to cause an\n information leak. (CVE-2010-4655, Low)\n\nThese updated kernel packages also fix hundreds of bugs and add\nnumerous enhancements.\n\nThe system must be rebooted for this update to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1106&L=scientific-linux-errata&T=0&P=3646\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?96eead25\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"kernel-2.6.9-100.EL\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"kernel-devel-2.6.9-100.EL\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"kernel-doc-2.6.9-100.EL\")) flag++;\nif (rpm_check(release:\"SL4\", cpu:\"i386\", reference:\"kernel-hugemem-2.6.9-100.EL\")) flag++;\nif (rpm_check(release:\"SL4\", cpu:\"i386\", reference:\"kernel-hugemem-devel-2.6.9-100.EL\")) flag++;\nif (rpm_check(release:\"SL4\", cpu:\"x86_64\", reference:\"kernel-largesmp-2.6.9-100.EL\")) flag++;\nif (rpm_check(release:\"SL4\", cpu:\"x86_64\", reference:\"kernel-largesmp-devel-2.6.9-100.EL\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"kernel-smp-2.6.9-100.EL\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"kernel-smp-devel-2.6.9-100.EL\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"kernel-utils-2.4-23.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"kernel-xenU-2.6.9-100.EL\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"kernel-xenU-devel-2.6.9-100.EL\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T12:45:42", "description": "From Red Hat Security Advisory 2011:0263 :\n\nUpdated kernel packages that fix three security issues, hundreds of\nbugs, and add numerous enhancements are now available as part of the\nongoing support and maintenance of Red Hat Enterprise Linux version 4.\nThis is the ninth regular update.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n* A buffer overflow flaw was found in the load_mixer_volumes()\nfunction in the Linux kernel's Open Sound System (OSS) sound driver.\nOn 64-bit PowerPC systems, a local, unprivileged user could use this\nflaw to cause a denial of service or escalate their privileges.\n(CVE-2010-4527, Important)\n\n* A missing boundary check was found in the dvb_ca_ioctl() function in\nthe Linux kernel's av7110 module. On systems that use old DVB cards\nthat require the av7110 module, a local, unprivileged user could use\nthis flaw to cause a denial of service or escalate their privileges.\n(CVE-2011-0521, Important)\n\n* A missing initialization flaw was found in the ethtool_get_regs()\nfunction in the Linux kernel's ethtool IOCTL handler. A local user who\nhas the CAP_NET_ADMIN capability could use this flaw to cause an\ninformation leak. (CVE-2010-4655, Low)\n\nRed Hat would like to thank Dan Rosenberg for reporting CVE-2010-4527,\nand Kees Cook for reporting CVE-2010-4655.\n\nThese updated kernel packages also fix hundreds of bugs and add\nnumerous enhancements. For details on individual bug fixes and\nenhancements included in this update, refer to the Red Hat Enterprise\nLinux 4.9 Release Notes, linked to in the References section.\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues and add these enhancements.\nThe system must be rebooted for this update to take effect.", "edition": 24, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 4 : kernel (ELSA-2011-0263)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0521", "CVE-2010-4527", "CVE-2010-4655"], "modified": "2013-07-12T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:kernel-hugemem", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-doc", "p-cpe:/a:oracle:linux:kernel-xenU-devel", "p-cpe:/a:oracle:linux:kernel-xenU", "p-cpe:/a:oracle:linux:kernel-smp-devel", "p-cpe:/a:oracle:linux:kernel-largesmp", "p-cpe:/a:oracle:linux:kernel-smp", "p-cpe:/a:oracle:linux:kernel-hugemem-devel", "cpe:/o:oracle:linux:4", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-largesmp-devel"], "id": "ORACLELINUX_ELSA-2011-0263.NASL", "href": "https://www.tenable.com/plugins/nessus/68204", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2011:0263 and \n# Oracle Linux Security Advisory ELSA-2011-0263 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68204);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-4527\", \"CVE-2010-4655\", \"CVE-2011-0521\");\n script_bugtraq_id(45629, 45972, 45986);\n script_xref(name:\"RHSA\", value:\"2011:0263\");\n\n script_name(english:\"Oracle Linux 4 : kernel (ELSA-2011-0263)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2011:0263 :\n\nUpdated kernel packages that fix three security issues, hundreds of\nbugs, and add numerous enhancements are now available as part of the\nongoing support and maintenance of Red Hat Enterprise Linux version 4.\nThis is the ninth regular update.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n* A buffer overflow flaw was found in the load_mixer_volumes()\nfunction in the Linux kernel's Open Sound System (OSS) sound driver.\nOn 64-bit PowerPC systems, a local, unprivileged user could use this\nflaw to cause a denial of service or escalate their privileges.\n(CVE-2010-4527, Important)\n\n* A missing boundary check was found in the dvb_ca_ioctl() function in\nthe Linux kernel's av7110 module. On systems that use old DVB cards\nthat require the av7110 module, a local, unprivileged user could use\nthis flaw to cause a denial of service or escalate their privileges.\n(CVE-2011-0521, Important)\n\n* A missing initialization flaw was found in the ethtool_get_regs()\nfunction in the Linux kernel's ethtool IOCTL handler. A local user who\nhas the CAP_NET_ADMIN capability could use this flaw to cause an\ninformation leak. (CVE-2010-4655, Low)\n\nRed Hat would like to thank Dan Rosenberg for reporting CVE-2010-4527,\nand Kees Cook for reporting CVE-2010-4655.\n\nThese updated kernel packages also fix hundreds of bugs and add\nnumerous enhancements. For details on individual bug fixes and\nenhancements included in this update, refer to the Red Hat Enterprise\nLinux 4.9 Release Notes, linked to in the References section.\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues and add these enhancements.\nThe system must be rebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-February/001954.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-hugemem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-hugemem-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-largesmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-largesmp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-smp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-xenU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-xenU-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/01/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/02/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2010-4527\", \"CVE-2010-4655\", \"CVE-2011-0521\"); \n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for ELSA-2011-0263\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item(\"Host/uname/major_minor\");\nif (empty_or_null(kernel_major_minor)) exit(1, \"Unable to determine kernel major-minor level.\");\nexpected_kernel_major_minor = \"2.6\";\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, \"running kernel level \" + expected_kernel_major_minor + \", it is running kernel level \" + kernel_major_minor);\n\nflag = 0;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-2.6.9\") && rpm_check(release:\"EL4\", reference:\"kernel-2.6.9-100.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-devel-2.6.9\") && rpm_check(release:\"EL4\", reference:\"kernel-devel-2.6.9-100.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-doc-2.6.9\") && rpm_check(release:\"EL4\", reference:\"kernel-doc-2.6.9-100.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-hugemem-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"kernel-hugemem-2.6.9-100.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-hugemem-devel-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"kernel-hugemem-devel-2.6.9-100.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-largesmp-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"ia64\", reference:\"kernel-largesmp-2.6.9-100.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-largesmp-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"kernel-largesmp-2.6.9-100.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-largesmp-devel-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"ia64\", reference:\"kernel-largesmp-devel-2.6.9-100.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-largesmp-devel-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"kernel-largesmp-devel-2.6.9-100.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-smp-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"kernel-smp-2.6.9-100.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-smp-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"kernel-smp-2.6.9-100.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-smp-devel-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"kernel-smp-devel-2.6.9-100.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-smp-devel-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"kernel-smp-devel-2.6.9-100.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-xenU-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"kernel-xenU-2.6.9-100.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-xenU-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"kernel-xenU-2.6.9-100.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-xenU-devel-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"kernel-xenU-devel-2.6.9-100.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-xenU-devel-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"kernel-xenU-devel-2.6.9-100.EL\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:08:54", "description": "Updated kernel packages that fix three security issues, hundreds of\nbugs, and add numerous enhancements are now available as part of the\nongoing support and maintenance of Red Hat Enterprise Linux version 4.\nThis is the ninth regular update.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n* A buffer overflow flaw was found in the load_mixer_volumes()\nfunction in the Linux kernel's Open Sound System (OSS) sound driver.\nOn 64-bit PowerPC systems, a local, unprivileged user could use this\nflaw to cause a denial of service or escalate their privileges.\n(CVE-2010-4527, Important)\n\n* A missing boundary check was found in the dvb_ca_ioctl() function in\nthe Linux kernel's av7110 module. On systems that use old DVB cards\nthat require the av7110 module, a local, unprivileged user could use\nthis flaw to cause a denial of service or escalate their privileges.\n(CVE-2011-0521, Important)\n\n* A missing initialization flaw was found in the ethtool_get_regs()\nfunction in the Linux kernel's ethtool IOCTL handler. A local user who\nhas the CAP_NET_ADMIN capability could use this flaw to cause an\ninformation leak. (CVE-2010-4655, Low)\n\nRed Hat would like to thank Dan Rosenberg for reporting CVE-2010-4527,\nand Kees Cook for reporting CVE-2010-4655.\n\nThese updated kernel packages also fix hundreds of bugs and add\nnumerous enhancements. For details on individual bug fixes and\nenhancements included in this update, refer to the Red Hat Enterprise\nLinux 4.9 Release Notes, linked to in the References section.\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues and add these enhancements.\nThe system must be rebooted for this update to take effect.", "edition": 28, "published": "2011-02-17T00:00:00", "title": "RHEL 4 : kernel (RHSA-2011:0263)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0521", "CVE-2010-4527", "CVE-2010-4655"], "modified": "2011-02-17T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:4", "p-cpe:/a:redhat:enterprise_linux:kernel-largesmp-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-smp-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-xenU", "p-cpe:/a:redhat:enterprise_linux:kernel-hugemem-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-smp", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-hugemem", "p-cpe:/a:redhat:enterprise_linux:kernel-xenU-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-largesmp"], "id": "REDHAT-RHSA-2011-0263.NASL", "href": "https://www.tenable.com/plugins/nessus/52009", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:0263. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(52009);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-4527\", \"CVE-2010-4655\", \"CVE-2011-0521\");\n script_bugtraq_id(45629, 45972, 45986);\n script_xref(name:\"RHSA\", value:\"2011:0263\");\n\n script_name(english:\"RHEL 4 : kernel (RHSA-2011:0263)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix three security issues, hundreds of\nbugs, and add numerous enhancements are now available as part of the\nongoing support and maintenance of Red Hat Enterprise Linux version 4.\nThis is the ninth regular update.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n* A buffer overflow flaw was found in the load_mixer_volumes()\nfunction in the Linux kernel's Open Sound System (OSS) sound driver.\nOn 64-bit PowerPC systems, a local, unprivileged user could use this\nflaw to cause a denial of service or escalate their privileges.\n(CVE-2010-4527, Important)\n\n* A missing boundary check was found in the dvb_ca_ioctl() function in\nthe Linux kernel's av7110 module. On systems that use old DVB cards\nthat require the av7110 module, a local, unprivileged user could use\nthis flaw to cause a denial of service or escalate their privileges.\n(CVE-2011-0521, Important)\n\n* A missing initialization flaw was found in the ethtool_get_regs()\nfunction in the Linux kernel's ethtool IOCTL handler. A local user who\nhas the CAP_NET_ADMIN capability could use this flaw to cause an\ninformation leak. (CVE-2010-4655, Low)\n\nRed Hat would like to thank Dan Rosenberg for reporting CVE-2010-4527,\nand Kees Cook for reporting CVE-2010-4655.\n\nThese updated kernel packages also fix hundreds of bugs and add\nnumerous enhancements. For details on individual bug fixes and\nenhancements included in this update, refer to the Red Hat Enterprise\nLinux 4.9 Release Notes, linked to in the References section.\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues and add these enhancements.\nThe system must be rebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-4527\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-4655\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0521\"\n );\n # http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/4/html/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?056c0c27\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:0263\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-hugemem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-hugemem-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-largesmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-largesmp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-smp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xenU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xenU-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/01/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/02/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2010-4527\", \"CVE-2010-4655\", \"CVE-2011-0521\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2011:0263\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:0263\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"kernel-2.6.9-100.EL\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"kernel-devel-2.6.9-100.EL\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"kernel-doc-2.6.9-100.EL\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"i686\", reference:\"kernel-hugemem-2.6.9-100.EL\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"i686\", reference:\"kernel-hugemem-devel-2.6.9-100.EL\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"kernel-largesmp-2.6.9-100.EL\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"kernel-largesmp-devel-2.6.9-100.EL\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"i686\", reference:\"kernel-smp-2.6.9-100.EL\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"kernel-smp-2.6.9-100.EL\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"i686\", reference:\"kernel-smp-devel-2.6.9-100.EL\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"kernel-smp-devel-2.6.9-100.EL\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"i686\", reference:\"kernel-xenU-2.6.9-100.EL\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"kernel-xenU-2.6.9-100.EL\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"i686\", reference:\"kernel-xenU-devel-2.6.9-100.EL\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"kernel-xenU-devel-2.6.9-100.EL\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-devel / kernel-doc / kernel-hugemem / etc\");\n }\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T15:16:37", "description": "This kernel update for the SUSE Linux Enterprise 10 SP3 kernel fixes\nseveral security issues and bugs.\n\nThe following security issues were fixed :\n\n - A memory leak in the ethtool ioctl was fixed that could\n disclose kernel memory to local attackers with\n CAP_NET_ADMIN privileges. (CVE-2010-4655)\n\n - The dvb_ca_ioctl function in\n drivers/media/dvb/ttpci/av7110_ca.c in the Linux kernel\n did not check the sign of a certain integer field, which\n allowed local users to cause a denial of service (memory\n corruption) or possibly have unspecified other impact\n via a negative value. (CVE-2011-0521)\n\n - The ax25_getname function in net/ax25/af_ax25.c in the\n Linux kernel did not initialize a certain structure,\n which allowed local users to obtain potentially\n sensitive information from kernel stack memory by\n reading a copy of this structure. (CVE-2010-3875)\n\n - net/packet/af_packet.c in the Linux kernel did not\n properly initialize certain structure members, which\n allowed local users to obtain potentially sensitive\n information from kernel stack memory by leveraging the\n CAP_NET_RAW capability to read copies of the applicable\n structures. (CVE-2010-3876)\n\n - The get_name function in net/tipc/socket.c in the Linux\n kernel did not initialize a certain structure, which\n allowed local users to obtain potentially sensitive\n information from kernel stack memory by reading a copy\n of this structure. (CVE-2010-3877)\n\n - A stack memory information leak in the xfs FSGEOMETRY_V1\n ioctl was fixed. (CVE-2011-0711)\n\n - The task_show_regs function in arch/s390/kernel/traps.c\n in the Linux kernel on the s390 platform allowed local\n users to obtain the values of the registers of an\n arbitrary process by reading a status file under /proc/.\n (CVE-2011-0710)\n\n - The sctp_process_unk_param function in\n net/sctp/sm_make_chunk.c in the Linux kernel, when SCTP\n is enabled, allowed remote attackers to cause a denial\n of service (system crash) via an SCTPChunkInit packet\n containing multiple invalid parameters that require a\n large amount of error data. (CVE-2010-1173)\n\n - The uart_get_count function in\n drivers/serial/serial_core.c in the Linux kernel did not\n properly initialize a certain structure member, which\n allowed local users to obtain potentially sensitive\n information from kernel stack memory via a TIOCGICOUNT\n ioctl call. (CVE-2010-4075)\n\n - The rs_ioctl function in drivers/char/amiserial.c in the\n Linux kernel did not properly initialize a certain\n structure member, which allowed local users to obtain\n potentially sensitive information from kernel stack\n memory via a TIOCGICOUNT ioctl call. (CVE-2010-4076)\n\n - The ntty_ioctl_tiocgicount function in\n drivers/char/nozomi.c in the Linux kernel did not\n properly initialize a certain structure member, which\n allowed local users to obtain potentially sensitive\n information from kernel stack memory via a TIOCGICOUNT\n ioctl call. (CVE-2010-4077)\n\n - The load_mixer_volumes function in sound/oss/soundcard.c\n in the OSS sound subsystem in the Linux kernel\n incorrectly expected that a certain name field ends with\n a '0' character, which allowed local users to conduct\n buffer overflow attacks and gain privileges, or possibly\n obtain sensitive information from kernel memory, via a\n SOUND_MIXER_SETLEVELS ioctl call. (CVE-2010-4527)\n\n - Race condition in the __exit_signal function in\n kernel/exit.c in the Linux kernel allowed local users to\n cause a denial of service via vectors related to\n multithreaded exec, the use of a thread group leader in\n kernel/posix-cpu-timers.c, and the selection of a new\n thread group leader in the de_thread function in\n fs/exec.c. (CVE-2010-4248)\n\n - The blk_rq_map_user_iov function in block/blk-map.c in\n the Linux kernel allowed local users to cause a denial\n of service (panic) via a zero-length I/O request in a\n device ioctl to a SCSI device, related to an unaligned\n map. NOTE: this vulnerability exists because of an\n incomplete fix for CVE-2010-4163. (CVE-2010-4668)\n\n - The hci_uart_tty_open function in the HCI UART driver\n (drivers/bluetooth/hci_ldisc.c) in the Linux kernel did\n not verify whether the tty has a write operation, which\n allowed local users to cause a denial of service (NULL\n pointer dereference) via vectors related to the\n Bluetooth driver. (CVE-2010-4242)\n\n - Integer underflow in the irda_getsockopt function in\n net/irda/af_irda.c in the Linux kernel on platforms\n other than x86 allowed local users to obtain potentially\n sensitive information from kernel heap memory via an\n IRLMP_ENUMDEVICES getsockopt call. (CVE-2010-4529)\n\n - The aun_incoming function in net/econet/af_econet.c in\n the Linux kernel, when Econet is enabled, allowed remote\n attackers to cause a denial of service (NULL pointer\n dereference and OOPS) by sending an Acorn Universal\n Networking (AUN) packet over UDP. (CVE-2010-4342)\n\n - Race condition in the sctp_icmp_proto_unreachable\n function in net/sctp/input.c in Linux kernel allowed\n remote attackers to cause a denial of service (panic)\n via an ICMP unreachable message to a socket that is\n already locked by a user, which causes the socket to be\n freed and triggers list corruption, related to the\n sctp_wait_for_connect function. (CVE-2010-4526)", "edition": 24, "published": "2012-05-17T00:00:00", "title": "SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 7384)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4242", "CVE-2011-0521", "CVE-2010-4163", "CVE-2010-4529", "CVE-2010-4668", "CVE-2010-4527", "CVE-2010-3877", "CVE-2010-3875", "CVE-2010-3876", "CVE-2010-4526", "CVE-2011-0711", "CVE-2011-0710", "CVE-2010-4248", "CVE-2010-4342", "CVE-2010-1173", "CVE-2010-4077", "CVE-2010-4075", "CVE-2010-4655", "CVE-2010-4076"], "modified": "2012-05-17T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_KERNEL-7384.NASL", "href": "https://www.tenable.com/plugins/nessus/59155", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59155);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2010-1173\", \"CVE-2010-3875\", \"CVE-2010-3876\", \"CVE-2010-3877\", \"CVE-2010-4075\", \"CVE-2010-4076\", \"CVE-2010-4077\", \"CVE-2010-4163\", \"CVE-2010-4242\", \"CVE-2010-4248\", \"CVE-2010-4342\", \"CVE-2010-4526\", \"CVE-2010-4527\", \"CVE-2010-4529\", \"CVE-2010-4655\", \"CVE-2010-4668\", \"CVE-2011-0521\", \"CVE-2011-0710\", \"CVE-2011-0711\");\n\n script_name(english:\"SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 7384)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This kernel update for the SUSE Linux Enterprise 10 SP3 kernel fixes\nseveral security issues and bugs.\n\nThe following security issues were fixed :\n\n - A memory leak in the ethtool ioctl was fixed that could\n disclose kernel memory to local attackers with\n CAP_NET_ADMIN privileges. (CVE-2010-4655)\n\n - The dvb_ca_ioctl function in\n drivers/media/dvb/ttpci/av7110_ca.c in the Linux kernel\n did not check the sign of a certain integer field, which\n allowed local users to cause a denial of service (memory\n corruption) or possibly have unspecified other impact\n via a negative value. (CVE-2011-0521)\n\n - The ax25_getname function in net/ax25/af_ax25.c in the\n Linux kernel did not initialize a certain structure,\n which allowed local users to obtain potentially\n sensitive information from kernel stack memory by\n reading a copy of this structure. (CVE-2010-3875)\n\n - net/packet/af_packet.c in the Linux kernel did not\n properly initialize certain structure members, which\n allowed local users to obtain potentially sensitive\n information from kernel stack memory by leveraging the\n CAP_NET_RAW capability to read copies of the applicable\n structures. (CVE-2010-3876)\n\n - The get_name function in net/tipc/socket.c in the Linux\n kernel did not initialize a certain structure, which\n allowed local users to obtain potentially sensitive\n information from kernel stack memory by reading a copy\n of this structure. (CVE-2010-3877)\n\n - A stack memory information leak in the xfs FSGEOMETRY_V1\n ioctl was fixed. (CVE-2011-0711)\n\n - The task_show_regs function in arch/s390/kernel/traps.c\n in the Linux kernel on the s390 platform allowed local\n users to obtain the values of the registers of an\n arbitrary process by reading a status file under /proc/.