DATABASE RESOURCES PRICING ABOUT US

{"id": "OPENVAS:1361412562310850140", "vendorId": null, "type": "openvas", "bulletinFamily": "scanner", "title": "SuSE Update for kernel SUSE-SA:2010:036", "description": "Check for the Version of kernel", "published": "2010-09-10T00:00:00", "modified": "2018-01-16T00:00:00", "epss": [{"cve": "CVE-2009-4537", "epss": 0.05475, "percentile": 0.9238, "modified": "2023-11-26"}, {"cve": "CVE-2010-2521", "epss": 0.17301, "percentile": 0.9557, "modified": "2023-11-26"}, {"cve": "CVE-2008-0598", "epss": 0.00044, "percentile": 0.08554, "modified": "2023-11-26"}, {"cve": "CVE-2010-0727", "epss": 0.00042, "percentile": 0.05717, "modified": "2023-11-26"}, {"cve": "CVE-2007-6733", "epss": 0.00042, "percentile": 0.05717, "modified": "2023-11-26"}, {"cve": "CVE-2009-4020", "epss": 0.11258, "percentile": 0.94625, "modified": "2023-11-26"}, {"cve": "CVE-2010-1083", "epss": 0.00062, "percentile": 0.24777, "modified": "2023-11-26"}, {"cve": "CVE-2007-6206", "epss": 0.00044, "percentile": 0.08554, "modified": "2023-11-26"}, {"cve": "CVE-2010-1188", "epss": 0.04848, "percentile": 0.91898, "modified": "2023-11-26"}, {"cve": "CVE-2009-1389", "epss": 0.11364, "percentile": 0.94647, "modified": "2023-11-26"}, {"cve": "CVE-2008-3275", "epss": 0.00044, "percentile": 0.08554, "modified": "2023-11-26"}, {"cve": "CVE-2010-1088", "epss": 0.00258, "percentile": 0.63415, "modified": "2023-11-26"}], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "cvss2": {}, "cvss3": {}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850140", "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "references": ["2010-036"], "cvelist": ["CVE-2009-4537", "CVE-2010-2521", "CVE-2008-0598", "CVE-2010-0727", "CVE-2007-6733", "CVE-2009-4020", "CVE-2010-1083", "CVE-2007-6206", "CVE-2010-1188", "CVE-2009-1389", "CVE-2008-3275", "CVE-2010-1088"], "immutableFields": [], "lastseen": "2018-01-17T11:05:52", "viewCount": 16, "enchantments": {"score": {"value": 0.6, "vector": "NONE"}, "dependencies": {"references": [{"type": "centos", "idList": ["CESA-2008:0055", "CESA-2008:0089", "CESA-2008:0211", "CESA-2008:0508", "CESA-2008:0519", "CESA-2008:0885", "CESA-2008:0973", "CESA-2009:0001-01", "CESA-2009:0014", "CESA-2009:1193", "CESA-2010:0019", "CESA-2010:0020", "CESA-2010:0046", "CESA-2010:0076", "CESA-2010:0394", "CESA-2010:0504", "CESA-2010:0606", "CESA-2010:0610", "CESA-2010:0723"]}, {"type": "checkpoint_security", "idList": ["CPS:SK44718"]}, {"type": "cve", "idList": ["CVE-2007-6206", "CVE-2007