\n (CVE-2011-0710)\n\n - The sctp_process_unk_param function in\n net/sctp/sm_make_chunk.c in the Linux kernel, when SCTP\n is enabled, allowed remote attackers to cause a denial\n of service (system crash) via an SCTPChunkInit packet\n containing multiple invalid parameters that require a\n large amount of error data. (CVE-2010-1173)\n\n - The uart_get_count function in\n drivers/serial/serial_core.c in the Linux kernel did not\n properly initialize a certain structure member, which\n allowed local users to obtain potentially sensitive\n information from kernel stack memory via a TIOCGICOUNT\n ioctl call. (CVE-2010-4075)\n\n - The rs_ioctl function in drivers/char/amiserial.c in the\n Linux kernel did not properly initialize a certain\n structure member, which allowed local users to obtain\n potentially sensitive information from kernel stack\n memory via a TIOCGICOUNT ioctl call. (CVE-2010-4076)\n\n - The ntty_ioctl_tiocgicount function in\n drivers/char/nozomi.c in the Linux kernel did not\n properly initialize a certain structure member, which\n allowed local users to obtain potentially sensitive\n information from kernel stack memory via a TIOCGICOUNT\n ioctl call. (CVE-2010-4077)\n\n - The load_mixer_volumes function in sound/oss/soundcard.c\n in the OSS sound subsystem in the Linux kernel\n incorrectly expected that a certain name field ends with\n a '0' character, which allowed local users to conduct\n buffer overflow attacks and gain privileges, or possibly\n obtain sensitive information from kernel memory, via a\n SOUND_MIXER_SETLEVELS ioctl call. (CVE-2010-4527)\n\n - Race condition in the __exit_signal function in\n kernel/exit.c in the Linux kernel allowed local users to\n cause a denial of service via vectors related to\n multithreaded exec, the use of a thread group leader in\n kernel/posix-cpu-timers.c, and the selection of a new\n thread group leader in the de_thread function in\n fs/exec.c. (CVE-2010-4248)\n\n - The blk_rq_map_user_iov function in block/blk-map.c in\n the Linux kernel allowed local users to cause a denial\n of service (panic) via a zero-length I/O request in a\n device ioctl to a SCSI device, related to an unaligned\n map. NOTE: this vulnerability exists because of an\n incomplete fix for CVE-2010-4163. (CVE-2010-4668)\n\n - The hci_uart_tty_open function in the HCI UART driver\n (drivers/bluetooth/hci_ldisc.c) in the Linux kernel did\n not verify whether the tty has a write operation, which\n allowed local users to cause a denial of service (NULL\n pointer dereference) via vectors related to the\n Bluetooth driver. (CVE-2010-4242)\n\n - Integer underflow in the irda_getsockopt function in\n net/irda/af_irda.c in the Linux kernel on platforms\n other than x86 allowed local users to obtain potentially\n sensitive information from kernel heap memory via an\n IRLMP_ENUMDEVICES getsockopt call. (CVE-2010-4529)\n\n - The aun_incoming function in net/econet/af_econet.c in\n the Linux kernel, when Econet is enabled, allowed remote\n attackers to cause a denial of service (NULL pointer\n dereference and OOPS) by sending an Acorn Universal\n Networking (AUN) packet over UDP. (CVE-2010-4342)\n\n - Race condition in the sctp_icmp_proto_unreachable\n function in net/sctp/input.c in Linux kernel allowed\n remote attackers to cause a denial of service (panic)\n via an ICMP unreachable message to a socket that is\n already locked by a user, which causes the socket to be\n freed and triggers list corruption, related to the\n sctp_wait_for_connect function. (CVE-2010-4526)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-1173.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3875.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3876.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3877.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4075.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4076.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4077.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4163.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4242.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4248.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4342.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4526.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4527.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4529.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4655.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4668.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0521.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0710.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0711.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7384.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/03/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/05/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"x86_64\", reference:\"kernel-default-2.6.16.60-0.77.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"x86_64\", reference:\"kernel-smp-2.6.16.60-0.77.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"x86_64\", reference:\"kernel-source-2.6.16.60-0.77.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"x86_64\", reference:\"kernel-syms-2.6.16.60-0.77.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"x86_64\", reference:\"kernel-xen-2.6.16.60-0.77.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"kernel-debug-2.6.16.60-0.77.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"kernel-default-2.6.16.60-0.77.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"kernel-kdump-2.6.16.60-0.77.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"kernel-smp-2.6.16.60-0.77.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"kernel-source-2.6.16.60-0.77.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"kernel-syms-2.6.16.60-0.77.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"kernel-xen-2.6.16.60-0.77.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-20T15:16:37", "description": "This kernel update for the SUSE Linux Enterprise 10 SP3 kernel fixes\nseveral security issues and bugs.\n\nThe following security issues were fixed :\n\n - A memory leak in the ethtool ioctl was fixed that could\n disclose kernel memory to local attackers with\n CAP_NET_ADMIN privileges. (CVE-2010-4655)\n\n - The dvb_ca_ioctl function in\n drivers/media/dvb/ttpci/av7110_ca.c in the Linux kernel\n did not check the sign of a certain integer field, which\n allowed local users to cause a denial of service (memory\n corruption) or possibly have unspecified other impact\n via a negative value. (CVE-2011-0521)\n\n - The ax25_getname function in net/ax25/af_ax25.c in the\n Linux kernel did not initialize a certain structure,\n which allowed local users to obtain potentially\n sensitive information from kernel stack memory by\n reading a copy of this structure. (CVE-2010-3875)\n\n - net/packet/af_packet.c in the Linux kernel did not\n properly initialize certain structure members, which\n allowed local users to obtain potentially sensitive\n information from kernel stack memory by leveraging the\n CAP_NET_RAW capability to read copies of the applicable\n structures. (CVE-2010-3876)\n\n - The get_name function in net/tipc/socket.c in the Linux\n kernel did not initialize a certain structure, which\n allowed local users to obtain potentially sensitive\n information from kernel stack memory by reading a copy\n of this structure. (CVE-2010-3877)\n\n - A stack memory information leak in the xfs FSGEOMETRY_V1\n ioctl was fixed. (CVE-2011-0711)\n\n - The task_show_regs function in arch/s390/kernel/traps.c\n in the Linux kernel on the s390 platform allowed local\n users to obtain the values of the registers of an\n arbitrary process by reading a status file under /proc/.\n (CVE-2011-0710)\n\n - The sctp_process_unk_param function in\n net/sctp/sm_make_chunk.c in the Linux kernel, when SCTP\n is enabled, allowed remote attackers to cause a denial\n of service (system crash) via an SCTPChunkInit packet\n containing multiple invalid parameters that require a\n large amount of error data. (CVE-2010-1173)\n\n - The uart_get_count function in\n drivers/serial/serial_core.c in the Linux kernel did not\n properly initialize a certain structure member, which\n allowed local users to obtain potentially sensitive\n information from kernel stack memory via a TIOCGICOUNT\n ioctl call. (CVE-2010-4075)\n\n - The rs_ioctl function in drivers/char/amiserial.c in the\n Linux kernel did not properly initialize a certain\n structure member, which allowed local users to obtain\n potentially sensitive information from kernel stack\n memory via a TIOCGICOUNT ioctl call. (CVE-2010-4076)\n\n - The ntty_ioctl_tiocgicount function in\n drivers/char/nozomi.c in the Linux kernel did not\n properly initialize a certain structure member, which\n allowed local users to obtain potentially sensitive\n information from kernel stack memory via a TIOCGICOUNT\n ioctl call. (CVE-2010-4077)\n\n - The load_mixer_volumes function in sound/oss/soundcard.c\n in the OSS sound subsystem in the Linux kernel\n incorrectly expected that a certain name field ends with\n a '0' character, which allowed local users to conduct\n buffer overflow attacks and gain privileges, or possibly\n obtain sensitive information from kernel memory, via a\n SOUND_MIXER_SETLEVELS ioctl call. (CVE-2010-4527)\n\n - Race condition in the __exit_signal function in\n kernel/exit.c in the Linux kernel allowed local users to\n cause a denial of service via vectors related to\n multithreaded exec, the use of a thread group leader in\n kernel/posix-cpu-timers.c, and the selection of a new\n thread group leader in the de_thread function in\n fs/exec.c. (CVE-2010-4248)\n\n - The blk_rq_map_user_iov function in block/blk-map.c in\n the Linux kernel allowed local users to cause a denial\n of service (panic) via a zero-length I/O request in a\n device ioctl to a SCSI device, related to an unaligned\n map. NOTE: this vulnerability exists because of an\n incomplete fix for CVE-2010-4163. (CVE-2010-4668)\n\n - The hci_uart_tty_open function in the HCI UART driver\n (drivers/bluetooth/hci_ldisc.c) in the Linux kernel did\n not verify whether the tty has a write operation, which\n allowed local users to cause a denial of service (NULL\n pointer dereference) via vectors related to the\n Bluetooth driver. (CVE-2010-4242)\n\n - Integer underflow in the irda_getsockopt function in\n net/irda/af_irda.c in the Linux kernel on platforms\n other than x86 allowed local users to obtain potentially\n sensitive information from kernel heap memory via an\n IRLMP_ENUMDEVICES getsockopt call. (CVE-2010-4529)\n\n - The aun_incoming function in net/econet/af_econet.c in\n the Linux kernel, when Econet is enabled, allowed remote\n attackers to cause a denial of service (NULL pointer\n dereference and OOPS) by sending an Acorn Universal\n Networking (AUN) packet over UDP. (CVE-2010-4342)\n\n - Race condition in the sctp_icmp_proto_unreachable\n function in net/sctp/input.c in Linux kernel allowed\n remote attackers to cause a denial of service (panic)\n via an ICMP unreachable message to a socket that is\n already locked by a user, which causes the socket to be\n freed and triggers list corruption, related to the\n sctp_wait_for_connect function. (CVE-2010-4526)", "edition": 24, "published": "2011-03-25T00:00:00", "title": "SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 7381)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4242", "CVE-2011-0521", "CVE-2010-4163", "CVE-2010-4529", "CVE-2010-4668", "CVE-2010-4527", "CVE-2010-3877", "CVE-2010-3875", "CVE-2010-3876", "CVE-2010-4526", "CVE-2011-0711", "CVE-2011-0710", "CVE-2010-4248", "CVE-2010-4342", "CVE-2010-1173", "CVE-2010-4077", "CVE-2010-4075", "CVE-2010-4655", "CVE-2010-4076"], "modified": "2011-03-25T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_KERNEL-7381.NASL", "href": "https://www.tenable.com/plugins/nessus/52971", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(52971);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2010-1173\", \"CVE-2010-3875\", \"CVE-2010-3876\", \"CVE-2010-3877\", \"CVE-2010-4075\", \"CVE-2010-4076\", \"CVE-2010-4077\", \"CVE-2010-4163\", \"CVE-2010-4242\", \"CVE-2010-4248\", \"CVE-2010-4342\", \"CVE-2010-4526\", \"CVE-2010-4527\", \"CVE-2010-4529\", \"CVE-2010-4655\", \"CVE-2010-4668\", \"CVE-2011-0521\", \"CVE-2011-0710\", \"CVE-2011-0711\");\n\n script_name(english:\"SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 7381)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This kernel update for the SUSE Linux Enterprise 10 SP3 kernel fixes\nseveral security issues and bugs.\n\nThe following security issues were fixed :\n\n - A memory leak in the ethtool ioctl was fixed that could\n disclose kernel memory to local attackers with\n CAP_NET_ADMIN privileges. (CVE-2010-4655)\n\n - The dvb_ca_ioctl function in\n drivers/media/dvb/ttpci/av7110_ca.c in the Linux kernel\n did not check the sign of a certain integer field, which\n allowed local users to cause a denial of service (memory\n corruption) or possibly have unspecified other impact\n via a negative value. (CVE-2011-0521)\n\n - The ax25_getname function in net/ax25/af_ax25.c in the\n Linux kernel did not initialize a certain structure,\n which allowed local users to obtain potentially\n sensitive information from kernel stack memory by\n reading a copy of this structure. (CVE-2010-3875)\n\n - net/packet/af_packet.c in the Linux kernel did not\n properly initialize certain structure members, which\n allowed local users to obtain potentially sensitive\n information from kernel stack memory by leveraging the\n CAP_NET_RAW capability to read copies of the applicable\n structures. (CVE-2010-3876)\n\n - The get_name function in net/tipc/socket.c in the Linux\n kernel did not initialize a certain structure, which\n allowed local users to obtain potentially sensitive\n information from kernel stack memory by reading a copy\n of this structure. (CVE-2010-3877)\n\n - A stack memory information leak in the xfs FSGEOMETRY_V1\n ioctl was fixed. (CVE-2011-0711)\n\n - The task_show_regs function in arch/s390/kernel/traps.c\n in the Linux kernel on the s390 platform allowed local\n users to obtain the values of the registers of an\n arbitrary process by reading a status file under /proc/.\n (CVE-2011-0710)\n\n - The sctp_process_unk_param function in\n net/sctp/sm_make_chunk.c in the Linux kernel, when SCTP\n is enabled, allowed remote attackers to cause a denial\n of service (system crash) via an SCTPChunkInit packet\n containing multiple invalid parameters that require a\n large amount of error data. (CVE-2010-1173)\n\n - The uart_get_count function in\n drivers/serial/serial_core.c in the Linux kernel did not\n properly initialize a certain structure member, which\n allowed local users to obtain potentially sensitive\n information from kernel stack memory via a TIOCGICOUNT\n ioctl call. (CVE-2010-4075)\n\n - The rs_ioctl function in drivers/char/amiserial.c in the\n Linux kernel did not properly initialize a certain\n structure member, which allowed local users to obtain\n potentially sensitive information from kernel stack\n memory via a TIOCGICOUNT ioctl call. (CVE-2010-4076)\n\n - The ntty_ioctl_tiocgicount function in\n drivers/char/nozomi.c in the Linux kernel did not\n properly initialize a certain structure member, which\n allowed local users to obtain potentially sensitive\n information from kernel stack memory via a TIOCGICOUNT\n ioctl call. (CVE-2010-4077)\n\n - The load_mixer_volumes function in sound/oss/soundcard.c\n in the OSS sound subsystem in the Linux kernel\n incorrectly expected that a certain name field ends with\n a '0' character, which allowed local users to conduct\n buffer overflow attacks and gain privileges, or possibly\n obtain sensitive information from kernel memory, via a\n SOUND_MIXER_SETLEVELS ioctl call. (CVE-2010-4527)\n\n - Race condition in the __exit_signal function in\n kernel/exit.c in the Linux kernel allowed local users to\n cause a denial of service via vectors related to\n multithreaded exec, the use of a thread group leader in\n kernel/posix-cpu-timers.c, and the selection of a new\n thread group leader in the de_thread function in\n fs/exec.c. (CVE-2010-4248)\n\n - The blk_rq_map_user_iov function in block/blk-map.c in\n the Linux kernel allowed local users to cause a denial\n of service (panic) via a zero-length I/O request in a\n device ioctl to a SCSI device, related to an unaligned\n map. NOTE: this vulnerability exists because of an\n incomplete fix for CVE-2010-4163. (CVE-2010-4668)\n\n - The hci_uart_tty_open function in the HCI UART driver\n (drivers/bluetooth/hci_ldisc.c) in the Linux kernel did\n not verify whether the tty has a write operation, which\n allowed local users to cause a denial of service (NULL\n pointer dereference) via vectors related to the\n Bluetooth driver. (CVE-2010-4242)\n\n - Integer underflow in the irda_getsockopt function in\n net/irda/af_irda.c in the Linux kernel on platforms\n other than x86 allowed local users to obtain potentially\n sensitive information from kernel heap memory via an\n IRLMP_ENUMDEVICES getsockopt call. (CVE-2010-4529)\n\n - The aun_incoming function in net/econet/af_econet.c in\n the Linux kernel, when Econet is enabled, allowed remote\n attackers to cause a denial of service (NULL pointer\n dereference and OOPS) by sending an Acorn Universal\n Networking (AUN) packet over UDP. (CVE-2010-4342)\n\n - Race condition in the sctp_icmp_proto_unreachable\n function in net/sctp/input.c in Linux kernel allowed\n remote attackers to cause a denial of service (panic)\n via an ICMP unreachable message to a socket that is\n already locked by a user, which causes the socket to be\n freed and triggers list corruption, related to the\n sctp_wait_for_connect function. (CVE-2010-4526)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-1173.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3875.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3876.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3877.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4075.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4076.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4077.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4163.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4242.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4248.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4342.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4526.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4527.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4529.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4655.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4668.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0521.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0710.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0711.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7381.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/03/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/03/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"i586\", reference:\"kernel-bigsmp-2.6.16.60-0.77.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"i586\", reference:\"kernel-default-2.6.16.60-0.77.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"i586\", reference:\"kernel-smp-2.6.16.60-0.77.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"i586\", reference:\"kernel-source-2.6.16.60-0.77.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"i586\", reference:\"kernel-syms-2.6.16.60-0.77.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"i586\", reference:\"kernel-xen-2.6.16.60-0.77.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"i586\", reference:\"kernel-xenpae-2.6.16.60-0.77.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"i586\", reference:\"kernel-bigsmp-2.6.16.60-0.77.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"i586\", reference:\"kernel-debug-2.6.16.60-0.77.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"i586\", reference:\"kernel-default-2.6.16.60-0.77.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"i586\", reference:\"kernel-kdump-2.6.16.60-0.77.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"i586\", reference:\"kernel-kdumppae-2.6.16.60-0.77.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"i586\", reference:\"kernel-smp-2.6.16.60-0.77.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"i586\", reference:\"kernel-source-2.6.16.60-0.77.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"i586\", reference:\"kernel-syms-2.6.16.60-0.77.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"i586\", reference:\"kernel-vmi-2.6.16.60-0.77.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"i586\", reference:\"kernel-vmipae-2.6.16.60-0.77.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"i586\", reference:\"kernel-xen-2.6.16.60-0.77.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"i586\", reference:\"kernel-xenpae-2.6.16.60-0.77.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-06T09:46:15", "description": "Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleak. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems :\n\n - CVE-2010-0435\n Gleb Napatov reported an issue in the KVM subsystem that\n allows virtual machines to cause a denial of service of\n the host machine by executing mov to/from DR\n instructions.\n\n - CVE-2010-3699\n Keir Fraser provided a fix for an issue in the Xen\n subsystem. A guest can cause a denial of service on the\n host by retaining a leaked reference to a device. This\n can result in a zombie domain, xenwatch process hangs,\n and xm command failures.\n\n - CVE-2010-4158\n Dan Rosenberg discovered an issue in the socket filters\n subsystem, allowing local unprivileged users to obtain\n the contents of sensitive kernel memory.\n\n - CVE-2010-4162\n Dan Rosenberg discovered an overflow issue in the block\n I/O subsystem that allows local users to map large\n numbers of pages, resulting in a denial of service due\n to invocation of the out of memory killer.\n\n - CVE-2010-4163\n Dan Rosenberg discovered an issue in the block I/O\n subsystem. Due to improper validation of iov segments,\n local users can trigger a kernel panic resulting in a\n denial of service.\n\n - CVE-2010-4242\n Alan Cox reported an issue in the Bluetooth subsystem.\n Local users with sufficient permission to access HCI\n UART devices can cause a denial of service (NULL pointer\n dereference) due to a missing check for an existing tty\n write operation.\n\n - CVE-2010-4243\n Brad Spengler reported a denial-of-service issue in the\n kernel memory accounting system. By passing large\n argv/envp values to exec, local users can cause the out\n of memory killer to kill processes owned by other users.\n\n - CVE-2010-4248\n Oleg Nesterov reported an issue in the POSIX CPU timers\n subsystem. Local users can cause a denial of service\n (Oops) due to incorrect assumptions about thread group\n leader behavior.\n\n - CVE-2010-4249\n Vegard Nossum reported an issue with the UNIX socket\n garbage collector. Local users can consume all of LOWMEM\n and decrease system performance by overloading the\n system with inflight sockets.\n\n - CVE-2010-4258\n Nelson Elhage reported an issue in Linux oops handling.\n Local users may be able to obtain elevated privileges if\n they are able to trigger an oops with a process' fs set\n to KERNEL_DS.\n\n - CVE-2010-4342\n Nelson Elhage reported an issue in the Econet protocol.\n Remote attackers can cause a denial of service by\n sending an Acorn Universal Networking packet over UDP.\n\n - CVE-2010-4346\n Tavis Ormandy discovered an issue in the\n install_special_mapping routine which allows local users\n to bypass the mmap_min_addr security restriction.\n Combined with an otherwise low severity local denial of\n service vulnerability (NULL pointer dereference), a\n local user could obtain elevated privileges.\n\n - CVE-2010-4526\n Eugene Teo reported a race condition in the Linux SCTP\n implementation. Remote users can cause a denial of\n service (kernel memory corruption) by transmitting an\n ICMP unreachable message to a locked socket.\n\n - CVE-2010-4527\n Dan Rosenberg reported two issues in the OSS soundcard\n driver. Local users with access to the device (members\n of group 'audio' on default Debian installations) may\n access to sensitive kernel memory or cause a buffer\n overflow, potentially leading to an escalation of\n privileges.\n\n - CVE-2010-4529\n Dan Rosenberg reported an issue in the Linux kernel IrDA\n socket implementation on non-x86 architectures. Local\n users may be able to gain access to sensitive kernel\n memory via a specially crafted IRLMP_ENUMDEVICES\n getsockopt call.\n\n - CVE-2010-4565\n Dan Rosenberg reported an issue in the Linux CAN\n protocol implementation. Local users can obtain the\n address of a kernel heap object which might help\n facilitate system exploitation.\n\n - CVE-2010-4649\n Dan Carpenter reported an issue in the uverb handling of\n the InfiniBand subsystem. A potential buffer overflow\n may allow local users to cause a denial of service\n (memory corruption) by passing in a large cmd.ne value.\n\n - CVE-2010-4656\n Kees Cook reported an issue in the driver for\n I/O-Warrior USB devices. Local users with access to\n these devices may be able to overrun kernel buffers,\n resulting in a denial of service or privilege\n escalation.\n\n - CVE-2010-4668\n Dan Rosenberg reported an issue in the block subsystem.\n A local user can cause a denial of service (kernel\n panic) by submitting certain 0-length I/O requests.\n\n - CVE-2011-0521\n Dan Carpenter reported an issue in the DVB driver for\n AV7110 cards. Local users can pass a negative info->num\n value, corrupting kernel memory and causing a denial of\n service.", "edition": 16, "published": "2011-01-31T00:00:00", "title": "Debian DSA-2153-1 : linux-2.6 - privilege escalation/denial of service/information leak", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4242", "CVE-2011-0521", "CVE-2010-4163", "CVE-2010-4529", "CVE-2010-4668", "CVE-2010-4346", "CVE-2010-4527", "CVE-2010-4649", "CVE-2010-0435", "CVE-2010-4656", "CVE-2010-4158", "CVE-2010-4526", "CVE-2010-4162", "CVE-2010-4258", "CVE-2010-4248", "CVE-2010-4243", "CVE-2010-4249", "CVE-2010-4342", "CVE-2010-3699", "CVE-2010-4565"], "modified": "2011-01-31T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:5.0", "p-cpe:/a:debian:debian_linux:linux-2.6"], "id": "DEBIAN_DSA-2153.NASL", "href": "https://www.tenable.com/plugins/nessus/51818", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2153. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(51818);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2010-0435\", \"CVE-2010-3699\", \"CVE-2010-4158\", \"CVE-2010-4162\", \"CVE-2010-4163\", \"CVE-2010-4242\", \"CVE-2010-4243\", \"CVE-2010-4248\", \"CVE-2010-4249\", \"CVE-2010-4258\", \"CVE-2010-4342\", \"CVE-2010-4346\", \"CVE-2010-4526\", \"CVE-2010-4527\", \"CVE-2010-4529\", \"CVE-2010-4565\", \"CVE-2010-4649\", \"CVE-2010-4656\", \"CVE-2010-4668\", \"CVE-2011-0521\");\n script_bugtraq_id(42582, 44661, 44758, 44793, 45004, 45014, 45028, 45037, 45039, 45159, 45321, 45323, 45556, 45629, 45660, 45661, 45986);\n script_xref(name:\"DSA\", value:\"2153\");\n\n script_name(english:\"Debian DSA-2153-1 : linux-2.6 - privilege escalation/denial of service/information leak\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleak. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems :\n\n - CVE-2010-0435\n Gleb Napatov reported an issue in the KVM subsystem that\n allows virtual machines to cause a denial of service of\n the host machine by executing mov to/from DR\n instructions.\n\n - CVE-2010-3699\n Keir Fraser provided a fix for an issue in the Xen\n subsystem. A guest can cause a denial of service on the\n host by retaining a leaked reference to a device. This\n can result in a zombie domain, xenwatch process hangs,\n and xm command failures.\n\n - CVE-2010-4158\n Dan Rosenberg discovered an issue in the socket filters\n subsystem, allowing local unprivileged users to obtain\n the contents of sensitive kernel memory.\n\n - CVE-2010-4162\n Dan Rosenberg discovered an overflow issue in the block\n I/O subsystem that allows local users to map large\n numbers of pages, resulting in a denial of service due\n to invocation of the out of memory killer.\n\n - CVE-2010-4163\n Dan Rosenberg discovered an issue in the block I/O\n subsystem. Due to improper validation of iov segments,\n local users can trigger a kernel panic resulting in a\n denial of service.\n\n - CVE-2010-4242\n Alan Cox reported an issue in the Bluetooth subsystem.\n Local users with sufficient permission to access HCI\n UART devices can cause a denial of service (NULL pointer\n dereference) due to a missing check for an existing tty\n write operation.\n\n - CVE-2010-4243\n Brad Spengler reported a denial-of-service issue in the\n kernel memory accounting system. By passing large\n argv/envp values to exec, local users can cause the out\n of memory killer to kill processes owned by other users.\n\n - CVE-2010-4248\n Oleg Nesterov reported an issue in the POSIX CPU timers\n subsystem. Local users can cause a denial of service\n (Oops) due to incorrect assumptions about thread group\n leader behavior.\n\n - CVE-2010-4249\n Vegard Nossum reported an issue with the UNIX socket\n garbage collector. Local users can consume all of LOWMEM\n and decrease system performance by overloading the\n system with inflight sockets.\n\n - CVE-2010-4258\n Nelson Elhage reported an issue in Linux oops handling.\n Local users may be able to obtain elevated privileges if\n they are able to trigger an oops with a process' fs set\n to KERNEL_DS.\n\n - CVE-2010-4342\n Nelson Elhage reported an issue in the Econet protocol.\n Remote attackers can cause a denial of service by\n sending an Acorn Universal Networking packet over UDP.\n\n - CVE-2010-4346\n Tavis Ormandy discovered an issue in the\n install_special_mapping routine which allows local users\n to bypass the mmap_min_addr security restriction.\n Combined with an otherwise low severity local denial of\n service vulnerability (NULL pointer dereference), a\n local user could obtain elevated privileges.\n\n - CVE-2010-4526\n Eugene Teo reported a race condition in the Linux SCTP\n implementation. Remote users can cause a denial of\n service (kernel memory corruption) by transmitting an\n ICMP unreachable message to a locked socket.\n\n - CVE-2010-4527\n Dan Rosenberg reported two issues in the OSS soundcard\n driver. Local users with access to the device (members\n of group 'audio' on default Debian installations) may\n access to sensitive kernel memory or cause a buffer\n overflow, potentially leading to an escalation of\n privileges.\n\n - CVE-2010-4529\n Dan Rosenberg reported an issue in the Linux kernel IrDA\n socket implementation on non-x86 architectures. Local\n users may be able to gain access to sensitive kernel\n memory via a specially crafted IRLMP_ENUMDEVICES\n getsockopt call.\n\n - CVE-2010-4565\n Dan Rosenberg reported an issue in the Linux CAN\n protocol implementation. Local users can obtain the\n address of a kernel heap object which might help\n facilitate system exploitation.\n\n - CVE-2010-4649\n Dan Carpenter reported an issue in the uverb handling of\n the InfiniBand subsystem. A potential buffer overflow\n may allow local users to cause a denial of service\n (memory corruption) by passing in a large cmd.ne value.\n\n - CVE-2010-4656\n Kees Cook reported an issue in the driver for\n I/O-Warrior USB devices. Local users with access to\n these devices may be able to overrun kernel buffers,\n resulting in a denial of service or privilege\n escalation.\n\n - CVE-2010-4668\n Dan Rosenberg reported an issue in the block subsystem.\n A local user can cause a denial of service (kernel\n panic) by submitting certain 0-length I/O requests.\n\n - CVE-2011-0521\n Dan Carpenter reported an issue in the DVB driver for\n AV7110 cards. Local users can pass a negative info->num\n value, corrupting kernel memory and causing a denial of\n service.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-0435\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-3699\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-4158\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-4162\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-4163\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-4242\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-4243\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-4248\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-4249\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-4258\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-4342\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-4346\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-4526\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-4527\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-4529\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-4565\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-4649\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-4656\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-4668\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0521\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2011/dsa-2153\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the linux-2.6 and user-mode-linux packages.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 2.6.26-26lenny2.\n\nThe following matrix lists additional source packages that were\nrebuilt for compatibility with or to take advantage of this update :\n\n Debian 5.0 (lenny) \n user-mode-linux 2.6.26-1um-2+26lenny2 \nNote that these updates will not become active until after your system\nis rebooted.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-2.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/08/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/01/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/01/31\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"linux-base\", reference:\"2.6.26-26lenny2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-20T14:40:16", "description": "The SUSE Linux Enterprise 11 Service Pack 1 kernel was updated to\n2.6.32.29 and fixes various bugs and security issues.\n\n - The ax25_getname function in net/ax25/af_ax25.c in the\n Linux kernel did not initialize a certain structure,\n which allowed local users to obtain potentially\n sensitive information from kernel stack memory by\n reading a copy of this structure. (CVE-2010-3875)\n\n - net/packet/af_packet.c in the Linux kernel did not\n properly initialize certain structure members, which\n allowed local users to obtain potentially sensitive\n information from kernel stack memory by leveraging the\n CAP_NET_RAW capability to read copies of the applicable\n structures. (CVE-2010-3876)\n\n - The get_name function in net/tipc/socket.c in the Linux\n kernel did not initialize a certain structure, which\n allowed local users to obtain potentially sensitive\n information from kernel stack memory by reading a copy\n of this structure. (CVE-2010-3877)\n\n - The sctp_auth_asoc_get_hmac function in net/sctp/auth.c\n in the Linux kernel did not properly validate the\n hmac_ids array of an SCTP peer, which allowed remote\n attackers to cause a denial of service (memory\n corruption and panic) via a crafted value in the last\n element of this array. (CVE-2010-3705)\n\n - A stack memory information leak in the xfs FSGEOMETRY_V1\n ioctl was fixed. (CVE-2011-0711)\n\n - Multiple buffer overflows in the caiaq Native\n Instruments USB audio functionality in the Linux kernel\n might have allowed attackers to cause a denial of\n service or possibly have unspecified other impact via a\n long USB device name, related to (1) the\n snd_usb_caiaq_audio_init function in\n sound/usb/caiaq/audio.c and (2) the\n snd_usb_caiaq_midi_init function in\n sound/usb/caiaq/midi.c. (CVE-2011-0712)\n\n - The task_show_regs function in arch/s390/kernel/traps.c\n in the Linux kernel on the s390 platform allowed local\n users to obtain the values of the registers of an\n arbitrary process by reading a status file under /proc/.\n (CVE-2011-0710)\n\n - The xfs implementation in the Linux kernel did not look\n up inode allocation btrees before reading inode buffers,\n which allowed remote authenticated users to read\n unlinked files, or read or overwrite disk blocks that\n are currently assigned to an active file but were\n previously assigned to an unlinked file, by accessing a\n stale NFS filehandle. (CVE-2010-2943)\n\n - The uart_get_count function in\n drivers/serial/serial_core.c in the Linux kernel did not\n properly initialize a certain structure member, which\n allowed local users to obtain potentially sensitive\n information from kernel stack memory via a TIOCGICOUNT\n ioctl call. (CVE-2010-4075)\n\n - The rs_ioctl function in drivers/char/amiserial.c in the\n Linux kernel did not properly initialize a certain\n structure member, which allowed local users to obtain\n potentially sensitive information from kernel stack\n memory via a TIOCGICOUNT ioctl call. (CVE-2010-4076)\n\n - The ntty_ioctl_tiocgicount function in\n drivers/char/nozomi.c in the Linux kernel did not\n properly initialize a certain structure member, which\n allowed local users to obtain potentially sensitive\n information from kernel stack memory via a TIOCGICOUNT\n ioctl call. (CVE-2010-4077)\n\n - fs/exec.c in the Linux kernel did not enable the OOM\n Killer to assess use of stack memory by arrays\n representing the (1) arguments and (2) environment,\n which allows local users to cause a denial of service\n (memory consumption) via a crafted exec system call, aka\n an OOM dodging issue, a related issue to CVE-2010-3858.\n (CVE-2010-4243)\n\n - The blk_rq_map_user_iov function in block/blk-map.c in\n the Linux kernel allowed local users to cause a denial\n of service (panic) via a zero-length I/O request in a\n device ioctl to a SCSI device, related to an unaligned\n map. NOTE: this vulnerability exists because of an\n incomplete fix for CVE-2010-4163. (CVE-2010-4668)\n\n - Integer underflow in the irda_getsockopt function in\n net/irda/af_irda.c in the Linux kernel on platforms\n other than x86 allowed local users to obtain potentially\n sensitive information from kernel heap memory via an\n IRLMP_ENUMDEVICES getsockopt call. (CVE-2010-4529)\n\n - The aun_incoming function in net/econet/af_econet.c in\n the Linux kernel, when Econet is enabled, allows remote\n attackers to cause a denial of service (NULL pointer\n dereference and OOPS) by sending an Acorn Universal\n Networking (AUN) packet over UDP. (CVE-2010-4342)\n\n - The backend driver in Xen 3.x allowed guest OS users to\n cause a denial of service via a kernel thread leak,\n which prevented the device and guest OS from being shut\n down or create a zombie domain, causing a hang in\n zenwatch, or preventing unspecified xm commands from\n working properly, related to (1) netback, (2) blkback,\n or (3) blktap. (CVE-2010-3699)\n\n - The install_special_mapping function in mm/mmap.c in the\n Linux kernel did not make an expected security_file_mmap\n function call, which allows local users to bypass\n intended mmap_min_addr restrictions and possibly conduct\n NULL pointer dereference attacks via a crafted\n assembly-language application. (CVE-2010-4346)\n\n - Fixed a verify_ioctl overflow in 'cuse' in the fuse\n filesystem. The code should only be called by root users\n though. (CVE-2010-4650)\n\n - Race condition in the sctp_icmp_proto_unreachable\n function in net/sctp/input.c in the Linux kernel allowed\n remote attackers to cause a denial of service (panic)\n via an ICMP unreachable message to a socket that is\n already locked by a user, which causes the socket to be\n freed and triggers list corruption, related to the\n sctp_wait_for_connect function. (CVE-2010-4526)\n\n - The load_mixer_volumes function in sound/oss/soundcard.c\n in the OSS sound subsystem in the Linux kernel\n incorrectly expected that a certain name field ends with\n a '0' character, which allowed local users to conduct\n buffer overflow attacks and gain privileges, or possibly\n obtain sensitive information from kernel memory, via a\n SOUND_MIXER_SETLEVELS ioctl call. (CVE-2010-4527)\n\n - Fixed a LSM bug in IMA (Integrity Measuring\n Architecture). IMA is not enabled in SUSE kernels, so we\n were not affected. (CVE-2011-0006)", "edition": 24, "published": "2011-03-09T00:00:00", "title": "SuSE 11.1 Security Update : Linux kernel (SAT Patch Numbers 4039 / 4042 / 4043)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4163", "CVE-2010-4529", "CVE-2010-4668", "CVE-2010-4346", "CVE-2010-4527", "CVE-2010-2943", "CVE-2010-3877", "CVE-2010-3875", "CVE-2010-3876", "CVE-2011-0006", "CVE-2010-4526", "CVE-2011-0711", "CVE-2010-4650", "CVE-2011-0710", "CVE-2011-0712", "CVE-2010-3705", "CVE-2010-4243", "CVE-2010-4342", "CVE-2010-3858", "CVE-2010-3699", "CVE-2010-4077", "CVE-2010-4075", "CVE-2010-4076"], "modified": "2011-03-09T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:kernel-trace-devel", "p-cpe:/a:novell:suse_linux:11:kernel-pae-devel", "p-cpe:/a:novell:suse_linux:11:kernel-source", "p-cpe:/a:novell:suse_linux:11:kernel-ec2", "p-cpe:/a:novell:suse_linux:11:kernel-trace-base", "p-cpe:/a:novell:suse_linux:11:kernel-default-base", "p-cpe:/a:novell:suse_linux:11:hyper-v-kmp-default", "p-cpe:/a:novell:suse_linux:11:btrfs-kmp-xen", "p-cpe:/a:novell:suse_linux:11:kernel-pae-base", "p-cpe:/a:novell:suse_linux:11:kernel-pae", "p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-xen", "p-cpe:/a:novell:suse_linux:11:kernel-xen-base", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:kernel-xen", "p-cpe:/a:novell:suse_linux:11:kernel-trace", "p-cpe:/a:novell:suse_linux:11:btrfs-kmp-default", "p-cpe:/a:novell:suse_linux:11:hyper-v-kmp-pae", "p-cpe:/a:novell:suse_linux:11:kernel-syms", "p-cpe:/a:novell:suse_linux:11:kernel-desktop-devel", "p-cpe:/a:novell:suse_linux:11:btrfs-kmp-pae", "p-cpe:/a:novell:suse_linux:11:kernel-ec2-base", "p-cpe:/a:novell:suse_linux:11:kernel-pae-extra", "p-cpe:/a:novell:suse_linux:11:kernel-xen-extra", "p-cpe:/a:novell:suse_linux:11:kernel-default-devel", "p-cpe:/a:novell:suse_linux:11:kernel-default-man", "p-cpe:/a:novell:suse_linux:11:kernel-default-extra", "p-cpe:/a:novell:suse_linux:11:kernel-default", "p-cpe:/a:novell:suse_linux:11:kernel-xen-devel", "p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-pae", "p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-default"], "id": "SUSE_11_KERNEL-110228.NASL", "href": "https://www.tenable.com/plugins/nessus/52597", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(52597);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2010-2943\", \"CVE-2010-3699\", \"CVE-2010-3705\", \"CVE-2010-3858\", \"CVE-2010-3875\", \"CVE-2010-3876\", \"CVE-2010-3877\", \"CVE-2010-4075\", \"CVE-2010-4076\", \"CVE-2010-4077\", \"CVE-2010-4163\", \"CVE-2010-4243\", \"CVE-2010-4342\", \"CVE-2010-4346\", \"CVE-2010-4526\", \"CVE-2010-4527\", \"CVE-2010-4529\", \"CVE-2010-4650\", \"CVE-2010-4668\", \"CVE-2011-0006\", \"CVE-2011-0710\", \"CVE-2011-0711\", \"CVE-2011-0712\");\n\n script_name(english:\"SuSE 11.1 Security Update : Linux kernel (SAT Patch Numbers 4039 / 4042 / 4043)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 11 Service Pack 1 kernel was updated to\n2.6.32.29 and fixes various bugs and security issues.\n\n - The ax25_getname function in net/ax25/af_ax25.c in the\n Linux kernel did not initialize a certain structure,\n which allowed local users to obtain potentially\n sensitive information from kernel stack memory by\n reading a copy of this structure. (CVE-2010-3875)\n\n - net/packet/af_packet.c in the Linux kernel did not\n properly initialize certain structure members, which\n allowed local users to obtain potentially sensitive\n information from kernel stack memory by leveraging the\n CAP_NET_RAW capability to read copies of the applicable\n structures. (CVE-2010-3876)\n\n - The get_name function in net/tipc/socket.c in the Linux\n kernel did not initialize a certain structure, which\n allowed local users to obtain potentially sensitive\n information from kernel stack memory by reading a copy\n of this structure. (CVE-2010-3877)\n\n - The sctp_auth_asoc_get_hmac function in net/sctp/auth.c\n in the Linux kernel did not properly validate the\n hmac_ids array of an SCTP peer, which allowed remote\n attackers to cause a denial of service (memory\n corruption and panic) via a crafted value in the last\n element of this array. (CVE-2010-3705)\n\n - A stack memory information leak in the xfs FSGEOMETRY_V1\n ioctl was fixed. (CVE-2011-0711)\n\n - Multiple buffer overflows in the caiaq Native\n Instruments USB audio functionality in the Linux kernel\n might have allowed attackers to cause a denial of\n service or possibly have unspecified other impact via a\n long USB device name, related to (1) the\n snd_usb_caiaq_audio_init function in\n sound/usb/caiaq/audio.c and (2) the\n snd_usb_caiaq_midi_init function in\n sound/usb/caiaq/midi.c. (CVE-2011-0712)\n\n - The task_show_regs function in arch/s390/kernel/traps.c\n in the Linux kernel on the s390 platform allowed local\n users to obtain the values of the registers of an\n arbitrary process by reading a status file under /proc/.\n (CVE-2011-0710)\n\n - The xfs implementation in the Linux kernel did not look\n up inode allocation btrees before reading inode buffers,\n which allowed remote authenticated users to read\n unlinked files, or read or overwrite disk blocks that\n are currently assigned to an active file but were\n previously assigned to an unlinked file, by accessing a\n stale NFS filehandle. (CVE-2010-2943)\n\n - The uart_get_count function in\n drivers/serial/serial_core.c in the Linux kernel did not\n properly initialize a certain structure member, which\n allowed local users to obtain potentially sensitive\n information from kernel stack memory via a TIOCGICOUNT\n ioctl call. (CVE-2010-4075)\n\n - The rs_ioctl function in drivers/char/amiserial.c in the\n Linux kernel did not properly initialize a certain\n structure member, which allowed local users to obtain\n potentially sensitive information from kernel stack\n memory via a TIOCGICOUNT ioctl call. (CVE-2010-4076)\n\n - The ntty_ioctl_tiocgicount function in\n drivers/char/nozomi.c in the Linux kernel did not\n properly initialize a certain structure member, which\n allowed local users to obtain potentially sensitive\n information from kernel stack memory via a TIOCGICOUNT\n ioctl call. (CVE-2010-4077)\n\n - fs/exec.c in the Linux kernel did not enable the OOM\n Killer to assess use of stack memory by arrays\n representing the (1) arguments and (2) environment,\n which allows local users to cause a denial of service\n (memory consumption) via a crafted exec system call, aka\n an OOM dodging issue, a related issue to CVE-2010-3858.\n (CVE-2010-4243)\n\n - The blk_rq_map_user_iov function in block/blk-map.c in\n the Linux kernel allowed local users to cause a denial\n of service (panic) via a zero-length I/O request in a\n device ioctl to a SCSI device, related to an unaligned\n map. NOTE: this vulnerability exists because of an\n incomplete fix for CVE-2010-4163. (CVE-2010-4668)\n\n - Integer underflow in the irda_getsockopt function in\n net/irda/af_irda.c in the Linux kernel on platforms\n other than x86 allowed local users to obtain potentially\n sensitive information from kernel heap memory via an\n IRLMP_ENUMDEVICES getsockopt call. (CVE-2010-4529)\n\n - The aun_incoming function in net/econet/af_econet.c in\n the Linux kernel, when Econet is enabled, allows remote\n attackers to cause a denial of service (NULL pointer\n dereference and OOPS) by sending an Acorn Universal\n Networking (AUN) packet over UDP. (CVE-2010-4342)\n\n - The backend driver in Xen 3.x allowed guest OS users to\n cause a denial of service via a kernel thread leak,\n which prevented the device and guest OS from being shut\n down or create a zombie domain, causing a hang in\n zenwatch, or preventing unspecified xm commands from\n working properly, related to (1) netback, (2) blkback,\n or (3) blktap. (CVE-2010-3699)\n\n - The install_special_mapping function in mm/mmap.c in the\n Linux kernel did not make an expected security_file_mmap\n function call, which allows local users to bypass\n intended mmap_min_addr restrictions and possibly conduct\n NULL pointer dereference attacks via a crafted\n assembly-language application. (CVE-2010-4346)\n\n - Fixed a verify_ioctl overflow in 'cuse' in the fuse\n filesystem. The code should only be called by root users\n though. (CVE-2010-4650)\n\n - Race condition in the sctp_icmp_proto_unreachable\n function in net/sctp/input.c in the Linux kernel allowed\n remote attackers to cause a denial of service (panic)\n via an ICMP unreachable message to a socket that is\n already locked by a user, which causes the socket to be\n freed and triggers list corruption, related to the\n sctp_wait_for_connect function. (CVE-2010-4526)\n\n - The load_mixer_volumes function in sound/oss/soundcard.c\n in the OSS sound subsystem in the Linux kernel\n incorrectly expected that a certain name field ends with\n a '0' character, which allowed local users to conduct\n buffer overflow attacks and gain privileges, or possibly\n obtain sensitive information from kernel memory, via a\n SOUND_MIXER_SETLEVELS ioctl call. (CVE-2010-4527)\n\n - Fixed a LSM bug in IMA (Integrity Measuring\n Architecture). IMA is not enabled in SUSE kernels, so we\n were not affected. (CVE-2011-0006)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=466279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=552250\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=564423\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=602969\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=620929\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=622868\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=623393\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=625965\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=629170\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=630970\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=632317\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=633026\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=636435\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=638258\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=640850\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=642309\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=643266\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=643513\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=648647\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=648701\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=648916\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=649473\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=650067\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=650366\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=650748\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=651152\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=652391\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=655220\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=655278\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=655964\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=657248\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=657763\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=658037\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=658254\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=658337\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=658353\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=658461\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=658551\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=658720\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=659101\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=659394\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=659419\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=660546\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=661605\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=661945\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=662031\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=662192\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=662202\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=662212\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=662335\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=662340\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=662360\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=662673\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=662722\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=662800\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=662931\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=662945\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=663537\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=663582\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=663706\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=664149\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=664463\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=665480\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=665499\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=665524\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=665663\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=666012\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=666893\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=668545\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=668633\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=668929\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=670129\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=670577\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=670864\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=671256\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=671274\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=671483\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=672292\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=672492\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=672499\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=672524\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=674735\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2943.