-6733", "CVE-2008-0598", "CVE-2008-3275", "CVE-2009-1389", "CVE-2009-4020", "CVE-2009-4537", "CVE-2009-4538", "CVE-2010-0727", "CVE-2010-1083", "CVE-2010-1088", "CVE-2010-1188", "CVE-2010-2521", "CVE-2012-2319"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1436-1:A63C3", "DEBIAN:DSA-1503-1:0C4D4", "DEBIAN:DSA-1503-2:1BB11", "DEBIAN:DSA-1504-1:18A93", "DEBIAN:DSA-1630-1:8E4BC", "DEBIAN:DSA-1636-1:2F315", "DEBIAN:DSA-1844-1:B4D67", "DEBIAN:DSA-1865-1:34CE7", "DEBIAN:DSA-2003-1:E3418", "DEBIAN:DSA-2004-1:2FC61", "DEBIAN:DSA-2053-1:F2BFF", "DEBIAN:DSA-2094-1:7CFE2"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2012-2319"]}, {"type": "f5", "idList": ["SOL16479"]}, {"type": "fedora", "idList": ["FEDORA:0A08C10F8CD", "FEDORA:101AF111631", "FEDORA:1EC1210F9FC", "FEDORA:1F915226FCF", "FEDORA:24DB910F87E", "FEDORA:2A7BE111947", "FEDORA:45AC610F8D3", "FEDORA:58608110C02", "FEDORA:5AA2F10FA12", "FEDORA:B0F721107BF", "FEDORA:B72D7110F0C", "FEDORA:C5ABB10F8BB", "FEDORA:D7C4010F8B4", "FEDORA:E07AD11061A"]}, {"type": "nessus", "idList": ["CENTOS_RHSA-2008-0055.NASL", "CENTOS_RHSA-2008-0089.NASL", "CENTOS_RHSA-2008-0211.NASL", "CENTOS_RHSA-2008-0508.NASL", "CENTOS_RHSA-2008-0519.NASL", "CENTOS_RHSA-2008-0885.NASL", "CENTOS_RHSA-2008-0973.NASL", "CENTOS_RHSA-2009-0014.NASL", "CENTOS_RHSA-2009-1193.NASL", "CENTOS_RHSA-2010-0019.NASL", "CENTOS_RHSA-2010-0020.NASL", "CENTOS_RHSA-2010-0046.NASL", "CENTOS_RHSA-2010-0076.NASL", "CENTOS_RHSA-2010-0394.NASL", "CENTOS_RHSA-2010-0504.NASL", "CENTOS_RHSA-2010-0606.NASL", "CENTOS_RHSA-2010-0610.NASL", "CENTOS_RHSA-2010-0723.NASL", "DEBIAN_DSA-1436.NASL", "DEBIAN_DSA-1503.NASL", "DEBIAN_DSA-1504.NASL", "DEBIAN_DSA-1630.NASL", "DEBIAN_DSA-1636.NASL", "DEBIAN_DSA-1844.NASL", "DEBIAN_DSA-1865.NASL", "DEBIAN_DSA-2003.NASL", "DEBIAN_DSA-2005.NASL", "DEBIAN_DSA-2053.NASL", "DEBIAN_DSA-2094.NASL", "F5_BIGIP_SOL16479.NASL", "FEDORA_2009-6768.NASL", "FEDORA_2009-6846.NASL", "FEDORA_2009-6883.NASL", "FEDORA_2010-1500.NASL", "FEDORA_2010-1787.NASL", "MANDRIVA_MDVSA-2008-044.NASL", "MANDRIVA_MDVSA-2008-112.NASL", "MANDRIVA_MDVSA-2009-148.NASL", "MANDRIVA_MDVSA-2010-066.NASL", "MANDRIVA_MDVSA-2010-088.NASL", "MANDRIVA_MDVSA-2010-188.NASL", "MANDRIVA_MDVSA-2010-198.NASL", "OPENSUSE-2012-342.NASL", "OPENSUSE-2012-357.NASL", "OPENSUSE-2012-756.NASL", "ORACLELINUX_ELSA-2008-0055.NASL", "ORACLELINUX_ELSA-2008-0089.NASL", "ORACLELINUX_ELSA-2008-0211.NASL", "ORACLELINUX_ELSA-2008-0508.NASL", "ORACLELINUX_ELSA-2008-0519.NASL", "ORACLELINUX_ELSA-2008-0885.NASL", "ORACLELINUX_ELSA-2008-0973.NASL", "ORACLELINUX_ELSA-2009-0014.NASL", "ORACLELINUX_ELSA-2009-1193.NASL", "ORACLELINUX_ELSA-2009-1211.NASL", "ORACLELINUX_ELSA-2010-0019.NASL", "ORACLELINUX_ELSA-2010-0020.NASL", "ORACLELINUX_ELSA-2010-0046.NASL", "ORACLELINUX_ELSA-2010-0076.NASL", "ORACLELINUX_ELSA-2010-0178.NASL", "ORACLELINUX_ELSA-2010-0291.NASL", "ORACLELINUX_ELSA-2010-0394.NASL", "ORACLELINUX_ELSA-2010-0504.NASL", "ORACLELINUX_ELSA-2010-0606.NASL", "ORACLELINUX_ELSA-2010-0610.NASL", "ORACLELINUX_ELSA-2010-0723.NASL", "ORACLELINUX_ELSA-2012-13231.NASL", "ORACLEVM_OVMSA-2008-2005.NASL", "ORACLEVM_OVMSA-2008-2006.NASL", "ORACLEVM_OVMSA-2009-0017.NASL", "ORACLEVM_OVMSA-2013-0039.NASL", "REDHAT-RHSA-2008-0055.NASL", "REDHAT-RHSA-2008-0089.NASL", "REDHAT-RHSA-2008-0211.NASL", "REDHAT-RHSA-2008-0508.NASL", "REDHAT-RHSA-2008-0519.NASL", "REDHAT-RHSA-2008-0885.NASL", "REDHAT-RHSA-2008-0973.NASL", "REDHAT-RHSA-2009-0001.NASL", "REDHAT-RHSA-2009-0014.NASL", "REDHAT-RHSA-2009-1193.NASL", "REDHAT-RHSA-2009-1211.NASL", "REDHAT-RHSA-2009-1457.NASL", "REDHAT-RHSA-2009-1469.NASL", "REDHAT-RHSA-2010-0019.NASL", "REDHAT-RHSA-2010-0020.NASL", "REDHAT-RHSA-2010-0046.NASL", "REDHAT-RHSA-2010-0053.NASL", "REDHAT-RHSA-2010-0076.NASL", "REDHAT-RHSA-2010-0079.NASL", "REDHAT-RHSA-2010-0111.NASL", "REDHAT-RHSA-2010-0178.NASL", "REDHAT-RHSA-2010-0291.NASL", "REDHAT-RHSA-2010-0380.NASL", "REDHAT-RHSA-2010-0394.NASL", "REDHAT-RHSA-2010-0424.NASL", "REDHAT-RHSA-2010-0439.NASL", "REDHAT-RHSA-2010-0504.NASL", "REDHAT-RHSA-2010-0521.NASL", "REDHAT-RHSA-2010-0606.NASL", "REDHAT-RHSA-2010-0610.NASL", "REDHAT-RHSA-2010-0622.NASL", "REDHAT-RHSA-2010-0723.NASL", "REDHAT-RHSA-2010-0893.NASL", "REDHAT-RHSA-2010-0907.NASL", "SL_20080123_KERNEL_ON_SL5_X.NASL", "SL_20080131_KERNEL_ON_SL4_X.NASL", "SL_20080507_KERNEL_ON_SL3_X.NASL", "SL_20080625_KERNEL_ON_SL4_X.NASL", "SL_20080625_KERNEL_ON_SL5_X.NASL", "SL_20080924_KERNEL_ON_SL5_X.NASL", "SL_20081216_KERNEL_ON_SL3_X.NASL", "SL_20090114_KERNEL_ON_SL4_X.NASL", "SL_20090808_KERNEL_FOR_SL_5_X.NASL", "SL_20090813_KERNEL_ON_SL4_X.NASL", "SL_20100107_KERNEL_ON_SL4_X.NASL", "SL_20100107_KERNEL_ON_SL5_X.NASL", "SL_20100202_KERNEL_ON_SL4_X.NASL", "SL_20100330_GFS_KMOD_ON_SL_5_0.NASL", "SL_20100330_GFS_ON_SL3_X.NASL", "SL_20100505_KERNEL_ON_SL4_X.NASL", "SL_20100701_KERNEL_ON_SL5_X.NASL", "SL_20100805_KERNEL_ON_SL4_X.NASL", "SL_20100810_KERNEL_ON_SL5_X.NASL", "SUSE9_12636.NASL", "SUSE_11_0_KERNEL-080822.NASL", "SUSE_11_0_KERNEL-090814.NASL", "SUSE_11_0_KERNEL-100301.NASL", "SUSE_11_1_KERNEL-090709.NASL", "SUSE_11_1_KERNEL-090816.NASL", "SUSE_11_1_KERNEL-100107.NASL", "SUSE_11_1_KERNEL-100709.NASL", "SUSE_11_2_KERNEL-100921.NASL", "SUSE_11_KERNEL-090704.NASL", "SUSE_11_KERNEL-090708.NASL", "SUSE_11_KERNEL-090709.NASL", "SUSE_11_KERNEL-090816.NASL", "SUSE_11_KERNEL-100108.NASL", "SUSE_11_KERNEL-100109.NASL", "SUSE_11_KERNEL-100709.NASL", "SUSE_11_KERNEL-100903.NASL", "SUSE_KERNEL-4986.NASL", "SUSE_KERNEL-5336.NASL", "SUSE_KERNEL-5370.NASL", "SUSE_KERNEL-5375.NASL", "SUSE_KERNEL-5565.NASL", "SUSE_KERNEL-5566.NASL", "SUSE_KERNEL-5605.NASL", "SUSE_KERNEL-5608.NASL", "SUSE_KERNEL-6437.NASL", "SUSE_KERNEL-6439.NASL", "SUSE_KERNEL-6440.NASL", "SUSE_KERNEL-6925.NASL", "SUSE_KERNEL-6929.NASL", "SUSE_KERNEL-6986.NASL", "SUSE_KERNEL-7011.NASL", "SUSE_KERNEL-7015.NASL", "SUSE_KERNEL-7059.NASL", "SUSE_KERNEL-7063.NASL", "SUSE_KERNEL-7133.NASL", "SUSE_KERNEL-7137.NASL", "SUSE_SU-2013-1832-1.NASL", "SUSE_SU-2015-0812-1.NASL", "UBUNTU_USN-1000-1.NASL", "UBUNTU_USN-1083-1.NASL", "UBUNTU_USN-574-1.NASL", "UBUNTU_USN-578-1.NASL", "UBUNTU_USN-625-1.NASL", "UBUNTU_USN-637-1.NASL", "UBUNTU_USN-807-1.NASL", "UBUNTU_USN-894-1.NASL", "UBUNTU_USN-947-1.NASL", "UBUNTU_USN-947-2.NASL", "VMWARE_VMSA-2008-0011.NASL", "VMWARE_VMSA-2009-0014.NASL", "VMWARE_VMSA-2009-0014_REMOTE.NASL", "VMWARE_VMSA-2009-0016.NASL", "VMWARE_VMSA-2009-0016_REMOTE.NASL", "VMWARE_VMSA-2010-0009.NASL", "VMWARE_VMSA-2010-0009_REMOTE.NASL", "VMWARE_VMSA-2010-0016.NASL", "VMWARE_VMSA-2011-0003.NASL", "VMWARE_VMSA-2011-0003_REMOTE.NASL", "VMWARE_VMSA-2011-0009.NASL", "VMWARE_VMSA-2011-0009_REMOTE.NASL", "VMWARE_VMSA-2011-0012.NASL", "VMWARE_VMSA-2011-0012_REMOTE.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:103449", "OPENVAS:103452", "OPENVAS:103454", "OPENVAS:103455", "OPENVAS:103468", "OPENVAS:1361412562310103449", "OPENVAS:1361412562310103452", "OPENVAS:1361412562310103454", "OPENVAS:1361412562310103455", "OPENVAS:1361412562310103468", "OPENVAS:1361412562310122315", "OPENVAS:1361412562310122332", "OPENVAS:1361412562310122349", "OPENVAS:1361412562310122369", "OPENVAS:1361412562310122375", "OPENVAS:1361412562310122396", "OPENVAS:1361412562310122403", "OPENVAS:1361412562310122460", "OPENVAS:1361412562310122555", "OPENVAS:1361412562310122573", "OPENVAS:1361412562310122613", "OPENVAS:136141256231063097", "OPENVAS:136141256231063132", "OPENVAS:136141256231063191", "OPENVAS:136141256231063245", "OPENVAS:136141256231063250", "OPENVAS:136141256231063344", "OPENVAS:136141256231064289", "OPENVAS:136141256231064291