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3699.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3705.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3858.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3875.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3876.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3877.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4075.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4076.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4077.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4163.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4243.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4342.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4346.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4526.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4527.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4529.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4650.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4668.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0006.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0710.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0711.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0712.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Apply SAT patch number 4039 / 4042 / 4043 as appropriate.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:btrfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:btrfs-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:btrfs-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:hyper-v-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:hyper-v-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-desktop-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-pae-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-trace-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-xen-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/02/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/03/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"btrfs-kmp-default-0_2.6.32.29_0.3-0.3.34\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"btrfs-kmp-pae-0_2.6.32.29_0.3-0.3.34\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"btrfs-kmp-xen-0_2.6.32.29_0.3-0.3.34\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"hyper-v-kmp-default-0_2.6.32.29_0.3-0.10.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"hyper-v-kmp-pae-0_2.6.32.29_0.3-0.10.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"kernel-default-2.6.32.29-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"kernel-default-base-2.6.32.29-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"kernel-default-devel-2.6.32.29-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"kernel-default-extra-2.6.32.29-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"kernel-desktop-devel-2.6.32.29-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"kernel-pae-2.6.32.29-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"kernel-pae-base-2.6.32.29-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"kernel-pae-devel-2.6.32.29-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"kernel-pae-extra-2.6.32.29-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"kernel-source-2.6.32.29-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"kernel-syms-2.6.32.29-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"kernel-xen-2.6.32.29-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"kernel-xen-base-2.6.32.29-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"kernel-xen-devel-2.6.32.29-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"kernel-xen-extra-2.6.32.29-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"btrfs-kmp-default-0_2.6.32.29_0.3-0.3.34\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"btrfs-kmp-xen-0_2.6.32.29_0.3-0.3.34\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"hyper-v-kmp-default-0_2.6.32.29_0.3-0.10.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"kernel-default-2.6.32.29-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"kernel-default-base-2.6.32.29-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"kernel-default-devel-2.6.32.29-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"kernel-default-extra-2.6.32.29-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"kernel-desktop-devel-2.6.32.29-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"kernel-source-2.6.32.29-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"kernel-syms-2.6.32.29-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"kernel-xen-2.6.32.29-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"kernel-xen-base-2.6.32.29-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"kernel-xen-devel-2.6.32.29-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"kernel-xen-extra-2.6.32.29-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"btrfs-kmp-default-0_2.6.32.29_0.3-0.3.34\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"ext4dev-kmp-default-0_2.6.32.29_0.3-7.9.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"kernel-default-2.6.32.29-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"kernel-default-base-2.6.32.29-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"kernel-default-devel-2.6.32.29-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"kernel-source-2.6.32.29-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"kernel-syms-2.6.32.29-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"kernel-trace-2.6.32.29-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"kernel-trace-base-2.6.32.29-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"kernel-trace-devel-2.6.32.29-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"btrfs-kmp-pae-0_2.6.32.29_0.3-0.3.34\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"btrfs-kmp-xen-0_2.6.32.29_0.3-0.3.34\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"ext4dev-kmp-pae-0_2.6.32.29_0.3-7.9.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"ext4dev-kmp-xen-0_2.6.32.29_0.3-7.9.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"hyper-v-kmp-default-0_2.6.32.29_0.3-0.10.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"hyper-v-kmp-pae-0_2.6.32.29_0.3-0.10.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"kernel-ec2-2.6.32.29-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"kernel-ec2-base-2.6.32.29-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"kernel-pae-2.6.32.29-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"kernel-pae-base-2.6.32.29-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"kernel-pae-devel-2.6.32.29-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"kernel-xen-2.6.32.29-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"kernel-xen-base-2.6.32.29-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"kernel-xen-devel-2.6.32.29-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"kernel-default-man-2.6.32.29-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"btrfs-kmp-xen-0_2.6.32.29_0.3-0.3.34\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"ext4dev-kmp-xen-0_2.6.32.29_0.3-7.9.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"hyper-v-kmp-default-0_2.6.32.29_0.3-0.10.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"kernel-ec2-2.6.32.29-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"kernel-ec2-base-2.6.32.29-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"kernel-xen-2.6.32.29-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"kernel-xen-base-2.6.32.29-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"kernel-xen-devel-2.6.32.29-0.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T06:35:28", "description": "Thomas Pollet discovered that the RDS network protocol did not check\ncertain iovec buffers. A local attacker could exploit this to crash\nthe system or possibly execute arbitrary code as the root user.\n(CVE-2010-3865)\n\nDan Rosenberg discovered that the CAN protocol on 64bit systems did\nnot correctly calculate the size of certain buffers. A local attacker\ncould exploit this to crash the system or possibly execute arbitrary\ncode as the root user. (CVE-2010-3874)\n\nVasiliy Kulikov discovered that the Linux kernel X.25 implementation\ndid not correctly clear kernel memory. A local attacker could exploit\nthis to read kernel stack memory, leading to a loss of privacy.\n(CVE-2010-3875)\n\nVasiliy Kulikov discovered that the Linux kernel sockets\nimplementation did not properly initialize certain structures. A\nlocal attacker could exploit this to read kernel stack memory,\nleading to a loss of privacy. (CVE-2010-3876)\n\nVasiliy Kulikov discovered that the TIPC interface did not correctly\ninitialize certain structures. A local attacker could exploit this to\nread kernel stack memory, leading to a loss of privacy.\n(CVE-2010-3877)\n\nNelson Elhage discovered that the Linux kernel IPv4 implementation\ndid not properly audit certain bytecodes in netlink messages. A local\nattacker could exploit this to cause the kernel to hang, leading to a\ndenial of service. (CVE-2010-3880)\n\nDan Rosenberg discovered that the RME Hammerfall DSP audio interface\ndriver did not correctly clear kernel memory. A local attacker could\nexploit this to read kernel stack memory, leading to a loss of\nprivacy. (CVE-2010-4080, CVE-2010-4081)\n\nDan Rosenberg discovered that the VIA video driver did not correctly\nclear kernel memory. A local attacker could exploit this to read\nkernel stack memory, leading to a loss of privacy. (CVE-2010-4082)\n\nDan Rosenberg discovered that the semctl syscall did not correctly\nclear kernel memory. A local attacker could exploit this to read\nkernel stack memory, leading to a loss of privacy. (CVE-2010-4083)\n\nJames Bottomley discovered that the ICP vortex storage array\ncontroller driver did not validate certain sizes. A local attacker on\na 64bit system could exploit this to crash the kernel, leading to a\ndenial of service. (CVE-2010-4157)\n\nDan Rosenberg discovered multiple flaws in the X.25 facilities\nparsing. If a system was using X.25, a remote attacker could exploit\nthis to crash the system, leading to a denial of service.\n(CVE-2010-4164)\n\nIt was discovered that multithreaded exec did not handle CPU timers\ncorrectly. A local attacker could exploit this to crash the system,\nleading to a denial of service. (CVE-2010-4248)\n\nNelson Elhage discovered that the kernel did not correctly handle\nprocess cleanup after triggering a recoverable kernel bug. If a local\nattacker were able to trigger certain kinds of kernel bugs, they\ncould create a specially crafted process to gain root privileges.\n(CVE-2010-4258)\n\nNelson Elhage discovered that Econet did not correctly handle AUN\npackets over UDP. A local attacker could send specially crafted\ntraffic to crash the system, leading to a denial of service.\n(CVE-2010-4342)\n\nTavis Ormandy discovered that the install_special_mapping function\ncould bypass the mmap_min_addr restriction. A local attacker could\nexploit this to mmap 4096 bytes below the mmap_min_addr area,\npossibly improving the chances of performing NULL pointer dereference\nattacks. (CVE-2010-4346)\n\nDan Rosenberg discovered that the OSS subsystem did not handle name\ntermination correctly. A local attacker could exploit this crash the\nsystem or gain root privileges. (CVE-2010-4527)\n\nDan Rosenberg discovered that IRDA did not correctly check the size\nof buffers. On non-x86 systems, a local attacker could exploit this\nto read kernel heap memory, leading to a loss of privacy.\n(CVE-2010-4529)\n\nDan Rosenburg discovered that the CAN subsystem leaked kernel\naddresses into the /proc filesystem. A local attacker could use this\nto increase the chances of a successful memory corruption exploit.\n(CVE-2010-4565)\n\nKees Cook discovered that some ethtool functions did not correctly\nclear heap memory. A local attacker with CAP_NET_ADMIN privileges\ncould exploit this to read portions of kernel heap memory, leading to\na loss of privacy. (CVE-2010-4655)\n\nKees Cook discovered that the IOWarrior USB device driver did not\ncorrectly check certain size fields. A local attacker with physical\naccess could plug in a specially crafted USB device to crash the\nsystem or potentially gain root privileges. (CVE-2010-4656)\n\nGoldwyn Rodrigues discovered that the OCFS2 filesystem did not\ncorrectly clear memory when writing certain file holes. A local\nattacker could exploit this to read uninitialized data from the disk,\nleading to a loss of privacy. (CVE-2011-0463)\n\nDan Carpenter discovered that the TTPCI DVB driver did not check\ncertain values during an ioctl. If the dvb-ttpci module was loaded, a\nlocal attacker could exploit this to crash the system, leading to a\ndenial of service, or possibly gain root privileges. (CVE-2011-0521)\n\nJens Kuehnel discovered that the InfiniBand driver contained a race\ncondition. On systems using InfiniBand, a local attacker could send\nspecially crafted requests to crash the system, leading to a denial\nof service. (CVE-2011-0695)\n\nDan Rosenberg discovered that XFS did not correctly initialize\nmemory. A local attacker could make crafted ioctl calls to leak\nportions of kernel stack memory, leading to a loss of privacy.\n(CVE-2011-0711)\n\nRafael Dominguez Vega discovered that the caiaq Native Instruments\nUSB driver did not correctly validate string lengths. A local\nattacker with physical access could plug in a specially crafted USB\ndevice to crash the system or potentially gain root privileges.\n(CVE-2011-0712)\n\nTimo Warns discovered that the LDM disk partition handling code did\nnot correctly handle certain values. By inserting a specially crafted\ndisk device, a local attacker could exploit this to gain root\nprivileges. (CVE-2011-1017)\n\nJulien Tinnes discovered that the kernel did not correctly validate\nthe signal structure from tkill(). A local attacker could exploit\nthis to send signals to arbitrary threads, possibly bypassing\nexpected restrictions. (CVE-2011-1182)\n\nDan Rosenberg discovered that MPT devices did not correctly validate\ncertain values in ioctl calls. If these drivers were loaded, a local\nattacker could exploit this to read arbitrary kernel memory, leading\nto a loss of privacy. (CVE-2011-1494, CVE-2011-1495)\n\nTavis Ormandy discovered that the pidmap function did not correctly\nhandle large requests. A local attacker could exploit this to crash\nthe system, leading to a denial of service. (CVE-2011-1593)\n\nVasiliy Kulikov discovered that the AGP driver did not check certain\nioctl values. A local attacker with access to the video subsystem\ncould exploit this to crash the system, leading to a denial of\nservice, or possibly gain root privileges. (CVE-2011-1745,\nCVE-2011-2022)\n\nVasiliy Kulikov discovered that the AGP driver did not check the size\nof certain memory allocations. A local attacker with access to the\nvideo subsystem could exploit this to run the system out of memory,\nleading to a denial of service. (CVE-2011-1746, CVE-2011-1747)\n\nOliver Hartkopp and Dave Jones discovered that the CAN network driver\ndid not correctly validate certain socket structures. If this driver\nwas loaded, a local attacker could crash the system, leading to a\ndenial of service. (CVE-2011-1748)", "edition": 23, "published": "2011-07-07T00:00:00", "title": "USN-1164-1 : linux-fsl-imx51 vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1017", "CVE-2011-0521", "CVE-2010-4081", "CVE-2010-3865", "CVE-2010-4529", "CVE-2010-4346", "CVE-2011-1746", "CVE-2011-0695", "CVE-2010-4527", "CVE-2010-4083", "CVE-2010-4082", "CVE-2011-1494", "CVE-2010-4080", "CVE-2010-3877", "CVE-2010-3875", "CVE-2010-4656", "CVE-2010-3876", "CVE-2011-0463", "CVE-2011-0711", "CVE-2011-2022", "CVE-2010-4258", "CVE-2011-0712", "CVE-2011-1747", "CVE-2010-4248", "CVE-2011-1495", "CVE-2010-3880", "CVE-2010-3874", "CVE-2010-4157", "CVE-2010-4342", "CVE-2011-1593", "CVE-2011-1748", "CVE-2010-4164", "CVE-2011-1745", "CVE-2011-1182", "CVE-2010-4565", "CVE-2010-4655"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux"], "id": "UBUNTU_USN-1164-1.NASL", "href": "https://www.tenable.com/plugins/nessus/55530", "sourceData": "# This script was automatically generated from Ubuntu Security\n# Notice USN-1164-1. It is released under the Nessus Script \n# Licence.\n#\n# Ubuntu Security Notices are (C) Canonical, Inc.\n# See http://www.ubuntu.com/usn/\n# Ubuntu(R) is a registered trademark of Canonical, Inc.\n\nif (!defined_func(\"bn_random\")) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55530);\n script_version(\"$Revision: 1.5 $\");\n script_cvs_date(\"$Date: 2016/12/01 20:56:51 $\");\n\n script_cve_id(\"CVE-2010-3865\", \"CVE-2010-3874\", \"CVE-2010-3875\", \"CVE-2010-3876\", \"CVE-2010-3877\", \"CVE-2010-3880\", \"CVE-2010-4080\", \"CVE-2010-4081\", \"CVE-2010-4082\", \"CVE-2010-4083\", \"CVE-2010-4157\", \"CVE-2010-4164\", \"CVE-2010-4248\", \"CVE-2010-4258\", \"CVE-2010-4342\", \"CVE-2010-4346\", \"CVE-2010-4527\", \"CVE-2010-4529\", \"CVE-2010-4565\", \"CVE-2010-4655\", \"CVE-2010-4656\", \"CVE-2011-0463\", \"CVE-2011-0521\", \"CVE-2011-0695\", \"CVE-2011-0711\", \"CVE-2011-0712\", \"CVE-2011-1017\", \"CVE-2011-1182\", \"CVE-2011-1494\", \"CVE-2011-1495\", \"CVE-2011-1593\", \"CVE-2011-1745\", \"CVE-2011-1746\", \"CVE-2011-1747\", \"CVE-2011-1748\", \"CVE-2011-2022\");\n script_xref(name:\"USN\", value:\"1164-1\");\n\n script_name(english:\"USN-1164-1 : linux-fsl-imx51 vulnerabilities\");\n script_summary(english:\"Checks dpkg output for updated package(s)\");\n\n script_set_attribute(attribute:\"synopsis\", value: \n\"The remote Ubuntu host is missing one or more security-related\npatches.\");\n script_set_attribute(attribute:\"description\", value:\n\"Thomas Pollet discovered that the RDS network protocol did not check\ncertain iovec buffers. A local attacker could exploit this to crash\nthe system or possibly execute arbitrary code as the root user.\n(CVE-2010-3865)\n\nDan Rosenberg discovered that the CAN protocol on 64bit systems did\nnot correctly calculate the size of certain buffers. A local attacker\ncould exploit this to crash the system or possibly execute arbitrary\ncode as the root user. (CVE-2010-3874)\n\nVasiliy Kulikov discovered that the Linux kernel X.25 implementation\ndid not correctly clear kernel memory. A local attacker could exploit\nthis to read kernel stack memory, leading to a loss of privacy.\n(CVE-2010-3875)\n\nVasiliy Kulikov discovered that the Linux kernel sockets\nimplementation did not properly initialize certain structures. A\nlocal attacker could exploit this to read kernel stack memory,\nleading to a loss of privacy. (CVE-2010-3876)\n\nVasiliy Kulikov discovered that the TIPC interface did not correctly\ninitialize certain structures. A local attacker could exploit this to\nread kernel stack memory, leading to a loss of privacy.\n(CVE-2010-3877)\n\nNelson Elhage discovered that the Linux kernel IPv4 implementation\ndid not properly audit certain bytecodes in netlink messages. A local\nattacker could exploit this to cause the kernel to hang, leading to a\ndenial of service. (CVE-2010-3880)\n\nDan Rosenberg discovered that the RME Hammerfall DSP audio interface\ndriver did not correctly clear kernel memory. A local attacker could\nexploit this to read kernel stack memory, leading to a loss of\nprivacy. (CVE-2010-4080, CVE-2010-4081)\n\nDan Rosenberg discovered that the VIA video driver did not correctly\nclear kernel memory. A local attacker could exploit this to read\nkernel stack memory, leading to a loss of privacy. (CVE-2010-4082)\n\nDan Rosenberg discovered that the semctl syscall did not correctly\nclear kernel memory. A local attacker could exploit this to read\nkernel stack memory, leading to a loss of privacy. (CVE-2010-4083)\n\nJames Bottomley discovered that the ICP vortex storage array\ncontroller driver did not validate certain sizes. A local attacker on\na 64bit system could exploit this to crash the kernel, leading to a\ndenial of service. (CVE-2010-4157)\n\nDan Rosenberg discovered multiple flaws in the X.25 facilities\nparsing. If a system was using X.25, a remote attacker could exploit\nthis to crash the system, leading to a denial of service.\n(CVE-2010-4164)\n\nIt was discovered that multithreaded exec did not handle CPU timers\ncorrectly. A local attacker could exploit this to crash the system,\nleading to a denial of service. (CVE-2010-4248)\n\nNelson Elhage discovered that the kernel did not correctly handle\nprocess cleanup after triggering a recoverable kernel bug. If a local\nattacker were able to trigger certain kinds of kernel bugs, they\ncould create a specially crafted process to gain root privileges.\n(CVE-2010-4258)\n\nNelson Elhage discovered that Econet did not correctly handle AUN\npackets over UDP. A local attacker could send specially crafted\ntraffic to crash the system, leading to a denial of service.\n(CVE-2010-4342)\n\nTavis Ormandy discovered that the install_special_mapping function\ncould bypass the mmap_min_addr restriction. A local attacker could\nexploit this to mmap 4096 bytes below the mmap_min_addr area,\npossibly improving the chances of performing NULL pointer dereference\nattacks. (CVE-2010-4346)\n\nDan Rosenberg discovered that the OSS subsystem did not handle name\ntermination correctly. A local attacker could exploit this crash the\nsystem or gain root privileges. (CVE-2010-4527)\n\nDan Rosenberg discovered that IRDA did not correctly check the size\nof buffers. On non-x86 systems, a local attacker could exploit this\nto read kernel heap memory, leading to a loss of privacy.\n(CVE-2010-4529)\n\nDan Rosenburg discovered that the CAN subsystem leaked kernel\naddresses into the /proc filesystem. A local attacker could use this\nto increase the chances of a successful memory corruption exploit.\n(CVE-2010-4565)\n\nKees Cook discovered that some ethtool functions did not correctly\nclear heap memory. A local attacker with CAP_NET_ADMIN privileges\ncould exploit this to read portions of kernel heap memory, leading to\na loss of privacy. (CVE-2010-4655)\n\nKees Cook discovered that the IOWarrior USB device driver did not\ncorrectly check certain size fields. A local attacker with physical\naccess could plug in a specially crafted USB device to crash the\nsystem or potentially gain root privileges. (CVE-2010-4656)\n\nGoldwyn Rodrigues discovered that the OCFS2 filesystem did not\ncorrectly clear memory when writing certain file holes. A local\nattacker could exploit this to read uninitialized data from the disk,\nleading to a loss of privacy. (CVE-2011-0463)\n\nDan Carpenter discovered that the TTPCI DVB driver did not check\ncertain values during an ioctl. If the dvb-ttpci module was loaded, a\nlocal attacker could exploit this to crash the system, leading to a\ndenial of service, or possibly gain root privileges. (CVE-2011-0521)\n\nJens Kuehnel discovered that the InfiniBand driver contained a race\ncondition. On systems using InfiniBand, a local attacker could send\nspecially crafted requests to crash the system, leading to a denial\nof service. (CVE-2011-0695)\n\nDan Rosenberg discovered that XFS did not correctly initialize\nmemory. A local attacker could make crafted ioctl calls to leak\nportions of kernel stack memory, leading to a loss of privacy.\n(CVE-2011-0711)\n\nRafael Dominguez Vega discovered that the caiaq Native Instruments\nUSB driver did not correctly validate string lengths. A local\nattacker with physical access could plug in a specially crafted USB\ndevice to crash the system or potentially gain root privileges.\n(CVE-2011-0712)\n\nTimo Warns discovered that the LDM disk partition handling code did\nnot correctly handle certain values. By inserting a specially crafted\ndisk device, a local attacker could exploit this to gain root\nprivileges. (CVE-2011-1017)\n\nJulien Tinnes discovered that the kernel did not correctly validate\nthe signal structure from tkill(). A local attacker could exploit\nthis to send signals to arbitrary threads, possibly bypassing\nexpected restrictions. (CVE-2011-1182)\n\nDan Rosenberg discovered that MPT devices did not correctly validate\ncertain values in ioctl calls. If these drivers were loaded, a local\nattacker could exploit this to read arbitrary kernel memory, leading\nto a loss of privacy. (CVE-2011-1494, CVE-2011-1495)\n\nTavis Ormandy discovered that the pidmap function did not correctly\nhandle large requests. A local attacker could exploit this to crash\nthe system, leading to a denial of service. (CVE-2011-1593)\n\nVasiliy Kulikov discovered that the AGP driver did not check certain\nioctl values. A local attacker with access to the video subsystem\ncould exploit this to crash the system, leading to a denial of\nservice, or possibly gain root privileges. (CVE-2011-1745,\nCVE-2011-2022)\n\nVasiliy Kulikov discovered that the AGP driver did not check the size\nof certain memory allocations. A local attacker with access to the\nvideo subsystem could exploit this to run the system out of memory,\nleading to a denial of service. (CVE-2011-1746, CVE-2011-1747)\n\nOliver Hartkopp and Dave Jones discovered that the CAN network driver\ndid not correctly validate certain socket structures. If this driver\nwas loaded, a local attacker could crash the system, leading to a\ndenial of service. (CVE-2011-1748)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.ubuntu.com/usn/usn-1164-1/\");\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package(s).\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/06\");\n\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2011/07/07\");\n script_end_attributes();\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(\"Ubuntu Security Notice (C) 2011 Canonical, Inc. / NASL script (C) 2011-2016 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude(\"ubuntu.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/Ubuntu/release\")) exit(0, \"The host is not running Ubuntu.\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) exit(1, \"Could not obtain the list of installed packages.