", "OPENVAS:136141256231064296", "OPENVAS:136141256231064376", "OPENVAS:136141256231064389", "OPENVAS:136141256231064483", "OPENVAS:136141256231064514", "OPENVAS:136141256231064555", "OPENVAS:136141256231064588", "OPENVAS:136141256231064599", "OPENVAS:136141256231064748", "OPENVAS:136141256231064761", "OPENVAS:136141256231064943", "OPENVAS:136141256231065175", "OPENVAS:136141256231065354", "OPENVAS:136141256231065695", "OPENVAS:136141256231065709", "OPENVAS:136141256231065814", "OPENVAS:136141256231065920", "OPENVAS:136141256231066954", "OPENVAS:136141256231067406", "OPENVAS:136141256231067981", "OPENVAS:1361412562310830517", "OPENVAS:1361412562310830626", "OPENVAS:1361412562310830886", "OPENVAS:1361412562310830939", "OPENVAS:1361412562310830961", "OPENVAS:1361412562310831024", "OPENVAS:1361412562310831170", "OPENVAS:1361412562310831196", "OPENVAS:1361412562310840383", "OPENVAS:1361412562310840440", "OPENVAS:1361412562310840441", "OPENVAS:1361412562310840523", "OPENVAS:1361412562310840605", "OPENVAS:1361412562310850121", "OPENVAS:1361412562310850129", "OPENVAS:1361412562310850137", "OPENVAS:1361412562310850143", "OPENVAS:1361412562310861615", "OPENVAS:1361412562310861715", "OPENVAS:1361412562310861742", "OPENVAS:1361412562310861964", "OPENVAS:1361412562310862161", "OPENVAS:1361412562310862250", "OPENVAS:1361412562310862301", "OPENVAS:1361412562310862344", "OPENVAS:1361412562310862366", "OPENVAS:1361412562310862415", "OPENVAS:1361412562310862703", "OPENVAS:1361412562310870022", "OPENVAS:1361412562310870042", "OPENVAS:1361412562310870087", "OPENVAS:1361412562310870100", "OPENVAS:1361412562310870138", "OPENVAS:1361412562310870141", "OPENVAS:1361412562310870168", "OPENVAS:1361412562310870200", "OPENVAS:1361412562310870203", "OPENVAS:1361412562310870210", "OPENVAS:1361412562310870213", "OPENVAS:1361412562310870251", "OPENVAS:1361412562310870263", "OPENVAS:1361412562310870284", "OPENVAS:1361412562310870303", "OPENVAS:1361412562310870308", "OPENVAS:1361412562310870328", "OPENVAS:1361412562310870842", "OPENVAS:1361412562310880015", "OPENVAS:1361412562310880043", "OPENVAS:1361412562310880049", "OPENVAS:1361412562310880060", "OPENVAS:1361412562310880079", "OPENVAS:1361412562310880082", "OPENVAS:1361412562310880141", "OPENVAS:1361412562310880156", "OPENVAS:1361412562310880346", "OPENVAS:1361412562310880349", "OPENVAS:1361412562310880417", "OPENVAS:1361412562310880569", "OPENVAS:1361412562310880573", "OPENVAS:1361412562310880617", "OPENVAS:1361412562310880643", "OPENVAS:1361412562310880