\");\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.31-609-imx51\", pkgver:\"2.6.31-609.26\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:ubuntu_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "cve": [{"lastseen": "2020-12-09T19:34:44", "description": "Integer underflow in the irda_getsockopt function in net/irda/af_irda.c in the Linux kernel before 2.6.37 on platforms other than x86 allows local users to obtain potentially sensitive information from kernel heap memory via an IRLMP_ENUMDEVICES getsockopt call.", "edition": 6, "cvss3": {}, "published": "2011-01-13T19:00:00", "title": "CVE-2010-4529", "type": "cve", "cwe": ["CWE-191"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-4529"], "modified": "2020-08-07T19:27:00", "cpe": [], "id": "CVE-2010-4529", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4529", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": []}, {"lastseen": "2020-12-09T19:34:44", "description": "The load_mixer_volumes function in sound/oss/soundcard.c in the OSS sound subsystem in the Linux kernel before 2.6.37 incorrectly expects that a certain name field ends with a '\\0' character, which allows local users to conduct buffer overflow attacks and gain privileges, or possibly obtain sensitive information from kernel memory, via a SOUND_MIXER_SETLEVELS ioctl call.", "edition": 6, "cvss3": {}, "published": "2011-01-13T19:00:00", "title": "CVE-2010-4527", "type": "cve", "cwe": ["CWE-120"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-4527"], "modified": "2020-08-10T13:17:00", "cpe": [], "id": "CVE-2010-4527", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4527", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": []}, {"lastseen": "2020-12-09T19:34:44", "description": "The aun_incoming function in net/econet/af_econet.c in the Linux kernel before 2.6.37-rc6, when Econet is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by sending an Acorn Universal Networking (AUN) packet over UDP.", "edition": 6, "cvss3": {}, "published": "2010-12-30T19:00:00", "title": "CVE-2010-4342", "type": "cve", "cwe": ["CWE-476"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-4342"], "modified": "2020-08-11T14:33:00", "cpe": ["cpe:/o:linux:linux_kernel:2.6.37", "cpe:/o:suse:linux_enterprise_server:9"], "id": "CVE-2010-4342", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4342", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:2.6.37:rc4:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.37:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.37:-:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.37:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.37:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.37:rc3:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:39:04", "description": "The dvb_ca_ioctl function in drivers/media/dvb/ttpci/av7110_ca.c in the Linux kernel before 2.6.38-rc2 does not check the sign of a certain integer field, which allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a negative value.", "edition": 6, "cvss3": {}, "published": "2011-02-02T23:00:00", "title": "CVE-2011-0521", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-0521"], "modified": "2020-08-12T14:39:00", "cpe": ["cpe:/o:linux:linux_kernel:2.6.38"], "id": "CVE-2011-0521", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0521", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:2.6.38:-:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.38:rc1:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:39:04", "description": "The xfs_fs_geometry function in fs/xfs/xfs_fsops.c in the Linux kernel before 2.6.38-rc6-git3 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an FSGEOMETRY_V1 ioctl call.", "edition": 6, "cvss3": {}, "published": "2011-03-01T23:00:00", "title": "CVE-2011-0711", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-0711"], "modified": "2020-08-07T14:48:00", "cpe": ["cpe:/o:redhat:enterprise_linux_desktop:5.0", "cpe:/o:redhat:enterprise_linux_workstation:5.0", "cpe:/o:linux:linux_kernel:2.6.38", "cpe:/o:redhat:enterprise_linux_server_aus:5.6", "cpe:/o:redhat:enterprise_linux_server_eus:5.6", "cpe:/o:redhat:enterprise_linux_server:5.0"], "id": "CVE-2011-0711", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0711", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:2.6.38:rc2:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:5.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.38:rc3:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.38:-:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.38:rc1:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:5.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.38:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.38:rc5:*:*:*:*:*:*"]}], "ubuntu": [{"lastseen": "2020-08-13T19:51:11", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0521", "CVE-2010-4529", "CVE-2010-4527", "CVE-2010-4342"], "description": "Nelson Elhage discovered that Econet did not correctly handle AUN packets \nover UDP. A local attacker could send specially crafted traffic to crash \nthe system, leading to a denial of service. (CVE-2010-4342)\n\nDan Rosenberg discovered that the OSS subsystem did not handle name \ntermination correctly. A local attacker could exploit this crash the system \nor gain root privileges. (CVE-2010-4527)\n\nDan Rosenberg discovered that IRDA did not correctly check the size of \nbuffers. On non-x86 systems, a local attacker could exploit this to read \nkernel heap memory, leading to a loss of privacy. (CVE-2010-4529)\n\nDan Carpenter discovered that the TTPCI DVB driver did not check certain \nvalues during an ioctl. If the dvb-ttpci module was loaded, a local \nattacker could exploit this to crash the system, leading to a denial of \nservice, or possibly gain root privileges. (CVE-2011-0521)", "edition": 6, "modified": "2011-05-24T00:00:00", "published": "2011-05-24T00:00:00", "id": "USN-1133-1", "href": "https://ubuntu.com/security/notices/USN-1133-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-09T00:27:28", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1017", "CVE-2011-0521", "CVE-2010-4529", "CVE-2011-0695", "CVE-2010-4527", "CVE-2010-4258", "CVE-2010-4249", "CVE-2010-4342", "CVE-2010-4164"], "description": "Dan Rosenberg discovered multiple flaws in the X.25 facilities parsing. If \na system was using X.25, a remote attacker could exploit this to crash the \nsystem, leading to a denial of service. (CVE-2010-4164)\n\nVegard Nossum discovered that memory garbage collection was not handled \ncorrectly for active sockets. A local attacker could exploit this to \nallocate all available kernel memory, leading to a denial of service. \n(CVE-2010-4249)\n\nNelson Elhage discovered that the kernel did not correctly handle process \ncleanup after triggering a recoverable kernel bug. If a local attacker were \nable to trigger certain kinds of kernel bugs, they could create a specially \ncrafted process to gain root privileges. (CVE-2010-4258)\n\nNelson Elhage discovered that Econet did not correctly handle AUN packets \nover UDP. A local attacker could send specially crafted traffic to crash \nthe system, leading to a denial of service. (CVE-2010-4342)\n\nDan Rosenberg discovered that the OSS subsystem did not handle name \ntermination correctly. A local attacker could exploit this crash the system \nor gain root privileges. (CVE-2010-4527)\n\nDan Rosenberg discovered that IRDA did not correctly check the size of \nbuffers. On non-x86 systems, a local attacker could exploit this to read \nkernel heap memory, leading to a loss of privacy. (CVE-2010-4529)\n\nDan Carpenter discovered that the TTPCI DVB driver did not check certain \nvalues during an ioctl. If the dvb-ttpci module was loaded, a local \nattacker could exploit this to crash the system, leading to a denial of \nservice, or possibly gain root privileges. (CVE-2011-0521)\n\nJens Kuehnel discovered that the InfiniBand driver contained a race \ncondition. On systems using InfiniBand, a local attacker could send \nspecially crafted requests to crash the system, leading to a denial of \nservice. (CVE-2011-0695)\n\nTimo Warns discovered that the LDM disk partition handling code did not \ncorrectly handle certain values. By inserting a specially crafted disk \ndevice, a local attacker could exploit this to gain root privileges. \n(CVE-2011-1017)", "edition": 5, "modified": "2011-05-05T00:00:00", "published": "2011-05-05T00:00:00", "id": "USN-1111-1", "href": "https://ubuntu.com/security/notices/USN-1111-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-07-08T23:29:47", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1017", "CVE-2011-0521", "CVE-2010-4081", "CVE-2010-3865", "CVE-2010-4529", "CVE-2010-4346", "CVE-2011-1746", "CVE-2011-0695", "CVE-2010-4527", "CVE-2010-4083", "CVE-2010-4082", "CVE-2011-1494", "CVE-2010-4080", "CVE-2010-3877", "CVE-2010-3875", "CVE-2010-4656", "CVE-2010-3876", "CVE-2011-0463", "CVE-2011-0711", "CVE-2011-2022", "CVE-2010-4258", "CVE-2011-0712", "CVE-2010-4248", "CVE-2011-1495", "CVE-2010-3880", "CVE-2010-3874", "CVE-2010-4157", "CVE-2010-4342", "CVE-2011-1593", "CVE-2011-1748", "CVE-2010-4164", "CVE-2010-3873", "CVE-2011-1745", "CVE-2011-1182", "CVE-2010-4565", "CVE-2010-4655"], "description": "Thomas Pollet discovered that the RDS network protocol did not check \ncertain iovec buffers. A local attacker could exploit this to crash the \nsystem or possibly execute arbitrary code as the root user. (CVE-2010-3865)\n\nDan Rosenberg discovered that the Linux kernel X.25 implementation \nincorrectly parsed facilities. A remote attacker could exploit this to \ncrash the kernel, leading to a denial of service. (CVE-2010-3873)\n\nDan Rosenberg discovered that the CAN protocol on 64bit systems did not \ncorrectly calculate the size of certain buffers. A local attacker could \nexploit this to crash the system or possibly execute arbitrary code as the \nroot user. (CVE-2010-3874)\n\nVasiliy Kulikov discovered that the Linux kernel X.25 implementation did \nnot correctly clear kernel memory. A local attacker could exploit this to \nread kernel stack memory, leading to a loss of privacy. (CVE-2010-3875)\n\nVasiliy Kulikov discovered that the Linux kernel sockets implementation did \nnot properly initialize certain structures. A local attacker could exploit \nthis to read kernel stack memory, leading to a loss of privacy. \n(CVE-2010-3876)\n\nVasiliy Kulikov discovered that the TIPC interface did not correctly \ninitialize certain structures. A local attacker could exploit this to read \nkernel stack memory, leading to a loss of privacy. (CVE-2010-3877)\n\nNelson Elhage discovered that the Linux kernel IPv4 implementation did not \nproperly audit certain bytecodes in netlink messages. A local attacker \ncould exploit this to cause the kernel to hang, leading to a denial of \nservice. (CVE-2010-3880)\n\nDan Rosenberg discovered that the RME Hammerfall DSP audio interface driver \ndid not correctly clear kernel memory. A local attacker could exploit this \nto read kernel stack memory, leading to a loss of privacy. (CVE-2010-4080, \nCVE-2010-4081)\n\nDan Rosenberg discovered that the VIA video driver did not correctly clear \nkernel memory. A local attacker could exploit this to read kernel stack \nmemory, leading to a loss of privacy. (CVE-2010-4082)\n\nDan Rosenberg discovered that the semctl syscall did not correctly clear \nkernel memory. A local attacker could exploit this to read kernel stack \nmemory, leading to a loss of privacy. (CVE-2010-4083)\n\nJames Bottomley discovered that the ICP vortex storage array controller \ndriver did not validate certain sizes. A local attacker on a 64bit system \ncould exploit this to crash the kernel, leading to a denial of service. \n(CVE-2010-4157)\n\nDan Rosenberg discovered multiple flaws in the X.25 facilities parsing. If \na system was using X.25, a remote attacker could exploit this to crash the \nsystem, leading to a denial of service. (CVE-2010-4164)\n\nIt was discovered that multithreaded exec did not handle CPU timers \ncorrectly. A local attacker could exploit this to crash the system, leading \nto a denial of service. (CVE-2010-4248)\n\nNelson Elhage discovered that the kernel did not correctly handle process \ncleanup after triggering a recoverable kernel bug. If a local attacker were \nable to trigger certain kinds of kernel bugs, they could create a specially \ncrafted process to gain root privileges. (CVE-2010-4258)\n\nNelson Elhage discovered that Econet did not correctly handle AUN packets \nover UDP. A local attacker could send specially crafted traffic to crash \nthe system, leading to a denial of service. (CVE-2010-4342)\n\nTavis Ormandy discovered that the install_special_mapping function could \nbypass the mmap_min_addr restriction. A local attacker could exploit this \nto mmap 4096 bytes below the mmap_min_addr area, possibly improving the \nchances of performing NULL pointer dereference attacks. (CVE-2010-4346)\n\nDan Rosenberg discovered that the OSS subsystem did not handle name \ntermination correctly. A local attacker could exploit this crash the system \nor gain root privileges. (CVE-2010-4527)\n\nDan Rosenberg discovered that IRDA did not correctly check the size of \nbuffers. On non-x86 systems, a local attacker could exploit this to read \nkernel heap memory, leading to a loss of privacy. (CVE-2010-4529)\n\nDan Rosenburg discovered that the CAN subsystem leaked kernel addresses \ninto the /proc filesystem. A local attacker could use this to increase the \nchances of a successful memory corruption exploit. (CVE-2010-4565)\n\nKees Cook discovered that some ethtool functions did not correctly clear \nheap memory. A local attacker with CAP_NET_ADMIN privileges could exploit \nthis to read portions of kernel heap memory, leading to a loss of privacy. \n(CVE-2010-4655)\n\nKees Cook discovered that the IOWarrior USB device driver did not correctly \ncheck certain size fields. A local attacker with physical access could plug \nin a specially crafted USB device to crash the system or potentially gain \nroot privileges. (CVE-2010-4656)\n\nGoldwyn Rodrigues discovered that the OCFS2 filesystem did not correctly \nclear memory when writing certain file holes. A local attacker could \nexploit this to read uninitialized data from the disk, leading to a loss of \nprivacy. (CVE-2011-0463)\n\nDan Carpenter discovered that the TTPCI DVB driver did not check certain \nvalues during an ioctl. If the dvb-ttpci module was loaded, a local \nattacker could exploit this to crash the system, leading to a denial of \nservice, or possibly gain root privileges. (CVE-2011-0521)\n\nJens Kuehnel discovered that the InfiniBand driver contained a race \ncondition. On systems using InfiniBand, a local attacker could send \nspecially crafted requests to crash the system, leading to a denial of \nservice. (CVE-2011-0695)\n\nDan Rosenberg discovered that XFS did not correctly initialize memory. A \nlocal attacker could make crafted ioctl calls to leak portions of kernel \nstack memory, leading to a loss of privacy. (CVE-2011-0711)\n\nRafael Dominguez Vega discovered that the caiaq Native Instruments USB \ndriver did not correctly validate string lengths. A local attacker with \nphysical access could plug in a specially crafted USB device to crash the \nsystem or potentially gain root privileges. (CVE-2011-0712)\n\nTimo Warns discovered that the LDM disk partition handling code did not \ncorrectly handle certain values. By inserting a specially crafted disk \ndevice, a local attacker could exploit this to gain root privileges. \n(CVE-2011-1017)\n\nJulien Tinnes discovered that the kernel did not correctly validate the \nsignal structure from tkill(). A local attacker could exploit this to send \nsignals to arbitrary threads, possibly bypassing expected restrictions. \n(CVE-2011-1182)\n\nDan Rosenberg discovered that MPT devices did not correctly validate \ncertain values in ioctl calls. If these drivers were loaded, a local \nattacker could exploit this to read arbitrary kernel memory, leading to a \nloss of privacy. (CVE-2011-1494, CVE-2011-1495)\n\nTavis Ormandy discovered that the pidmap function did not correctly handle \nlarge requests. A local attacker could exploit this to crash the system, \nleading to a denial of service. (CVE-2011-1593)\n\nVasiliy Kulikov discovered that the AGP driver did not check certain ioctl \nvalues. A local attacker with access to the video subsystem could exploit \nthis to crash the system, leading to a denial of service, or possibly gain \nroot privileges. (CVE-2011-1745, CVE-2011-2022)\n\nVasiliy Kulikov discovered that the AGP driver did not check the size of \ncertain memory allocations. A local attacker with access to the video \nsubsystem could exploit this to run the system out of memory, leading to a \ndenial of service. (CVE-2011-1746)\n\nOliver Hartkopp and Dave Jones discovered that the CAN network driver did \nnot correctly validate certain socket structures. If this driver was \nloaded, a local attacker could crash the system, leading to a denial of \nservice. (CVE-2011-1748)", "edition": 5, "modified": "2011-07-06T00:00:00", "published": "2011-07-06T00:00:00", "id": "USN-1164-1", "href": "https://ubuntu.com/security/notices/USN-1164-1", "title": "Linux kernel vulnerabilities (i.MX51)", "type": "ubuntu", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-08-08T14:07:56", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0521", "CVE-2010-4529", "CVE-2011-1476", "CVE-2011-0695", "CVE-2011-1160", "CVE-2011-1078", "CVE-2011-1478", "CVE-2011-1012", "CVE-2011-1573", "CVE-2011-1173", "CVE-2010-4656", "CVE-2011-0463", "CVE-2011-4611", "CVE-2011-0711", "CVE-2010-4263", "CVE-2011-1180", "CVE-2011-3359", "CVE-2011-1079", "CVE-2011-0712", "CVE-2011-1019", "CVE-2010-4243", "CVE-2011-4913", "CVE-2011-1013", "CVE-2010-4342", "CVE-2011-1093", "CVE-2011-1010", "CVE-2011-1016", "CVE-2011-1170", "CVE-2011-1172", "CVE-2011-1171", "CVE-2011-1082", "CVE-2011-1477", "CVE-2011-2534", "CVE-2011-0726", "CVE-2011-1182", "CVE-2010-4565", "CVE-2011-1080"], "description": "Brad Spengler discovered that the kernel did not correctly account for \nuserspace memory allocations during exec() calls. A local attacker could \nexploit this to consume all system memory, leading to a denial of service. \n(CVE-2010-4243)\n\nAlexander Duyck discovered that the Intel Gigabit Ethernet driver did not \ncorrectly handle certain configurations. If such a device was configured \nwithout VLANs, a remote attacker could crash the system, leading to a \ndenial of service. (CVE-2010-4263)\n\nNelson Elhage discovered that Econet did not correctly handle AUN packets \nover UDP. A local attacker could send specially crafted traffic to crash \nthe system, leading to a denial of service. (CVE-2010-4342)\n\nDan Rosenberg discovered that IRDA did not correctly check the size of \nbuffers. On non-x86 systems, a local attacker could exploit this to read \nkernel heap memory, leading to a loss of privacy. (CVE-2010-4529)\n\nDan Rosenburg discovered that the CAN subsystem leaked kernel addresses \ninto the /proc filesystem. A local attacker could use this to increase the \nchances of a successful memory corruption exploit. (CVE-2010-4565)\n\nKees Cook discovered that the IOWarrior USB device driver did not correctly \ncheck certain size fields. A local attacker with physical access could plug \nin a specially crafted USB device to crash the system or potentially gain \nroot privileges. (CVE-2010-4656)\n\nGoldwyn Rodrigues discovered that the OCFS2 filesystem did not correctly \nclear memory when writing certain file holes. A local attacker could \nexploit this to read uninitialized data from the disk, leading to a loss of \nprivacy. (CVE-2011-0463)\n\nDan Carpenter discovered that the TTPCI DVB driver did not check certain \nvalues during an ioctl. If the dvb-ttpci module was loaded, a local \nattacker could exploit this to crash the system, leading to a denial of \nservice, or possibly gain root privileges. (CVE-2011-0521)\n\nJens Kuehnel discovered that the InfiniBand driver contained a race \ncondition. On systems using InfiniBand, a local attacker could send \nspecially crafted requests to crash the system, leading to a denial of \nservice. (CVE-2011-0695)\n\nDan Rosenberg discovered that XFS did not correctly initialize memory. A \nlocal attacker could make crafted ioctl calls to leak portions of kernel \nstack memory, leading to a loss of privacy. (CVE-2011-0711)\n\nRafael Dominguez Vega discovered that the caiaq Native Instruments USB \ndriver did not correctly validate string lengths. A local attacker with \nphysical access could plug in a specially crafted USB device to crash the \nsystem or potentially gain root privileges. (CVE-2011-0712)\n\nKees Cook reported that /proc/pid/stat did not correctly filter certain \nmemory locations. A local attacker could determine the memory layout of \nprocesses in an attempt to increase the chances of a successful memory \ncorruption exploit. (CVE-2011-0726)\n\nTimo Warns discovered that MAC partition parsing routines did not correctly \ncalculate block counts. A local attacker with physical access could plug in \na specially crafted block device to crash the system or potentially gain \nroot privileges. (CVE-2011-1010)\n\nTimo Warns discovered that LDM partition parsing routines did not correctly \ncalculate block counts. A local attacker with physical access could plug in \na specially crafted block device to crash the system, leading to a denial \nof service. (CVE-2011-1012)\n\nMatthiew Herrb discovered that the drm modeset interface did not correctly \nhandle a signed comparison. A local attacker could exploit this to crash \nthe system or possibly gain root privileges. (CVE-2011-1013)\n\nMarek Ol\u0161\u00e1k discovered that the Radeon GPU drivers did not correctly \nvalidate certain registers. On systems with specific hardware, a local \nattacker could exploit this to write to arbitrary video memory. \n(CVE-2011-1016)\n\nVasiliy Kulikov discovered that the CAP_SYS_MODULE capability was not \nneeded to load kernel modules. A local attacker with the CAP_NET_ADMIN \ncapability could load existing kernel modules, possibly increasing the \nattack surface available on the system. (CVE-2011-1019)\n\nVasiliy Kulikov discovered that the Bluetooth stack did not correctly clear \nmemory. A local attacker could exploit this to read kernel stack memory, \nleading to a loss of privacy. (CVE-2011-1078)\n\nVasiliy Kulikov discovered that the Bluetooth stack did not correctly check \nthat device name strings were NULL terminated. A local attacker could \nexploit this to crash the system, leading to a denial of service, or leak \ncontents of kernel stack memory, leading to a loss of privacy. \n(CVE-2011-1079)\n\nVasiliy Kulikov discovered that bridge network filtering did not check that \nname fields were NULL terminated. A local attacker could exploit this to \nleak contents of kernel stack memory, leading to a loss of privacy. \n(CVE-2011-1080)\n\nNelson Elhage discovered that the epoll subsystem did not correctly handle \ncertain structures. A local attacker could create malicious requests that \nwould hang the system, leading to a denial of service. (CVE-2011-1082)\n\nJohan Hovold discovered that the DCCP network stack did not correctly \nhandle certain packet combinations. A remote attacker could send specially \ncrafted network traffic that would crash the system, leading to a denial of \nservice. (CVE-2011-1093)\n\nPeter Huewe discovered that the TPM device did not correctly initialize \nmemory. A local attacker could exploit this to read kernel heap memory \ncontents, leading to a loss of privacy. (CVE-2011-1160)\n\nVasiliy Kulikov discovered that the netfilter code did not check certain \nstrings copied from userspace. A local attacker with netfilter access could \nexploit this to read kernel memory or crash the system, leading to a denial \nof service. (CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, CVE-2011-2534)\n\nVasiliy Kulikov discovered that the Acorn Universal Networking driver did \nnot correctly initialize memory. A remote attacker could send specially \ncrafted traffic to read kernel stack memory, leading to a loss of privacy. \n(CVE-2011-1173)\n\nDan Rosenberg discovered that the IRDA subsystem did not correctly check \ncertain field sizes. If a system was using IRDA, a remote attacker could \nsend specially crafted traffic to crash the system or gain root privileges. \n(CVE-2011-1180)\n\nJulien Tinnes discovered that the kernel did not correctly validate the \nsignal structure from tkill(). A local attacker could exploit this to send \nsignals to arbitrary threads, possibly bypassing expected restrictions. \n(CVE-2011-1182)\n\nDan Rosenberg reported errors in the OSS (Open Sound System) MIDI \ninterface. A local attacker on non-x86 systems might be able to cause a \ndenial of service. (CVE-2011-1476)\n\nDan Rosenberg reported errors in the kernel's OSS (Open Sound System) \ndriver for Yamaha FM synthesizer chips. A local user can exploit this to \ncause memory corruption, causing a denial of service or privilege \nescalation. (CVE-2011-1477)\n\nRyan Sweat discovered that the GRO code did not correctly validate memory. \nIn some configurations on systems using VLANs, a remote attacker could send \nspecially crafted traffic to crash the system, leading to a denial of \nservice. (CVE-2011-1478)\n\nIt was discovered that the Stream Control Transmission Protocol (SCTP) \nimplementation incorrectly calculated lengths. If the net.sctp.addip_enable \nvariable was turned on, a remote attacker could send specially crafted \ntraffic to crash the system. (CVE-2011-1573)\n\nA flaw was found in the b43 driver in the Linux kernel. An attacker could \nuse this flaw to cause a denial of service if the system has an active \nwireless interface using the b43 driver. (CVE-2011-3359)\n\nMaynard Johnson discovered that on POWER7, certain speculative events may \nraise a performance monitor exception. A local attacker could exploit this \nto crash the system, leading to a denial of service. (CVE-2011-4611)\n\nDan Rosenberg discovered flaws in the linux Rose (X.25 PLP) layer used by \namateur radio. A local user or a remote user on an X.25 network could \nexploit these flaws to execute arbitrary code as root. (CVE-2011-4913)", "edition": 6, "modified": "2011-06-01T00:00:00", "published": "2011-06-01T00:00:00", "id": "USN-1141-1", "href": "https://ubuntu.com/security/notices/USN-1141-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-09T00:28:28", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3904", "CVE-2010-3865", "CVE-2010-4529", "CVE-2010-4165", "CVE-2010-2960", "CVE-2010-4072", "CVE-2010-3881", "CVE-2010-4346", "CVE-2010-2955", "CVE-2010-3437", "CVE-2010-4527", "CVE-2010-2963", "CVE-2010-3877", "CVE-2010-3875", "CVE-2010-4158", "CVE-2010-3876", "CVE-2010-3850", "CVE-2010-4258", "CVE-2010-3705", "CVE-2010-3848", "CVE-2010-2954", "CVE-2010-4079", "CVE-2010-4249", "CVE-2010-3081", "CVE-2010-4342", "CVE-2010-4164", "CVE-2010-2962", "CVE-2010-3080", "CVE-2010-3849", "CVE-2010-3079", "CVE-2010-3861"], "description": "Dan Rosenberg discovered that the RDS network protocol did not correctly \ncheck certain parameters. A local attacker could exploit this gain root \nprivileges. (CVE-2010-3904)\n\nNelson Elhage discovered several problems with the Acorn Econet protocol \ndriver. A local user could cause a denial of service via a NULL pointer \ndereference, escalate privileges by overflowing the kernel stack, and \nassign Econet addresses to arbitrary interfaces. (CVE-2010-3848, \nCVE-2010-3849, CVE-2010-3850)\n\nBen Hawkes discovered that the Linux kernel did not correctly validate \nmemory ranges on 64bit kernels when allocating memory on behalf of 32bit \nsystem calls. On a 64bit system, a local attacker could perform malicious \nmulticast getsockopt calls to gain root privileges. (CVE-2010-3081)\n\nTavis Ormandy discovered that the IRDA subsystem did not correctly shut \ndown. A local attacker could exploit this to cause the system to crash or \npossibly gain root privileges. (CVE-2010-2954)\n\nBrad Spengler discovered that the wireless extensions did not correctly \nvalidate certain request sizes. A local attacker could exploit this to read \nportions of kernel memory, leading to a loss of privacy. (CVE-2010-2955)\n\nTavis Ormandy discovered that the session keyring did not correctly check \nfor its parent. On systems without a default session keyring, a local \nattacker could exploit this to crash the system, leading to a denial of \nservice. (CVE-2010-2960)\n\nKees Cook discovered that the Intel i915 graphics driver did not correctly \nvalidate memory regions. A local attacker with access to the video card \ncould read and write arbitrary kernel memory to gain root privileges. \n(CVE-2010-2962)\n\nKees Cook discovered that the V4L1 32bit compat interface did not correctly \nvalidate certain parameters. A local attacker on a 64bit system with access \nto a video device could exploit this to gain root privileges. \n(CVE-2010-2963)\n\nRobert Swiecki discovered that ftrace did not correctly handle mutexes. A \nlocal attacker could exploit this to crash the kernel, leading to a denial \nof service. (CVE-2010-3079)\n\nTavis Ormandy discovered that the OSS sequencer device did not correctly \nshut down. A local attacker could exploit this to crash the system or \npossibly gain root privileges. (CVE-2010-3080)\n\nDan Rosenberg discovered that the CD driver did not correctly check \nparameters. A local attacker could exploit this to read arbitrary kernel \nmemory, leading to a loss of privacy. (CVE-2010-3437)\n\nDan Rosenberg discovered that SCTP did not correctly handle HMAC \ncalculations. A remote attacker could send specially crafted traffic that \nwould crash the system, leading to a denial of service. (CVE-2010-3705)\n\nKees Cook discovered that the ethtool interface did not correctly clear \nkernel memory. A local attacker could read kernel heap memory, leading to a \nloss of privacy. (CVE-2010-3861)\n\nThomas Pollet discovered that the RDS network protocol did not check \ncertain iovec buffers. A local attacker could exploit this to crash the \nsystem or possibly execute arbitrary code as the root user. (CVE-2010-3865)\n\nVasiliy Kulikov discovered that the Linux kernel X.25 implementation did \nnot correctly clear kernel memory. A local attacker could exploit this to \nread kernel stack memory, leading to a loss of privacy. (CVE-2010-3875)\n\nVasiliy Kulikov discovered that the Linux kernel sockets implementation did \nnot properly initialize certain structures. A local attacker could exploit \nthis to read kernel stack memory, leading to a loss of privacy. \n(CVE-2010-3876)\n\nVasiliy Kulikov discovered that the TIPC interface did not correctly \ninitialize certain structures. A local attacker could exploit this to read \nkernel stack memory, leading to a loss of privacy. (CVE-2010-3877)\n\nVasiliy Kulikov discovered that kvm did not correctly clear memory. A local \nattacker could exploit this to read portions of the kernel stack, leading \nto a loss of privacy. (CVE-2010-3881)\n\nKees Cook and Vasiliy Kulikov discovered that the shm interface did not \nclear kernel memory correctly. A local attacker could exploit this to read \nkernel stack memory, leading to a loss of privacy. (CVE-2010-4072)\n\nDan Rosenberg discovered that the ivtv V4L driver did not correctly \ninitialize certian structures. A local attacker could exploit this to read \nkernel stack memory, leading to a loss of privacy. (CVE-2010-4079)\n\nDan Rosenberg discovered that the socket filters did not correctly \ninitialize structure memory. A local attacker could create malicious \nfilters to read portions of kernel stack memory, leading to a loss of \nprivacy. (CVE-2010-4158)\n\nDan Rosenberg discovered multiple flaws in the X.25 facilities parsing. If \na system was using X.25, a remote attacker could exploit this to crash the \nsystem, leading to a denial of service. (CVE-2010-4164)\n\nSteve Chen discovered that setsockopt did not correctly check MSS values. A \nlocal attacker could make a specially crafted socket call to crash the \nsystem, leading to a denial of service. (CVE-2010-4165)\n\nVegard Nossum discovered that memory garbage collection was not handled \ncorrectly for active sockets. A local attacker could exploit this to \nallocate all available kernel memory, leading to a denial of service. \n(CVE-2010-4249)\n\nNelson Elhage discovered that the kernel did not correctly handle process \ncleanup after triggering a recoverable kernel bug. If a local attacker were \nable to trigger certain kinds of kernel bugs, they could create a specially \ncrafted process to gain root privileges. (CVE-2010-4258)\n\nNelson Elhage discovered that Econet did not correctly handle AUN packets \nover UDP. A local attacker could send specially crafted traffic to crash \nthe system, leading to a denial of service. (CVE-2010-4342)\n\nTavis Ormandy discovered that the install_special_mapping function could \nbypass the mmap_min_addr restriction. A local attacker could exploit this \nto mmap 4096 bytes below the mmap_min_addr area, possibly improving the \nchances of performing NULL pointer dereference attacks. (CVE-2010-4346)\n\nDan Rosenberg discovered that the OSS subsystem did not handle name \ntermination correctly. A local attacker could exploit this crash the system \nor gain root privileges. (CVE-2010-4527)\n\nDan Rosenberg discovered that IRDA did not correctly check the size of \nbuffers. On non-x86 systems, a local attacker could exploit this to read \nkernel heap memory, leading to a loss of privacy. (CVE-2010-4529)", "edition": 5, "modified": "2011-04-20T00:00:00", "published": "2011-04-20T00:00:00", "id": "USN-1119-1", "href": "https://ubuntu.com/security/notices/USN-1119-1", "title": "Linux kernel (OMAP4) vulnerabilities", "type": "ubuntu", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-09T00:24:05", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3865", "CVE-2011-4621", "CVE-2010-4346", "CVE-2010-4527", "CVE-2010-4083", "CVE-2010-4649", "CVE-2010-3877", "CVE-2010-3875", "CVE-2010-3876", "CVE-2011-0006", "CVE-2010-3698", "CVE-2010-4650", "CVE-2011-1044", "CVE-2010-4248", "CVE-2010-4648", "CVE-2010-4079", "CVE-2010-3880", "CVE-2010-4250", "CVE-2010-4342"], "description": "It was discovered that KVM did not correctly initialize certain CPU \nregisters. A local attacker could exploit this to crash the system, leading \nto a denial of service. (CVE-2010-3698)\n\nThomas Pollet discovered that the RDS network protocol did not check \ncertain iovec buffers. A local attacker could exploit this to crash the \nsystem or possibly execute arbitrary code as the root user. (CVE-2010-3865)\n\nVasiliy Kulikov discovered that the Linux kernel X.25 implementation did \nnot correctly clear kernel memory. A local attacker could exploit this to \nread kernel stack memory, leading to a loss of privacy. (CVE-2010-3875)\n\nVasiliy Kulikov discovered that the Linux kernel sockets implementation did \nnot properly initialize certain structures. A local attacker could exploit \nthis to read kernel stack memory, leading to a loss of privacy. \n(CVE-2010-3876)\n\nVasiliy Kulikov discovered that the TIPC interface did not correctly \ninitialize certain structures. A local attacker could exploit this to read \nkernel stack memory, leading to a loss of privacy. (CVE-2010-3877)\n\nNelson Elhage discovered that the Linux kernel IPv4 implementation did not \nproperly audit certain bytecodes in netlink messages. A local attacker \ncould exploit this to cause the kernel to hang, leading to a denial of \nservice. (CVE-2010-3880)\n\nDan Rosenberg discovered that the ivtv V4L driver did not correctly \ninitialize certian structures. A local attacker could exploit this to read \nkernel stack memory, leading to a loss of privacy. (CVE-2010-4079)\n\nDan Rosenberg discovered that the semctl syscall did not correctly clear \nkernel memory. A local attacker could exploit this to read kernel stack \nmemory, leading to a loss of privacy. (CVE-2010-4083)\n\nIt was discovered that multithreaded exec did not handle CPU timers \ncorrectly. A local attacker could exploit this to crash the system, leading \nto a denial of service. (CVE-2010-4248)\n\nVegard Nossum discovered a leak in the kernel's inotify_init() system call. \nA local, unprivileged user could exploit this to cause a denial of service. \n(CVE-2010-4250)\n\nNelson Elhage discovered that Econet did not correctly handle AUN packets \nover UDP. A local attacker could send specially crafted traffic to crash \nthe system, leading to a denial of service. (CVE-2010-4342)\n\nTavis Ormandy discovered that the install_special_mapping function could \nbypass the mmap_min_addr restriction. A local attacker could exploit this \nto mmap 4096 bytes below the mmap_min_addr area, possibly improving the \nchances of performing NULL pointer dereference attacks. (CVE-2010-4346)\n\nDan Rosenberg discovered that the OSS subsystem did not handle name \ntermination correctly. A local attacker could exploit this crash the system \nor gain root privileges. (CVE-2010-4527)\n\nAn error was reported in the kernel's ORiNOCO wireless driver's handling of \nTKIP countermeasures. This reduces the amount of time an attacker needs \nbreach a wireless network using WPA+TKIP for security. (CVE-2010-4648)\n\nDan Carpenter discovered that the Infiniband driver did not correctly \nhandle certain requests. A local user could exploit this to crash the \nsystem or potentially gain root privileges. (CVE-2010-4649, CVE-2011-1044)\n\nAn error was discovered in the kernel's handling of CUSE (Character device \nin Userspace). A local attacker might exploit this flaw to escalate \nprivilege, if access to /dev/cuse has been modified to allow non-root \nusers. (CVE-2010-4650)\n\nA flaw was found in the kernel's Integrity Measurement Architecture (IMA). \nChanges made by an attacker might not be discovered by IMA, if SELinux was \ndisabled, and a new IMA rule was loaded. (CVE-2011-0006)\n\nIt was discovered that some import kernel threads can be blocked by a user \nlevel process. An unprivileged local user could exploit this flaw to cause \na denial of service. (CVE-2011-4621)", "edition": 5, "modified": "2011-03-02T00:00:00", "published": "2011-03-02T00:00:00", "id": "USN-1081-1", "href": "https://ubuntu.com/security/notices/USN-1081-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-09T00:25:01", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1017", "CVE-2011-0521", "CVE-2010-4163", "CVE-2010-3865", "CVE-2010-4529", "CVE-2011-4621", "CVE-2011-1476", "CVE-2010-4668", "CVE-2010-3881", "CVE-2010-4346", "CVE-2011-1746", "CVE-2011-0695", "CVE-2011-1160", "CVE-2010-4527", "CVE-2010-4083", "CVE-2011-1078", "CVE-2011-1494", "CVE-2010-4649", "CVE-2011-1478", "CVE-2011-1012", "CVE-2011-1598", "CVE-2010-3877", "CVE-2010-3875", "CVE-2011-1173", "CVE-2010-4656", "CVE-2010-3876", "CVE-2011-0006", "CVE-2011-0463", "CVE-2010-3698", "CVE-2011-4611", "CVE-2011-0711", "CVE-2010-4650", "CVE-2011-2022", "CVE-2011-1180", "CVE-2011-3359", "CVE-2011-1079", "CVE-2011-1044", "CVE-2011-0712", "CVE-2011-1019", "CVE-2010-4248", "CVE-2011-1495", "CVE-2011-1163", "CVE-2011-1169", "CVE-2011-4913", "CVE-2010-4648", "CVE-2011-1013", "CVE-2010-4079", "CVE-2010-3880", "CVE-2010-4250", "CVE-2010-4342", "CVE-2011-1093", "CVE-2011-1010", "CVE-2011-1016", "CVE-2011-1593", "CVE-2011-1170", "CVE-2011-1172", "CVE-2011-1748", "CVE-2011-1171", "CVE-2011-1082", "CVE-2011-1477", "CVE-2011-2534", "CVE-2011-0726", "CVE-2011-1745", "CVE-2011-1182", "CVE-2011-1090", "CVE-2010-4565", "CVE-2011-1080", "CVE-2010-4077", "CVE-2010-4075", "CVE-2011-1577", "CVE-2010-4076"], "description": "It was discovered that KVM did not correctly initialize certain CPU \nregisters. A local attacker could exploit this to crash the system, leading \nto a denial of service. (CVE-2010-3698)\n\nThomas Pollet discovered that the RDS network protocol did not check \ncertain iovec buffers. A local attacker could exploit this to crash the \nsystem or possibly execute arbitrary code as the root user. (CVE-2010-3865)\n\nVasiliy Kulikov discovered that the Linux kernel X.25 implementation did \nnot correctly clear kernel memory. A local attacker could exploit this to \nread kernel stack memory, leading to a loss of privacy. (CVE-2010-3875)\n\nVasiliy Kulikov discovered that the Linux kernel sockets implementation did \nnot properly initialize certain structures. A local attacker could exploit \nthis to read kernel stack memory, leading to a loss of privacy. \n(CVE-2010-3876)\n\nVasiliy Kulikov discovered that the TIPC interface did not correctly \ninitialize certain structures. A local attacker could exploit this to read \nkernel stack memory, leading to a loss of privacy. (CVE-2010-3877)\n\nNelson Elhage discovered that the Linux kernel IPv4 implementation did not \nproperly audit certain bytecodes in netlink messages. A local attacker \ncould exploit this to cause the kernel to hang, leading to a denial of \nservice. (CVE-2010-3880)\n\nVasiliy Kulikov discovered that kvm did not correctly clear memory. A local \nattacker could exploit this to read portions of the kernel stack, leading \nto a loss of privacy. (CVE-2010-3881)\n\nDan Rosenberg discovered that multiple terminal ioctls did not correctly \ninitialize structure memory. A local attacker could exploit this to read \nportions of kernel stack memory, leading to a loss of privacy. \n(CVE-2010-4075, CVE-2010-4076, CVE-2010-4077)\n\nDan Rosenberg discovered that the ivtv V4L driver did not correctly \ninitialize certian structures. A local attacker could exploit this to read \nkernel stack memory, leading to a loss of privacy. (CVE-2010-4079)\n\nDan Rosenberg discovered that the semctl syscall did not correctly clear \nkernel memory. A local attacker could exploit this to read kernel stack \nmemory, leading to a loss of privacy. (CVE-2010-4083)\n\nDan Rosenberg discovered that the SCSI subsystem did not correctly validate \niov segments. A local attacker with access to a SCSI device could send \nspecially crafted requests to crash the system, leading to a denial of \nservice. (CVE-2010-4163, CVE-2010-4668)\n\nIt was discovered that multithreaded exec did not handle CPU timers \ncorrectly. A local attacker could exploit this to crash the system, leading \nto a denial of service. (CVE-2010-4248)\n\nVegard Nossum discovered a leak in the kernel's inotify_init() system call. \nA local, unprivileged user could exploit this to cause a denial of service. \n(CVE-2010-4250)\n\nNelson Elhage discovered that Econet did not correctly handle AUN packets \nover UDP. A local attacker could send specially crafted traffic to crash \nthe system, leading to a denial of service. (CVE-2010-4342)\n\nTavis Ormandy discovered that the install_special_mapping function could \nbypass the mmap_min_addr restriction. A local attacker could exploit this \nto mmap 4096 bytes below the mmap_min_addr area, possibly improving the \nchances of performing NULL pointer dereference attacks. (CVE-2010-4346)\n\nDan Rosenberg discovered that the OSS subsystem did not handle name \ntermination correctly. A local attacker could exploit this crash the system \nor gain root privileges. (CVE-2010-4527)\n\nDan Rosenberg discovered that IRDA did not correctly check the size of \nbuffers. On non-x86 systems, a local attacker could exploit this to read \nkernel heap memory, leading to a loss of privacy. (CVE-2010-4529)\n\nDan Rosenburg discovered that the CAN subsystem leaked kernel addresses \ninto the /proc filesystem. A local attacker could use this to increase the \nchances of a successful memory corruption exploit. (CVE-2010-4565)\n\nAn error was reported in the kernel's ORiNOCO wireless driver's handling of \nTKIP countermeasures. This reduces the amount of time an attacker needs \nbreach a wireless network using WPA+TKIP for security. (CVE-2010-4648)\n\nDan Carpenter discovered that the Infiniband driver did not correctly \nhandle certain requests. A local user could exploit this to crash the \nsystem or potentially gain root privileges. (CVE-2010-4649, CVE-2011-1044)\n\nAn error was discovered in the kernel's handling of CUSE (Character device \nin Userspace). A local attacker might exploit this flaw to escalate \nprivilege, if access to /dev/cuse has been modified to allow non-root \nusers. (CVE-2010-4650)\n\nKees Cook discovered that the IOWarrior USB device driver did not correctly \ncheck certain size fields. A local attacker with physical access could plug \nin a specially crafted USB device to crash the system or potentially gain \nroot privileges. (CVE-2010-4656)\n\nA flaw was found in the kernel's Integrity Measurement Architecture (IMA). \nChanges made by an attacker might not be discovered by IMA, if SELinux was \ndisabled, and a new IMA rule was loaded. (CVE-2011-0006)\n\nGoldwyn Rodrigues discovered that the OCFS2 filesystem did not correctly \nclear memory when writing certain file holes. A local attacker could \nexploit this to read uninitialized data from the disk, leading to a loss of \nprivacy. (CVE-2011-0463)\n\nDan Carpenter discovered that the TTPCI DVB driver did not check certain \nvalues during an ioctl. If the dvb-ttpci module was loaded, a local \nattacker could exploit this to crash the system, leading to a denial of \nservice, or possibly gain root privileges. (CVE-2011-0521)\n\nJens Kuehnel discovered that the InfiniBand driver contained a race \ncondition. On systems using InfiniBand, a local attacker could send \nspecially crafted requests to crash the system, leading to a denial of \nservice. (CVE-2011-0695)\n\nDan Rosenberg discovered that XFS did not correctly initialize memory. A \nlocal attacker could make crafted ioctl calls to leak portions of kernel \nstack memory, leading to a loss of privacy. (CVE-2011-0711)\n\nRafael Dominguez Vega discovered that the caiaq Native Instruments USB \ndriver did not correctly validate string lengths. A local attacker with \nphysical access could plug in a specially crafted USB device to crash the \nsystem or potentially gain root privileges. (CVE-2011-0712)\n\nKees Cook reported that /proc/pid/stat did not correctly filter certain \nmemory locations. A local attacker could determine the memory layout of \nprocesses in an attempt to increase the chances of a successful memory \ncorruption exploit. (CVE-2011-0726)\n\nTimo Warns discovered that MAC partition parsing routines did not correctly \ncalculate block counts. A local attacker with physical access could plug in \na specially crafted block device to crash the system or potentially gain \nroot privileges. (CVE-2011-1010)\n\nTimo Warns discovered that LDM partition parsing routines did not correctly \ncalculate block counts. A local attacker with physical access could plug in \na specially crafted block device to crash the system, leading to a denial \nof service. (CVE-2011-1012)\n\nMatthiew Herrb discovered that the drm modeset interface did not correctly \nhandle a signed comparison. A local attacker could exploit this to crash \nthe system or possibly gain root privileges. (CVE-2011-1013)\n\nMarek Ol\u0161\u00e1k discovered that the Radeon GPU drivers did not correctly \nvalidate certain registers. On systems with specific hardware, a local \nattacker could exploit this to write to arbitrary video memory. \n(CVE-2011-1016)\n\nTimo Warns discovered that the LDM disk partition handling code did not \ncorrectly handle certain values. By inserting a specially crafted disk \ndevice, a local attacker could exploit this to gain root privileges. \n(CVE-2011-1017)\n\nVasiliy Kulikov discovered that the CAP_SYS_MODULE capability was not \nneeded to load kernel modules. A local attacker with the CAP_NET_ADMIN \ncapability could load existing kernel modules, possibly increasing the \nattack surface available on the system. (CVE-2011-1019)\n\nVasiliy Kulikov discovered that the Bluetooth stack did not correctly clear \nmemory. A local attacker could exploit this to read kernel stack memory, \nleading to a loss of privacy. (CVE-2011-1078)\n\nVasiliy Kulikov discovered that the Bluetooth stack did not correctly check \nthat device name strings were NULL terminated. A local attacker could \nexploit this to crash the system, leading to a denial of service, or leak \ncontents of kernel stack memory, leading to a loss of privacy. \n(CVE-2011-1079)\n\nVasiliy Kulikov discovered that bridge network filtering did not check that \nname fields were NULL terminated. A local attacker could exploit this to \nleak contents of kernel stack memory, leading to a loss of privacy. \n(CVE-2011-1080)\n\nNelson Elhage discovered that the epoll subsystem did not correctly handle \ncertain structures. A local attacker could create malicious requests that \nwould hang the system, leading to a denial of service. (CVE-2011-1082)\n\nNeil Horman discovered that NFSv4 did not correctly handle certain orders \nof operation with ACL data. A remote attacker with access to an NFSv4 mount \ncould exploit this to crash the system, leading to a denial of service. \n(CVE-2011-1090)\n\nJohan Hovold discovered that the DCCP network stack did not correctly \nhandle certain packet combinations. A remote attacker could send specially \ncrafted network traffic that would crash the system, leading to a denial of \nservice. (CVE-2011-1093)\n\nPeter Huewe discovered that the TPM device did not correctly initialize \nmemory. A local attacker could exploit this to read kernel heap memory \ncontents, leading to a loss of privacy. (CVE-2011-1160)\n\nTimo Warns discovered that OSF partition parsing routines did not correctly \nclear memory. A local attacker with physical access could plug in a \nspecially crafted block device to read kernel memory, leading to a loss of \nprivacy. (CVE-2011-1163)\n\nDan Rosenberg discovered that some ALSA drivers did not correctly check the \nadapter index during ioctl calls. If this driver was loaded, a local \nattacker could make a specially crafted ioctl call to gain root privileges. \n(CVE-2011-1169)\n\nVasiliy Kulikov discovered that the netfilter code did not check certain \nstrings copied from userspace. A local attacker with netfilter access could \nexploit this to read kernel memory or crash the system, leading to a denial \nof service. (CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, CVE-2011-2534)\n\nVasiliy Kulikov discovered that the Acorn Universal Networking driver did \nnot correctly initialize memory. A remote attacker could send specially \ncrafted traffic to read kernel stack memory, leading to a loss of privacy. \n(CVE-2011-1173)\n\nDan Rosenberg discovered that the IRDA subsystem did not correctly check \ncertain field sizes. If a system was using IRDA, a remote attacker could \nsend specially crafted traffic to crash the system or gain root privileges. \n(CVE-2011-1180)\n\nJulien Tinnes discovered that the kernel did not correctly validate the \nsignal structure from tkill(). A local attacker could exploit this to send \nsignals to arbitrary threads, possibly bypassing expected restrictions. \n(CVE-2011-1182)\n\nDan Rosenberg reported errors in the OSS (Open Sound System) MIDI \ninterface. A local attacker on non-x86 systems might be able to cause a \ndenial of service. (CVE-2011-1476)\n\nDan Rosenberg reported errors in the kernel's OSS (Open Sound System) \ndriver for Yamaha FM synthesizer chips. A local user can exploit this to \ncause memory corruption, causing a denial of service or privilege \nescalation. (CVE-2011-1477)\n\nRyan Sweat discovered that the GRO code did not correctly validate memory. \nIn some configurations on systems using VLANs, a remote attacker could send \nspecially crafted traffic to crash the system, leading to a denial of \nservice. (CVE-2011-1478)\n\nDan Rosenberg discovered that MPT devices did not correctly validate \ncertain values in ioctl calls. If these drivers were loaded, a local \nattacker could exploit this to read arbitrary kernel memory, leading to a \nloss of privacy. (CVE-2011-1494, CVE-2011-1495)\n\nTimo Warns discovered that the GUID partition parsing routines did not \ncorrectly validate certain structures. A local attacker with physical \naccess could plug in a specially crafted block device to crash the system, \nleading to a denial of service. (CVE-2011-1577)\n\nTavis Ormandy discovered that the pidmap function did not correctly handle \nlarge requests. A local attacker could exploit this to crash the system, \nleading to a denial of service. (CVE-2011-1593)\n\nOliver Hartkopp and Dave Jones discovered that the CAN network driver did \nnot correctly validate certain socket structures. If this driver was \nloaded, a local attacker could crash the system, leading to a denial of \nservice. (CVE-2011-1598, CVE-2011-1748)\n\nVasiliy Kulikov discovered that the AGP driver did not check certain ioctl \nvalues. A local attacker with access to the video subsystem could exploit \nthis to crash the system, leading to a denial of service, or possibly gain \nroot privileges. (CVE-2011-1745, CVE-2011-2022)\n\nVasiliy Kulikov discovered that the AGP driver did not check the size of \ncertain memory allocations. A local attacker with access to the video \nsubsystem could exploit this to run the system out of memory, leading to a \ndenial of service. (CVE-2011-1746)\n\nA flaw was found in the b43 driver in the Linux kernel. An attacker could \nuse this flaw to cause a denial of service if the system has an active \nwireless interface using the b43 driver. (CVE-2011-3359)\n\nMaynard Johnson discovered that on POWER7, certain speculative events may \nraise a performance monitor exception. A local attacker could exploit this \nto crash the system, leading to a denial of service. (CVE-2011-4611)\n\nIt was discovered that some import kernel threads can be blocked by a user \nlevel process. An unprivileged local user could exploit this flaw to cause \na denial of service. (CVE-2011-4621)\n\nDan Rosenberg discovered flaws in the linux Rose (X.25 PLP) layer used by \namateur radio. A local user or a remote user on an X.25 network could \nexploit these flaws to execute arbitrary code as root. (CVE-2011-4913)", "edition": 5, "modified": "2011-08-09T00:00:00", "published": "2011-08-09T00:00:00", "id": "USN-1187-1", "href": "https://ubuntu.com/security/notices/USN-1187-1", "title": "Linux kernel (Maverick backport) vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-07-08T23:40:30", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1017", "CVE-2011-0521", "CVE-2010-4529", "CVE-2011-1476", "CVE-2011-0695", "CVE-2011-1160", "CVE-2011-1078", "CVE-2011-1494", "CVE-2011-1478", "CVE-2011-1012", "CVE-2011-1173", "CVE-2010-4656", "CVE-2011-0463", "CVE-2011-4611", "CVE-2011-0711", "CVE-2011-2022", "CVE-2011-1180", "CVE-2011-3359", "CVE-2011-1079", "CVE-2011-0712", "CVE-2011-1019", "CVE-2011-1495", "CVE-2011-1169", "CVE-2011-4913", "CVE-2011-1013", "CVE-2011-1093", "CVE-2011-1010", "CVE-2011-1016", "CVE-2011-1593", "CVE-2011-1170", "CVE-2011-1172", "CVE-2011-1748", "CVE-2011-1171", "CVE-2011-1082", "CVE-2011-1477", "CVE-2011-2534", "CVE-2011-0726", "CVE-2011-1745", "CVE-2011-1182", "CVE-2010-4565", "CVE-2011-1080"], "description": "Dan Rosenberg discovered that IRDA did not correctly check the size of \nbuffers. On non-x86 systems, a local attacker could exploit this to read \nkernel heap memory, leading to a loss of privacy. (CVE-2010-4529)\n\nDan Rosenburg discovered that the CAN subsystem leaked kernel addresses \ninto the /proc filesystem. A local attacker could use this to increase the \nchances of a successful memory corruption exploit. (CVE-2010-4565)\n\nKees Cook discovered that the IOWarrior USB device driver did not correctly \ncheck certain size fields. A local attacker with physical access could plug \nin a specially crafted USB device to crash the system or potentially gain \nroot privileges. (CVE-2010-4656)\n\nGoldwyn Rodrigues discovered that the OCFS2 filesystem did not correctly \nclear memory when writing certain file holes. A local attacker could \nexploit this to read uninitialized data from the disk, leading to a loss of \nprivacy. (CVE-2011-0463)\n\nDan Carpenter discovered that the TTPCI DVB driver did not check certain \nvalues during an ioctl. If the dvb-ttpci module was loaded, a local \nattacker could exploit this to crash the system, leading to a denial of \nservice, or possibly gain root privileges. (CVE-2011-0521)\n\nJens Kuehnel discovered that the InfiniBand driver contained a race \ncondition. On systems using InfiniBand, a local attacker could send \nspecially crafted requests to crash the system, leading to a denial of \nservice. (CVE-2011-0695)\n\nDan Rosenberg discovered that XFS did not correctly initialize memory. A \nlocal attacker could make crafted ioctl calls to leak portions of kernel \nstack memory, leading to a loss of privacy. (CVE-2011-0711)\n\nRafael Dominguez Vega discovered that the caiaq Native Instruments USB \ndriver did not correctly validate string lengths. A local attacker with \nphysical access could plug in a specially crafted USB device to crash the \nsystem or potentially gain root privileges. (CVE-2011-0712)\n\nKees Cook reported that /proc/pid/stat did not correctly filter certain \nmemory locations. A local attacker could determine the memory layout of \nprocesses in an attempt to increase the chances of a successful memory \ncorruption exploit. (CVE-2011-0726)\n\nTimo Warns discovered that MAC partition parsing routines did not correctly \ncalculate block counts. A local attacker with physical access could plug in \na specially crafted block device to crash the system or potentially gain \nroot privileges. (CVE-2011-1010)\n\nTimo Warns discovered that LDM partition parsing routines did not correctly \ncalculate block counts. A local attacker with physical access could plug in \na specially crafted block device to crash the system, leading to a denial \nof service. (CVE-2011-1012)\n\nMatthiew Herrb discovered that the drm modeset interface did not correctly \nhandle a signed comparison. A local attacker could exploit this to crash \nthe system or possibly gain root privileges. (CVE-2011-1013)\n\nMarek Ol\u0161\u00e1k discovered that the Radeon GPU drivers did not correctly \nvalidate certain registers. On systems with specific hardware, a local \nattacker could exploit this to write to arbitrary video memory. \n(CVE-2011-1016)\n\nTimo Warns discovered that the LDM disk partition handling code did not \ncorrectly handle certain values. By inserting a specially crafted disk \ndevice, a local attacker could exploit this to gain root privileges. \n(CVE-2011-1017)\n\nVasiliy Kulikov discovered that the CAP_SYS_MODULE capability was not \nneeded to load kernel modules. A local attacker with the CAP_NET_ADMIN \ncapability could load existing kernel modules, possibly increasing the \nattack surface available on the system. (CVE-2011-1019)\n\nVasiliy Kulikov discovered that the Bluetooth stack did not correctly clear \nmemory. A local attacker could exploit this to read kernel stack memory, \nleading to a loss of privacy. (CVE-2011-1078)\n\nVasiliy Kulikov discovered that the Bluetooth stack did not correctly check \nthat device name strings were NULL terminated. A local attacker could \nexploit this to crash the system, leading to a denial of service, or leak \ncontents of kernel stack memory, leading to a loss of privacy. \n(CVE-2011-1079)\n\nVasiliy Kulikov discovered that bridge network filtering did not check that \nname fields were NULL terminated. A local attacker could exploit this to \nleak contents of kernel stack memory, leading to a loss of privacy. \n(CVE-2011-1080)\n\nNelson Elhage discovered that the epoll subsystem did not correctly handle \ncertain structures. A local attacker could create malicious requests that \nwould hang the system, leading to a denial of service. (CVE-2011-1082)\n\nJohan Hovold discovered that the DCCP network stack did not correctly \nhandle certain packet combinations. A remote attacker could send specially \ncrafted network traffic that would crash the system, leading to a denial of \nservice. (CVE-2011-1093)\n\nPeter Huewe discovered that the TPM device did not correctly initialize \nmemory. A local attacker could exploit this to read kernel heap memory \ncontents, leading to a loss of privacy. (CVE-2011-1160)\n\nDan Rosenberg discovered that some ALSA drivers did not correctly check the \nadapter index during ioctl calls. If this driver was loaded, a local \nattacker could make a specially crafted ioctl call to gain root privileges. \n(CVE-2011-1169)\n\nVasiliy Kulikov discovered that the netfilter code did not check certain \nstrings copied from userspace. A local attacker with netfilter access could \nexploit this to read kernel memory or crash the system, leading to a denial \nof service. (CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, CVE-2011-2534)\n\nVasiliy Kulikov discovered that the Acorn Universal Networking driver did \nnot correctly initialize memory. A remote attacker could send specially \ncrafted traffic to read kernel stack memory, leading to a loss of privacy. \n(CVE-2011-1173)\n\nDan Rosenberg discovered that the IRDA subsystem did not correctly check \ncertain field sizes. If a system was using IRDA, a remote attacker could \nsend specially crafted traffic to crash the system or gain root privileges. \n(CVE-2011-1180)\n\nJulien Tinnes discovered that the kernel did not correctly validate the \nsignal structure from tkill(). A local attacker could exploit this to send \nsignals to arbitrary threads, possibly bypassing expected restrictions. \n(CVE-2011-1182)\n\nDan Rosenberg reported errors in the OSS (Open Sound System) MIDI \ninterface. A local attacker on non-x86 systems might be able to cause a \ndenial of service. (CVE-2011-1476)\n\nDan Rosenberg reported errors in the kernel's OSS (Open Sound System) \ndriver for Yamaha FM synthesizer chips. A local user can exploit this to \ncause memory corruption, causing a denial of service or privilege \nescalation. (CVE-2011-1477)\n\nRyan Sweat discovered that the GRO code did not correctly validate memory. \nIn some configurations on systems using VLANs, a remote attacker could send \nspecially crafted traffic to crash the system, leading to a denial of \nservice. (CVE-2011-1478)\n\nDan Rosenberg discovered that MPT devices did not correctly validate \ncertain values in ioctl calls. If these drivers were loaded, a local \nattacker could exploit this to read arbitrary kernel memory, leading to a \nloss of privacy. (CVE-2011-1494, CVE-2011-1495)\n\nTavis Ormandy discovered that the pidmap function did not correctly handle \nlarge requests. A local attacker could exploit this to crash the system, \nleading to a denial of service. (CVE-2011-1593)\n\nVasiliy Kulikov discovered that the AGP driver did not check certain ioctl \nvalues. A local attacker with access to the video subsystem could exploit \nthis to crash the system, leading to a denial of service, or possibly gain \nroot privileges. (CVE-2011-1745, CVE-2011-2022)\n\nOliver Hartkopp and Dave Jones discovered that the CAN network driver did \nnot correctly validate certain socket structures. If this driver was \nloaded, a local attacker could crash the system, leading to a denial of \nservice. (CVE-2011-1748)\n\nA flaw was found in the b43 driver in the Linux kernel. An attacker could \nuse this flaw to cause a denial of service if the system has an active \nwireless interface using the b43 driver. (CVE-2011-3359)\n\nMaynard Johnson discovered that on POWER7, certain speculative events may \nraise a performance monitor exception. A local attacker could exploit this \nto crash the system, leading to a denial of service. (CVE-2011-4611)\n\nDan Rosenberg discovered flaws in the linux Rose (X.25 PLP) layer used by \namateur radio. A local user or a remote user on an X.25 network could \nexploit these flaws to execute arbitrary code as root. (CVE-2011-4913)", "edition": 5, "modified": "2011-06-28T00:00:00", "published": "2011-06-28T00:00:00", "id": "USN-1160-1", "href": "https://ubuntu.com/security/notices/USN-1160-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "redhat": [{"lastseen": "2020-08-13T18:05:54", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4527", "CVE-2010-4655", "CVE-2011-0521"], "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues:\n\n* A buffer overflow flaw was found in the load_mixer_volumes() function in\nthe Linux kernel's Open Sound System (OSS) sound driver. On 64-bit PowerPC\nsystems, a local, unprivileged user could use this flaw to cause a denial\nof service or escalate their privileges. (CVE-2010-4527, Important)\n\n* A missing boundary check was found in the dvb_ca_ioctl() function in the\nLinux kernel's av7110 module. On systems that use old DVB cards that\nrequire the av7110 module, a local, unprivileged user could use this flaw\nto cause a denial of service or escalate their privileges. (CVE-2011-0521,\nImportant)\n\n* A missing initialization flaw was found in the ethtool_get_regs()\nfunction in the Linux kernel's ethtool IOCTL handler. A local user who has\nthe CAP_NET_ADMIN capability could use this flaw to cause an information\nleak. (CVE-2010-4655, Low)\n\nRed Hat would like to thank Dan Rosenberg for reporting CVE-2010-4527, and\nKees Cook for reporting CVE-2010-4655.\n\nThese updated kernel packages also fix hundreds of bugs and add numerous\nenhancements. For details on individual bug fixes and enhancements included\nin this update, refer to the Red Hat Enterprise Linux 4.9 Release Notes,\nlinked to in the References section.\n\nUsers should upgrade to these updated packages, which contain backported\npatches to correct these issues and add these enhancements. The system must\nbe rebooted for this update to take effect.\n", "modified": "2017-09-08T12:10:16", "published": "2011-02-16T05:00:00", "id": "RHSA-2011:0263", "href": "https://access.redhat.com/errata/RHSA-2011:0263", "type": "redhat", "title": "(RHSA-2011:0263) Important: Red Hat Enterprise Linux 4.9 kernel security and bug fix update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-13T18:06:44", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4346", "CVE-2011-0521", "CVE-2011-0710", "CVE-2011-1010", "CVE-2011-1090", "CVE-2011-1478"], "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues:\n\n* A missing boundary check was found in the dvb_ca_ioctl() function in the\nLinux kernel's av7110 module. On systems that use old DVB cards that\nrequire the av7110 module, a local, unprivileged user could use this flaw\nto cause a denial of service or escalate their privileges. (CVE-2011-0521,\nImportant)\n\n* An inconsistency was found in the interaction between the Linux kernel's\nmethod for allocating NFSv4 (Network File System version 4) ACL data and\nthe method by which it was freed. This inconsistency led to a kernel panic\nwhich could be triggered by a local, unprivileged user with files owned by\nsaid user on an NFSv4 share. (CVE-2011-1090, Moderate)\n\n* A NULL pointer dereference flaw was found in the Generic Receive Offload\n(GRO) functionality in the Linux kernel's networking implementation. If\nboth GRO and promiscuous mode were enabled on an interface in a virtual LAN\n(VLAN), it could result in a denial of service when a malformed VLAN frame\nis received on that interface. (CVE-2011-1478, Moderate)\n\n* A missing security check in the Linux kernel's implementation of the\ninstall_special_mapping() function could allow a local, unprivileged user\nto bypass the mmap_min_addr protection mechanism. (CVE-2010-4346, Low)\n\n* An information leak was found in the Linux kernel's task_show_regs()\nimplementation. On IBM S/390 systems, a local, unprivileged user could use\nthis flaw to read /proc/[PID]/status files, allowing them to discover the\nCPU register values of processes. (CVE-2011-0710, Low)\n\n* A missing validation check was found in the Linux kernel's\nmac_partition() implementation, used for supporting file systems created\non Mac OS operating systems. A local attacker could use this flaw to cause\na denial of service by mounting a disk that contains specially-crafted\npartitions. (CVE-2011-1010, Low)\n\nRed Hat would like to thank Ryan Sweat for reporting CVE-2011-1478; Tavis\nOrmandy for reporting CVE-2010-4346; and Timo Warns for reporting\nCVE-2011-1010.\n\nThis update also fixes several bugs. Documentation for these bug fixes will\nbe available shortly from the Technical Notes document linked to in the\nReferences section.\n\nUsers should upgrade to these updated packages, which contain backported\npatches to correct these issues, and fix the bugs noted in the Technical\nNotes. The system must be rebooted for this update to take effect.\n", "modified": "2017-09-08T11:55:37", "published": "2011-04-12T04:00:00", "id": "RHSA-2011:0429", "href": "https://access.redhat.com/errata/RHSA-2011:0429", "type": "redhat", "title": "(RHSA-2011:0429) Important: kernel security and bug fix update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-13T18:06:42", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4346", "CVE-2010-4352", "CVE-2011-0521", "CVE-2011-0710", "CVE-2011-1010", "CVE-2011-1024", "CVE-2011-1090", "CVE-2011-1146", "CVE-2011-1478"], "description": "The rhev-hypervisor package provides a Red Hat Enterprise Virtualization\nHypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor\nis a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes\neverything necessary to run and manage virtual machines: A subset of the\nRed Hat Enterprise Linux operating environment and the Red Hat Enterprise\nVirtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for\nthe Intel 64 and AMD64 architectures with virtualization extensions.\n\nA NULL pointer dereference flaw was found in the Generic Receive Offload\n(GRO) functionality in the Linux kernel's networking implementation. If\nboth GRO and promiscuous mode were enabled on an interface in a virtual LAN\n(VLAN), it could result in a denial of service when a malformed VLAN frame\nis received on that interface. (CVE-2011-1478)\n\nRed Hat would like to thank Ryan Sweat for reporting CVE-2011-1478.\n\nThis updated package provides updated components that include fixes for\nsecurity issues; however, these issues have no security impact for Red Hat\nEnterprise Virtualization Hypervisor. These fixes are for dbus issue\nCVE-2010-4352; kernel issues CVE-2010-4346, CVE-2011-0521, CVE-2011-0710,\nCVE-2011-1010, and CVE-2011-1090; libvirt issue CVE-2011-1146; and openldap\nissue CVE-2011-1024.\n\nThis update also fixes the following bug:\n\n* Previously, network drivers that had Large Receive Offload (LRO) enabled\nby default caused the system to run slow when using software bridging. With\nthis update, Red Hat Enterprise Virtualization Hypervisor disables LRO as a\npart of a modprobe configuration. (BZ#692864)\n\nAlso in this erratum, the rhev-hypervisor-pxe RPM has been dropped.\n\nAs Red Hat Enterprise Virtualization Hypervisor includes Red Hat Enterprise\nVirtualization Manager Agent (VDSM), the bug fixes from the VDSM update\nRHBA-2011:0424 have been included in this update:\n\nhttps://rhn.redhat.com/errata/RHBA-2011-0424.html\n\nUsers of Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to this updated package, which resolves these issues.\n", "modified": "2019-03-22T23:44:57", "published": "2011-04-13T04:00:00", "id": "RHSA-2011:0439", "href": "https://access.redhat.com/errata/RHSA-2011:0439", "type": "redhat", "title": "(RHSA-2011:0439) Moderate: rhev-hypervisor security and bug fix update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T11:35:39", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4242", "CVE-2011-0521", "CVE-2010-4163", "CVE-2010-4529", "CVE-2010-4668", "CVE-2010-4527", "CVE-2010-3877", "CVE-2010-3875", "CVE-2010-3876", "CVE-2010-4526", "CVE-2011-0711", "CVE-2011-0710", "CVE-2010-4248", "CVE-2010-4342", "CVE-2010-1173", "CVE-2010-4077", "CVE-2010-4075", "CVE-2010-4655", "CVE-2010-4076"], "description": "This kernel update for the SUSE Linux Enterprise 10 SP3 kernel fixes several security issues and bugs.\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "modified": "2011-03-24T16:29:15", "published": "2011-03-24T16:29:15", "id": "SUSE-SA:2011:015", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-03/msg00005.html", "title": "remote denial of service in kernel", "type": "suse", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:22:07", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4163", "CVE-2010-4529", "CVE-2010-4668", "CVE-2010-4346", "CVE-2010-4527", "CVE-2010-2943", "CVE-2010-3877", "CVE-2010-3875", "CVE-2010-3876", "CVE-2011-0006", "CVE-2010-4526", "CVE-2011-0711", "CVE-2010-4650", "CVE-2011-0710", "CVE-2011-0712", "CVE-2010-3705", "CVE-2010-4243", "CVE-2010-4342", "CVE-2010-3858", "CVE-2010-3699", "CVE-2010-4077", "CVE-2010-4075", "CVE-2010-4076"], "description": "The SUSE Linux Enterprise 11 Service Pack 1 kernel was updated to 2.6.32.29 and fixes various bugs and security issues.\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "modified": "2011-03-08T16:13:04", "published": "2011-03-08T16:13:04", "id": "SUSE-SA:2011:012", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-03/msg00001.html", "type": "suse", "title": "remote denial of service, local privilege in kernel", "cvss": {"score": 8.3, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:25:43", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4242", "CVE-2010-4081", "CVE-2010-4529", "CVE-2010-4073", "CVE-2010-4072", "CVE-2010-2946", "CVE-2010-4527", "CVE-2010-4083", "CVE-2010-3310", "CVE-2010-4158", "CVE-2010-3850", "CVE-2010-4258", "CVE-2010-3442", "CVE-2010-3848", "CVE-2010-4157", "CVE-2010-4342", "CVE-2010-4160", "CVE-2010-3067", "CVE-2010-4164", "CVE-2010-3873", "CVE-2010-3849"], "description": "This patch updates the SUSE Linux Enterprise Server 9 kernel to fix various security issues and some bugs.\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "modified": "2011-02-11T13:07:24", "published": "2011-02-11T13:07:24", "id": "SUSE-SA:2011:008", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html", "type": "suse", "title": "local privilege escalation, remote denial of in kernel", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:18:32", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0521", "CVE-2010-4163", "CVE-2010-4529", "CVE-2011-1476", "CVE-2010-4073", "CVE-2010-4668", "CVE-2010-4072", "CVE-2010-4346", "CVE-2010-4527", "CVE-2010-4083", "CVE-2010-4649", "CVE-2011-1012", "CVE-2010-3877", "CVE-2010-3875", "CVE-2010-3876", "CVE-2011-0711", "CVE-2010-3850", "CVE-2010-4650", "CVE-2011-0712", "CVE-2010-4248", "CVE-2010-3705", "CVE-2010-4243", "CVE-2011-1163", "CVE-2010-3848", "CVE-2010-4648", "CVE-2010-3880", "CVE-2010-4342", "CVE-2011-1010", "CVE-2010-3858", "CVE-2010-3699", "CVE-2011-1082", "CVE-2011-1477", "CVE-2011-1493", "CVE-2010-1173", "CVE-2011-1182", "CVE-2011-1090", "CVE-2010-3849", "CVE-2010-4077", "CVE-2010-4075", "CVE-2010-4076"], "description": "The openSUSE 11.2 kernel was updated to fix lots of security issues.\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "modified": "2011-04-18T14:12:03", "published": "2011-04-18T14:12:03", "id": "SUSE-SA:2011:017", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00003.html", "title": "local privilege escalation, remote denial of in kernel", "type": "suse", "cvss": {"score": 8.3, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:27:55", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0521", "CVE-2010-4163", "CVE-2010-4529", "CVE-2011-1476", "CVE-2010-4668", "CVE-2010-3881", "CVE-2010-4346", "CVE-2010-4527", "CVE-2010-4649", "CVE-2011-1478", "CVE-2011-1012", "CVE-2010-4251", "CVE-2010-4525", "CVE-2010-4343", "CVE-2010-3877", "CVE-2010-3875", "CVE-2010-4656", "CVE-2010-3876", "CVE-2011-0711", "CVE-2010-3850", "CVE-2010-4650", "CVE-2011-0712", "CVE-2010-4248", "CVE-2010-3705", "CVE-2010-4243", "CVE-2011-1163", "CVE-2010-3848", "CVE-2010-4648", "CVE-2011-0191", "CVE-2010-3880", "CVE-2010-4250", "CVE-2010-4342", "CVE-2011-1010", "CVE-2010-3858", "CVE-2010-3699", "CVE-2011-1082", "CVE-2011-1477", "CVE-2011-1493", "CVE-2011-1182", "CVE-2011-1090", "CVE-2010-3849", "CVE-2010-4077", "CVE-2010-4075", "CVE-2010-4076"], "description": "The openSUSE 11.3 kernel was updated to 2.6.34.8 to fix various bugs and security issues.\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "modified": "2011-04-28T13:57:06", "published": "2011-04-28T13:57:06", "id": "SUSE-SA:2011:020", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00007.html", "type": "suse", "title": "remote denial of service in kernel", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:48:25", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0521", "CVE-2011-1476", "CVE-2011-1160", "CVE-2011-1478", "CVE-2011-1012", "CVE-2011-0711", "CVE-2010-4650", "CVE-2011-1180", "CVE-2011-1581", "CVE-2011-0712", "CVE-2011-1163", "CVE-2011-1013", "CVE-2011-0191", "CVE-2011-1093", "CVE-2011-1010", "CVE-2011-1016", "CVE-2011-1082", "CVE-2011-1477", "CVE-2011-1493", "CVE-2011-1182", "CVE-2011-1577"], "description": "The openSUSE 11.4 kernel was updated to 2.6.37.6 fixing lots of bugs and security issues.\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "modified": "2011-04-29T16:52:44", "published": "2011-04-29T16:52:44", "id": "SUSE-SA:2011:021", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00008.html", "type": "suse", "title": "remote denial of service in kernel", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2020-11-11T13:25:23", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4242", "CVE-2011-0521", "CVE-2010-4163", "CVE-2010-4529", "CVE-2010-4668", "CVE-2010-4346", "CVE-2010-4527", "CVE-2010-4649", "CVE-2010-0435", "CVE-2010-4656", "CVE-2010-4158", "CVE-2010-4526", "CVE-2010-4162", "CVE-2010-4258", "CVE-2010-4248", "CVE-2010-4243", "CVE-2010-4249", "CVE-2010-4342", "CVE-2010-3699", "CVE-2010-4565"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2153-1 security@debian.org\nhttp://www.debian.org/security/ dann frazier\nJanuary 30, 2011 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : linux-2.6\nVulnerability : privilege escalation/denial of service/information leak\nProblem type : local/remote\nDebian-specific: no\nCVE Id(s) : CVE-2010-0435 CVE-2010-3699 CVE-2010-4158 CVE-2010-4162 \n CVE-2010-4163 CVE-2010-4242 CVE-2010-4243 CVE-2010-4248 \n CVE-2010-4249 CVE-2010-4258 CVE-2010-4342 CVE-2010-4346 \n CVE-2010-4526 CVE-2010-4527 CVE-2010-4529 CVE-2010-4565 \n CVE-2010-4649 CVE-2010-4656 CVE-2010-4668 CVE-2011-0521\n\nSeveral vulnerabilities have been discovered in the Linux kernel that may lead\nto a privilege escalation, denial of service or information leak. The Common\nVulnerabilities and Exposures project identifies the following problems:\n\nCVE-2010-0435\n\n Gleb Napatov reported an issue in the KVM subsystem that allows virtual\n machines to cause a denial of service of the host machine by executing mov\n to/from DR instructions.\n\nCVE-2010-3699\n\n Keir Fraser provided a fix for an issue in the Xen subsystem. A guest can\n cause a denial of service on the host by retaining a leaked reference to a\n device. This can result in a zombie domain, xenwatch process hangs, and xm\n command failures.\n\nCVE-2010-4158\n\n Dan Rosenberg discovered an issue in the socket filters subsystem, allowing\n local unprivileged users to obtain the contents of sensitive kernel memory.\n\nCVE-2010-4162\n\n Dan Rosenberg discovered an overflow issue in the block I/O subsystem that\n allows local users to map large numbers of pages, resulting in a denial of\n service due to invocation of the out of memory killer.\n\nCVE-2010-4163\n\n Dan Rosenberg discovered an issue in the block I/O subsystem. Due to\n improper validation of iov segments, local users can trigger a kernel panic\n resulting in a denial of service.\n\nCVE-2010-4242\n\n Alan Cox reported an issue in the Bluetooth subsystem. Local users with\n sufficient permission to access HCI UART devices can cause a denial of\n service (NULL pointer dereference) due to a missing check for an existing\n tty write operation.\n\nCVE-2010-4243\n\n Brad Spengler reported a denial-of-service issue in the kernel memory\n accounting system. By passing large argv/envp values to exec, local users\n can cause the out of memory killer to kill processes owned by other users.\n\nCVE-2010-4248\n\n Oleg Nesterov reported an issue in the POSIX CPU timers subsystem. Local\n users can cause a denial of service (Oops) due to incorrect assumptions\n about thread group leader behavior.\n\nCVE-2010-4249\n\n Vegard Nossum reported an issue with the UNIX socket garbage collector.\n Local users can consume all of LOWMEM and decrease system performance by\n overloading the system with inflight sockets.\n\nCVE-2010-4258\n\n Nelson Elhage reported an issue in Linux oops handling. Local users may be\n able to obtain elevated privileges if they are able to trigger an oops with\n a process' fs set to KERNEL_DS.\n\nCVE-2010-4342\n\n Nelson Elhage reported an issue in the econet protocol. Remote attackers can\n cause a denial of service by sending an Acorn Universal Networking packet\n over UDP.\n\nCVE-2010-4346\n\n Tavis Ormandy discovered an issue in the install_special_mapping routine\n which allows local users to bypass the mmap_min_addr security restriction.\n Combined with an otherwise low severity local denial of service\n vulnerability (NULL pointer dereference), a local user could obtain elevated\n privileges.\n\nCVE-2010-4526\n\n Eugene Teo reported a race condition in the Linux SCTP implementation.\n Remote users can cause a denial of service (kernel memory corruption) by\n transmitting an ICMP unreachable message to a locked socket.\n\nCVE-2010-4527\n\n Dan Rosenberg reported two issues in the OSS soundcard driver. Local users\n with access to the device (members of group 'audio' on default Debian\n installations) may contain access to sensitive kernel memory or cause a\n buffer overflow, potentially leading to an escalation of privileges.\n\nCVE-2010-4529\n\n Dan Rosenberg reported an issue in the Linux kernel IrDA socket\n implementation on non-x86 architectures. Local users may be able to gain\n access to sensitive kernel memory via a specially crafted IRLMP_ENUMDEVICES\n getsockopt call.\n\nCVE-2010-4565\n\n Dan Rosenberg reported an issue in the Linux CAN protocol implementation.\n Local users can obtain the address of a kernel heap object which might help\n facilitate system exploitation.\n\nCVE-2010-4649\n\n Dan Carpenter reported an issue in the uverb handling of the InfiniBand\n subsystem. A potential buffer overflow may allow local users to cause a\n denial of service (memory corruption) by passing in a large cmd.ne value.\n\nCVE-2010-4656\n\n Kees Cook reported an issue in the driver for I/O-Warrior USB devices.\n Local users with access to these devices maybe able to overrun kernel\n buffers, resulting in a denial of service or privilege escalation.\n\nCVE-2010-4668\n\n Dan Rosenberg reported an issue in the block subsystem. A local user can\n cause a denial of service (kernel panic) by submitting certain 0-length I/O\n requests.\n\nCVE-2011-0521\n\n Dan Carpenter reported an issue in the DVB driver for AV7110 cards. Local\n users can pass a negative info->num value, corrupting kernel memory and\n causing a denial of service.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 2.6.26-26lenny2.\n\nThe following matrix lists additional source packages that were rebuilt for\ncompatibility with or to take advantage of this update:\n\n Debian 5.0 (lenny)\n user-mode-linux 2.6.26-1um-2+26lenny2\n\nWe recommend that you upgrade your linux-2.6 and user-mode-linux packages.\n\nNote that these updates will not become active until after your system is\nrebooted.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 8, "modified": "2011-01-30T06:42:19", "published": "2011-01-30T06:42:19", "id": "DEBIAN:DSA-2153-1:FDD6A", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2011/msg00017.html", "title": "[SECURITY] [DSA 2153-1] linux-2.6 security update", "type": "debian", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:35:27", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0521", "CVE-2010-4346", "CVE-2011-1478", "CVE-2011-0710", "CVE-2011-1010", "CVE-2011-1090"], "description": "[2.6.18-238.9.1.0.1.el5]\n- [scsi] fix scsi hotplug and rescan race [orabug 10260172]\n- fix filp_close() race (Joe Jin) [orabug 10335998]\n- fix missing aio_complete() in end_io (Joel Becker) [orabug 10365195]\n- make xenkbd.abs_pointer=1 by default [orabug 67188919]\n- [xen] check to see if hypervisor supports memory reservation change\n (Chuck Anderson) [orabug 7556514]\n- [net] Enable entropy for bnx2,bnx2x,e1000e,igb,ixgb,ixgbe,ixgbevf (John Sobecki)\n [orabug 10315433]\n- [NET] Add xen pv netconsole support (Tina Yang) [orabug 6993043] [bz 7258]\n- [mm] shrink_zone patch (John Sobecki,Chris Mason) [orabug 6086839]\n- fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042]\n- [rds] Patch rds to 1.4.2-20 (Andy Grover) [orabug 9471572, 9344105]\n RDS: Fix BUG_ONs to not fire when in a tasklet\n ipoib: Fix lockup of the tx queue\n RDS: Do not call set_page_dirty() with irqs off (Sherman Pun)\n RDS: Properly unmap when getting a remote access error (Tina Yang)\n RDS: Fix locking in rds_send_drop_to()\n- [qla] fix qla not to query hccr (Guru Anbalagane) [Orabug 8746702]\n- [nfs] too many getattr and access calls after direct I/O [orabug 9348191]\n- [xen] PVHVM guest with PoD crashes under memory pressure (Chuck Anderson)\n [orabug 9107465]\n- [xen] PV guest with FC HBA hangs during shutdown (Chuck Anderson)\n [orabug 9764220]\n- Support 256GB+ memory for pv guest (Mukesh Rathor) [orabug 9450615]\n- fix overcommit memory to use percpu_counter for el5 (KOSAKI Motohiro,\n Guru Anbalagane) [orabug 6124033]\n- [ipmi] make configurable timeouts for kcs of ipmi [orabug 9752208]\n- [ib] fix memory corruption (Andy Grover) [orabug 9972346]\n- [aio] patch removes limit on number of retries (Srinivas Eeda) [orabug 10044782]\n- [loop] Do not call loop_unplug for not configured loop device (orabug 10314497)\n[2.6.18-238.9.1.el5]\n- [md] dm-mpath: fix NULL deref when path parameter missing (Mike Snitzer) [683443 673058]\n- [md] dm-mpath: wait for pg_init completion on suspend (Mike Snitzer) [683443 673058]\n- [md] dm-mpath: hold io until all pg_inits completed (Mike Snitzer) [683443 673058]\n- [md] dm-mpath: skip activate_path for failed paths (Mike Snitzer) [683443 673058]\n- [md] dm-mpath: pass struct pgpath to pg init done (Mike Snitzer) [683443 673058]\n- [md] dm-mpath: prevent io from work queue while suspended (Mike Snitzer) [683443 673058]\n- [md] dm-mpath: add mutex to sync adding and flushing work (Mike Snitzer) [683443 673058]\n- [md] dm-mpath: flush workqueues before suspend completes (Mike Snitzer) [683443 673058]\n[2.6.18-238.8.1.el5]\n- [message] mptfusion: fix msgContext in mptctl_hp_hostinfo (Tomas Henzl) [684128 646513]\n- [fs] nfs: fix use of slab alloc'd pages in skb frag list (Neil Horman) [682642 682643] {CVE-2011-1090}\n- [s390] remove task_show_regs (Danny Feng) [677852 677853] {CVE-2011-0710}\n- [misc] vdso: export wall_to_monotonic (Prarit Bhargava) [688312 675727]\n- [x86_64] Use u32, not long, to set reset vector back to 0 (Don Zickus) [682673 675258]\n- [misc] vmware: increase apic_calibration_diff to 10000 (Prarit Bhargava) [680350 665197]\n[2.6.18-238.7.1.el5]\n- [fs] partitions: Validate map_count in Mac part tables (Danny Feng) [679283 679284] {CVE-2011-1010}\n- [x86] fix AMD family 0x15 guest boot issue on 64-bit host (Frank Arnold) [679747 667234]\n- [sound] alsa: cache mixer values on usb-audio devices (Don Zickus) [680043 678074]\n- [media] dvb: fix av7110 negative array offset (Mauro Carvalho Chehab) [672401 672402] {CVE-2011-0521}\n- [message] mptfusion: add required mptctl_release call (Tomas Henzl) [677173 660871]\n- [fs] nfs: pure nfs client performance using odirect (Jeff Layton) [677172 643441]\n- [mm] fix install_special_mapping skips security_file_mmap (Frantisek Hrbata) [662196 662197] {CVE-2010-4346}\n- [scsi] device_handler: fix alua_rtpg port group id check (Mike Snitzer) [681795 669961]\n- [net] cnic: fix big endian bug with device page tables (Steve Best) [674774 669527]\n- [net] gro: reset dev pointer on reuse (Andy Gospodarek) [674588 600350]\n- [misc] add ignore_loglevel kernel parameter (Amerigo Wang) [675665 662102]\n- [misc] add bootmem_debug kernel parameter (Amerigo Wang) [675665 662102]\n- [fs] gfs2: remove iopen glocks from cache on delete fail (Benjamin Marzinski) [675909 666080]\n[2.6.18-238.6.1.el5]\n- [net] bonding: convert netpoll tx blocking to a counter (Neil Horman) [675664 659594]", "edition": 4, "modified": "2011-04-13T00:00:00", "published": "2011-04-13T00:00:00", "id": "ELSA-2011-0429", "href": "http://linux.oracle.com/errata/ELSA-2011-0429.html", "title": "kernel security and bug fix update", "type": "oraclelinux", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:21", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4242", "CVE-2011-0521", "CVE-2010-4073", "CVE-2010-4072", "CVE-2010-4527", "CVE-2010-4083", "CVE-2010-3859", "CVE-2010-3477", "CVE-2010-4080", "CVE-2010-4158", "CVE-2010-3876", "CVE-2010-3296", "CVE-2010-4258", "CVE-2010-3442", "CVE-2010-4249", "CVE-2010-4157", "CVE-2010-3081", "CVE-2010-3067", "CVE-2010-3432", "CVE-2010-4075", "CVE-2010-4655"], "description": "[2.6.9-100]\n-cxgb3: prevent reading uninitialized stack memory to fix xgb_extension_ioctl infoleak (Eugene Teo) [633153] {CVE-2010-3296}\n-mlx4: disable MSI-X by default (Andy Gospodarek) [530596]\n-ext3: call fs invalidatepage instead of block_invalidatepage (Josef Bacik) [488611]\n-av7110: check for negative array offset (Mauro Carvalho Chehab) [672400] {CVE-2011-0521}\n-ext3: don not dirty unmapped data buffers (Josef Bacik) [488611]\n-net: clear heap allocations for privileged ethtool actions (Jiri Pirko) [672431] {CVE-2010-4655}\n[2.6.9-99]\n-bonding: fix active backup failover due to jiffie wrap (Andy Gospodarek) [641112]\n[2.6.9-98]\n-sound: fix a buffer overflow in the oss mixer (David Howells) [667619] {CVE-2010-4527}\n[2.6.9-97]\n-fs: fix filesystem corruption on ext2 (Alexander Viro) [662839]\n-sky2: fix oops in sky2_xmit_frame after tx timeout (Don Howard) [614559]\n-netdump: fix netdump failures on large memory systems (Neil Horman) [488557]\n[2.6.9-96]\n-usb: ehci amd periodic frame list table quirk (Don Zickus) [651334]\n-fs: truncate blocks outside i_size after O_DIRECT write error (Eric Sandeen) [665067]\n[2.6.9-95]\n-jbd: skip buffers that have a different jh (Josef Bacik) [488611]\n-unix: fix local socket dos (Neil Horman) [656758] {CVE-2010-4249}\n-s390x: qdio: fix zfcp stall with more than 63 active qdio devices (Hendrik Brueckner) [662130]\n-ehci-hcd: fix fatal error during bootup (Don Zickus) [656447]\n[2.6.9-94]\n-modules: sysctl to block module loading (Jerome Marchand) [645220]\n-redhat: added config_security_dmesg_restrict option (Frantisek Hrbata) [653252]\n-kernel: restrict unprivileged access to kernel syslog (Frantisek Hrbata) [653252]\n-sysctl: introduce ctl_unnumbered definition in sysctl.h (Frantisek Hrbata) [653252]\n-usb: allow usbstorage to have luns greater than 2TB (Don Zickus) [658824]\n-serial: clean data before filling it (Mauro Carvalho Chehab) [648809] {CVE-2010-4075}\n-sched: fix task starvation on Hyperthreaded cpus (Vitaly Mayatskikh) [488089]\n-s390: sclp: handle zero length event buffers (Hans-Joachim Picht) [487692]\n[2.6.9-93]\n-kernel: failure to revert address limit override in oops error path (Dave Anderson) [659569] {CVE-2010-4258}\n-nfsv4: fix oops in nfs4_kill_super (Jeff Layton) [660448]\n-net: filter: make sure filters dont read uninitialized memory (Jiri Pirko) [651701] {CVE-2010-4158}\n-net: limit sendto()/recvfrom()/iovec total length to INT_MAX (Jiri Pirko) [651924] {CVE-2010-3859}\n-bluetooth: fix missing null check (Jarod Wilson) [655663] {CVE-2010-4242}\n-ipc: initialize structure memory to zero for compat functions (Xiaotian Feng) [648811] {CVE-2010-4073}\n-ipc: shm: fix information leak to userland (Xiaotian Feng) [648817] {CVE-2010-4072}\n-netfront: default to copying instead of flipping (Laszlo Ersek) [653505]\n-net: packet: fix information leak to userland (Jiri Pirko) [649896] {CVE-2010-3876}\n-scsi: gdth: integer overflow in ioc_general (Frantisek Hrbata) [651174] {CVE-2010-4157}\n-sys_semctl: semctl fix kernel stack leakage (Xiaotian Feng) [648794] {CVE-2010-4083}\n-alsa: rme9652: prevent reading uninitialized stack memory (Stanislaw Gruszka) [648807] {CVE-2010-4080}\n-fs: only return EIO once on msync/fsync after IO failure (Rik van Riel) [645633]\n-xen: virtio_net: add get_drvinfo() to virtio_net (Laszlo Ersek) [647196]\n-xen: netfront: add get_drvinfo() to netfront (Laszlo Ersek) [647187]\n-kernel: fix possible integer overflow in mm/fremap.c (Larry Woodman) [637045]\n[2.6.9-92]\n-mm: revert patch to reduce large file latency during writebacks (Larry Woodman) [488070]\n[2.6.9-91]\n-mm: prevent panic when setting /proc/sys/vm/nr_hugepages (Larry Woodman) [647567]\n-net: sctp: do not reset the packet during sctp_packet_config() (Jiri Pirko) [637865] {CVE-2010-3432}\n-scsi: fix panic in sysfs_hash_and_remove() when scsi device is removed (Mark Goodwin) [533299]\n[2.6.9-90]\n-kernel: prevent heap corruption in snd_ctl_new() (Jerome Marchand) [638482] {CVE-2010-3442}\n-forcedeth: latest bugfixes from upstream (Ivan Vecera) [552953]\n-forcedeth: remove CONFIG_FORCEDETH_NAPI=y from config-generic (Ivan Vecera) [552953]\n[2.6.9-89.45]\n-scsi: scsi_do_req submitted commands (tape) never complete when device goes (Rob Evers) [636289]\n-scsi: log msg when getting unit attention (Mike Christie) [585430]\n-jbd: fix panic in jbd when running bashmemory (Josef Bacik) [488611]\n-qla2xxx: work around hypertransport sync flood error on sun x4200 with qla2xxx (Chad Dupuis) [621621]\n-aio: implement request batching for better merging and throughput (Jeff Moyer) [508377]\n-fs: a bunch of patches to fix various nfsd/iget() races (Alexander Viro) [189918]\n-net: bonding: add debug module option (Jiri Pirko) [247116]\n-fix fd leaks if pipe() is called with an invalid address (Amerigo Wang) [509627]\n[2.6.9-89.44]\n-ide-scsi: fix deadlock in ide-scsi error handler (Doug Ledford) [526966]\n-mlx4_core: allocate sufficient memory for interrupt table (Doug Ledford) [530596]\n-mptbase: panic with domain validation while rebuilding after the disk is replaced (Rob Evers) [476874]\n-fs: buffer: __block_write_full_page simplification by removing last_bh logic (Jeff Moyer) [472752]\n-fs: buffer: __block_write_full_page speedup by removing get_bh() and put_bh() (Jeff Moyer) [472752]\n-fs: buffer: __block_write_full_page race fix (Jeff Moyer) [472752]\n-kernel: fix integer overflow in groups_search (Jerome Marchand) [457519]\n-cifs: remove bogus check in ntlm session setup code (Jeff Layton) [604786]\n-cifs: when renaming don not try to unlink negative dentry (Jeff Layton) [500904]\n-autofs4: fix lookup deadlock when user space uses a signal (Ian Kent) [477017]\n-fs: make sure data stored into inode is properly seen before unlocking new inode (Eric Sandeen) [563920]\n-ipc: hard_msgmax should be higher not lower on 64bit (Amerigo Wang) [525815]\n-fs: fix file truncations when both suid and write permissions set (Amerigo Wang) [525398]\n-block: fix rcu accesses in partition statistics (Jerome Marchand) [517523]\n-kernel headers: fix missing defintion that causes build break (Neil Horman) [504593]\n[2.6.9-89.43]\n-aacraid: fix file system going into read only mode (Rob Evers) [624713]\n-blkfront: xen domu, raid1, lvm, iscsi target export with blockio bug (Paolo Bonzini) [490148]\n-cciss: change version from 2.6.20.RH2 to 2.6.20.RH3 (Tomas Henzl) [594086]\n-cciss: added printk in do_cciss_request before BUG() (Tomas Henzl) [594086]\n-cciss: fix a nulll pointer dereference in complete_command() (Tomas Henzl) [594086]\n-cciss: fix an issue when sending command with no data (Tomas Henzl) [594086]\n-mm: honor __GFP_NOFAIL flag in __alloc_pages() (Lachlan McIlroy) [605455]\n-xen: fix crashing of x86 hvm guest on x86_64 (Radim Krcmar) [637658]\n-xen: hide xenbus warnings on hvm guest shutdown (Radim Krcmar) [505081]\n-powernow-k8: fix errant print statement during voltage transitions (Bhavna Sarathy) [217829]\n-fusion: add sleep before subsequent tur in scan function (Tomas Henzl) [495236]\n-bonding: fix a race condition in calls to slave mii ioctls (Flavio Leitner) [621209]\n-s390x: cio: vary off on chpid 00 causes unexpected recovery actions (Hendrik Brueckner) [619855]\n-netfilter: arp_tables: fix unaligned accesses caused by casting strings to long (Jiri Pirko) [591638]\n-net: neigh: fix state transition incomplete->failed via netlink request (Jiri Pirko) [485904]\n-x86_64: floating point state corruption after handling the signal (Oleg Nesterov) [564381]\n-pidhashing: enforce pid_max_limit in sysctls and lower pid_max_limit on 32bit systems (Jiri Pirko) [525941]\n-s390: cio: linux does not boot through xautolog with conmode 3270 (Hans-Joachim Picht) [526282]\n-net: fix proc net ip_conntrack seq_file operations (Danny Feng) [524884]\n-ia64: swiotlb: fix swiotlb pci_map_sg error handling (Tomas Henzl) [525427]\n-xen: try harder to balloon up under memory pressure (Andrew Jones) [507847]\n-mm: fix bogus memory node assumption in huge page allocation (AMEET M. PARANJAPE) [506827]\n-kernel: binfmt_misc c: avoid potential kernel stack overflow (Vitaly Mayatskikh) [459466]\n-net: fix ipvs wrr scheduler bug of updating current weight (Vitaly Mayatskikh) [462717]\n[2.6.9-89.42]\n-net: actually copy input_dev to new sk_buff in skb_clone (Andy Gospodarek) [616710]\n-net: fix reception of completely page backed sk_buffs (Andy Gospodarek) [500921]\n-net: fix various snmp counter issues (Thomas Graf) [500889]\n-xen: can enter tickless mode with rcu pending and hang (Paolo Bonzini) [427998]\n-xen: fix occasional deadlocks in xen netfront (Paolo Bonzini) [480937]\n-xen: xenbus suspend_mutex remains locked on trans fail (Paolo Bonzini) [456649]\n-ext2: put explicit checks to not divide by zero (Josef Bacik) [500181]\n-usb: ehci split iso fixes, full speed audio etc (Don Zickus) [624117]\n-xenbus: implement O_NONBLOCK for /proc/xen/xenbus (Paolo Bonzini) [607261]\n-nfs: initialize nfs_open_context list member at allocation time (Jeff Layton) [634632]\n-cifs: fix dentry hash calculation for case insensitive mounts (Jeff Layton) [562949]\n-cifs: fix length calculation for converted unicode readdir names (Jeff Layton) [562949]\n[2.6.9-89.41]\n-bonding: fix ALB mode to balance traffic on vlans (Flavio Leitner) [640803]\n[2.6.9-89.40]\n-bonding: interface doesn t issue igmp report on slave interface during failover (Flavio Leitner) [637556]\n[2.6.9-89.39]\n-net: fix info leak in police code (Neil Horman) [636390] {CVE-2010-3477}\n-aio: check for multiplication overflow in io_submit (Jeff Moyer) [629447] {CVE-2010-3067}\n-fs: buffer.c: fix race in __block_prepare_write (Jeff Moyer) [480404]\n-3c59x: fix deadlock in irq handler tx path when netconsole in use (Neil Horman) [557380]\n-udp: use memory barrier in datagram_poll (Flavio Leitner) [546251]\n[2.6.9-89.38]\n-compat: make compat_alloc_user_space incorporate the access_ok (Xiaotian Feng) [634462] {CVE-2010-3081}\n-ext3: ensure inode is deleted from orphan list in ext3_direct_io() (Lachlan McIlroy) [629143]\n-sb800: add quirk for iso on amd sb800 (Pete Zaitcev) [537447]\n[2.6.9-89.37]\n-virtio_net: Fix MAX_PACKET_LEN to support 802.1Q VLANs (Michael S. Tsirkin) [607533]\n-do_generic_mapping_read: clear page errors when issuing a fresh read of the page (Rik van Riel) [481371]\n-ide: backport VIA PCI chipset ids to via82cxxx driver (Mauro Carvalho Chehab) [504778]\n-nfsd4: relax new lock seqid check (Jeff Layton) [577369]\n-igb: fix transmission of jumbo frames with mtu>=2100 (Stefan Assmann) [494597]\n-net: fix tcp conntrack to handle the half opened connection correctly (Jiri Pirko) [531914]\n-net: fix promisc refcounting for interfaces listening for multicast traffic (Neil Horman) [481292]\n-sctp: assign tsns earlier to avoid reordering (Neil Horman) [532045]\n-cciss: switch to using hlist to fix panic (Tomas Henzl) [479090]\n-nfs: statfs error handling and error message fix (Jeff Layton) [520018]\n-kthreads: fix kthread_create vs kthread_stop race (Oleg Nesterov) [519006]\n[2.6.9-89.36]\n-nfsd4: fix share conflict tests in nfs_check_open() (Jeff Layton) [510184]\n-nfsd4: move open owner checks from nfsd4_process_open2 into new function (Jeff Layton) [510184]\n-nfsd4: renew lease on seqid modifying operations (Jeff Layton) [508752]\n-ahci: add SATA GEN3 related messages (David Milburn) [512715]\n-igmp: fix ip_mc_sf_allow() race due to a lock problem (Flavio Leitner) [562904]\n-xen: don not recreate xenfb thread on every restore (Chris Lalancette) [543823]\n-bcm5709: update firmware for bcm5709 from version 4.4.23 to 4.6.15 (John Feeney) [532858]\n-net: apply broken_stats workaround to 5706 and 5708 (Flavio Leitner) [515274]\n-nfsd: fix races when cleaning up after last nfsd thread exits (Jeff Layton) [501500]\n-nfs: nfsd returns nfs4_ok when the owner opens a file with permission set to 000 (Peter Staubach) [507527]\n-nfsv4: send the delegation stateid for setattr calls (Jeff Layton) [502884]\n-nfsv4: fix up races in nfs4_proc_setattr (Jeff Layton) [502884]\n-nfsv4: don t reuse expired nfs4_state_owner structs (Jeff Layton) [502884]\n-nfsv4: fix a credential reference leak in nfs4_get_state_owner (Jeff Layton) [502884]\n-nfsv4: poll more aggressively when handling nfs4err_delay (Jeff Layton) [502884]\n-nfsv4: flush nfsv4 work workqueue before killing superblock (Jeff Layton) [501335]\n-nfsv4: only queue nfs4_close_state job when called by rpciod (Jeff Layton) [501335]\n-nfsv4: switch nfs4 workqueue to a per client queue (Jeff Layton) [501335]\n-nfs: mounted nfsv4/krb5 export inaccessible following an nfs server reboot (Harshula) [514684] ", "edition": 72, "modified": "2011-02-23T00:00:00", "published": "2011-02-23T00:00:00", "id": "ELSA-2011-0263", "href": "http://linux.oracle.com/errata/ELSA-2011-0263.html", "title": "Oracle Linux 4.9 kernel security and bug fix update", "type": "oraclelinux", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:38:55", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0521", "CVE-2010-4346", "CVE-2011-0695", "CVE-2011-1478", "CVE-2010-4656", "CVE-2010-4648", "CVE-2011-1010", "CVE-2011-1090", "CVE-2010-4655"], "description": "[2.6.32-100.28.11.el6]\n- fs/partitions: Validate map_count in Mac partition tables {CVE-2011-1010}\n- nfs4: Ensure that ACL pages sent over NFS were not allocated from\n the slab (v3) {CVE-2011-1090}\n[2.6.32-100.28.10.el6]\n- Use cciss for some Smart Array controller for OL5 [orabug 11899706]\n- CVEs from RHSA-2011-0421\n- install_special_mapping skips security_file_mmap check {CVE-2010-4346}\n- orinoco: fix TKIP countermeasure behaviour {CVE-2010-4648}\n- net: clear heap allocation for ethtool_get_regs() {CVE-2010-4655}\n- usb: iowarrior: don't trust report_size for buffer size {CVE-2010-4656}\n- [media] [v3,media] av7110: check for negative array offset {CVE-2011-0521}\n- RDMA/cma: Fix crash in request handlers {CVE-2011-0695}\n- IB/cm: Bump reference count on cm_id before invoking callback {CVE-2011-0695}\n- gro: reset skb_iif on reuse {CVE-2011-1478}", "edition": 4, "modified": "2011-04-14T00:00:00", "published": "2011-04-14T00:00:00", "id": "ELSA-2011-2014", "href": "http://linux.oracle.com/errata/ELSA-2011-2014.html", "title": "Oracle Linux 6 Unbreakable Enterprise kernel security fix update", "type": "oraclelinux", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2020-08-13T19:38:41", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0521", "CVE-2010-4346", "CVE-2011-1478", "CVE-2011-0710", "CVE-2011-1010", "CVE-2011-1090"], "description": "**CentOS Errata and Security Advisory** CESA-2011:0429\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues:\n\n* A missing boundary check was found in the dvb_ca_ioctl() function in the\nLinux kernel's av7110 module. On systems that use old DVB cards that\nrequire the av7110 module, a local, unprivileged user could use this flaw\nto cause a denial of service or escalate their privileges. (CVE-2011-0521,\nImportant)\n\n* An inconsistency was found in the interaction between the Linux kernel's\nmethod for allocating NFSv4 (Network File System version 4) ACL data and\nthe method by which it was freed. This inconsistency led to a kernel panic\nwhich could be triggered by a local, unprivileged user with files owned by\nsaid user on an NFSv4 share. (CVE-2011-1090, Moderate)\n\n* A NULL pointer dereference flaw was found in the Generic Receive Offload\n(GRO) functionality in the Linux kernel's networking implementation. If\nboth GRO and promiscuous mode were enabled on an interface in a virtual LAN\n(VLAN), it could result in a denial of service when a malformed VLAN frame\nis received on that interface. (CVE-2011-1478, Moderate)\n\n* A missing security check in the Linux kernel's implementation of the\ninstall_special_mapping() function could allow a local, unprivileged user\nto bypass the mmap_min_addr protection mechanism. (CVE-2010-4346, Low)\n\n* An information leak was found in the Linux kernel's task_show_regs()\nimplementation. On IBM S/390 systems, a local, unprivileged user could use\nthis flaw to read /proc/[PID]/status files, allowing them to discover the\nCPU register values of processes. (CVE-2011-0710, Low)\n\n* A missing validation check was found in the Linux kernel's\nmac_partition() implementation, used for supporting file systems created\non Mac OS operating systems. A local attacker could use this flaw to cause\na denial of service by mounting a disk that contains specially-crafted\npartitions. (CVE-2011-1010, Low)\n\nRed Hat would like to thank Ryan Sweat for reporting CVE-2011-1478; Tavis\nOrmandy for reporting CVE-2010-4346; and Timo Warns for reporting\nCVE-2011-1010.\n\nThis update also fixes several bugs. Documentation for these bug fixes will\nbe available shortly from the Technical Notes document linked to in the\nReferences section.\n\nUsers should upgrade to these updated packages, which contain backported\npatches to correct these issues, and fix the bugs noted in the Technical\nNotes. The system must be rebooted for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2011-April/029327.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-April/029328.html\n\n**Affected packages:**\nkernel\nkernel-PAE\nkernel-PAE-devel\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-headers\nkernel-xen\nkernel-xen-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2011-0429.html", "edition": 4, "modified": "2011-04-14T13:37:51", "published": "2011-04-14T13:37:51", "href": "http://lists.centos.org/pipermail/centos-announce/2011-April/029327.html", "id": "CESA-2011:0429", "title": "kernel security update", "type": "centos", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}]}