648", "OPENVAS:1361412562310880777", "OPENVAS:1361412562310880928", "OPENVAS:1361412562310880937", "OPENVAS:1361412562310881511", "OPENVAS:60047", "OPENVAS:60437", "OPENVAS:60438", "OPENVAS:60498", "OPENVAS:61436", "OPENVAS:61594", "OPENVAS:63097", "OPENVAS:63132", "OPENVAS:63191", "OPENVAS:63245", "OPENVAS:63250", "OPENVAS:63344", "OPENVAS:64289", "OPENVAS:64291", "OPENVAS:64296", "OPENVAS:64376", "OPENVAS:64389", "OPENVAS:64483", "OPENVAS:64514", "OPENVAS:64555", "OPENVAS:64588", "OPENVAS:64599", "OPENVAS:64748", "OPENVAS:64761", "OPENVAS:64943", "OPENVAS:65175", "OPENVAS:65354", "OPENVAS:65695", "OPENVAS:65709", "OPENVAS:65814", "OPENVAS:65920", "OPENVAS:66954", "OPENVAS:67406", "OPENVAS:67981", "OPENVAS:830517", "OPENVAS:830626", "OPENVAS:830886", "OPENVAS:830939", "OPENVAS:830961", "OPENVAS:831024", "OPENVAS:831170", "OPENVAS:831196", "OPENVAS:840264", "OPENVAS:840307", "OPENVAS:840325", "OPENVAS:840330", "OPENVAS:840383", "OPENVAS:840440", "OPENVAS:840441", "OPENVAS:840523", "OPENVAS:840605", "OPENVAS:850002", "OPENVAS:850008", "OPENVAS:850019", "OPENVAS:850027", "OPENVAS:850033", "OPENVAS:850037", "OPENVAS:850121", "OPENVAS:850129", "OPENVAS:850137", "OPENVAS:850140", "OPENVAS:850143", "OPENVAS:861615", "OPENVAS:861715", "OPENVAS:861742", "OPENVAS:861964", "OPENVAS:862161", "OPENVAS:862250", "OPENVAS:862301", "OPENVAS:862344", "OPENVAS:862366", "OPENVAS:862415", "OPENVAS:862703", "OPENVAS:870022", "OPENVAS:870042", "OPENVAS:870087", "OPENVAS:870100", "OPENVAS:870138", "OPENVAS:870141", "OPENVAS:870168", "OPENVAS:870200", "OPENVAS:870203", "OPENVAS:870210", "OPENVAS:870213", "OPENVAS:870251", "OPENVAS:870263", "OPENVAS:870284", "OPENVAS:870303", "OPENVAS:870308", "OPENVAS:870328", "OPENVAS:870842", "OPENVAS:880015", "OPENVAS:880043", "OPENVAS:880049", "OPENVAS:880060", "OPENVAS:880079", "OPENVAS:880082", "OPENVAS:880141", "OPENVAS:880156", "OPENVAS:880346", "OPENVAS:880349", "OPENVAS:880417", "OPENVAS:880569", "OPENVAS:880573", "OPENVAS:880617", "OPENVAS:880643", "OPENVAS:880648", "OPENVAS:880777", "OPENVAS:880928", "OPENVAS:880937", "OPENVAS:881511"]}, {"type": "oraclelinux", "idList": ["ELSA-2008-0055", "ELSA-2008-0089", "ELSA-2008-0211", "ELSA-2008-0508", "ELSA-2008-0519", "ELSA-2008-0665", "ELSA-2008-0885", "ELSA-2008-0973", "ELSA-2009-0014", "ELSA-2009-0225", "ELSA-2009-1193", "ELSA-2009-1211", "ELSA-2009-1243", "ELSA-2010-0019", "ELSA-2010-0020", "ELSA-2010-0046", "ELSA-2010-0076", "ELSA-2010-0178", "ELSA-2010-0291", "ELSA-2010-0394", "ELSA-2010-0504", "ELSA-2010-0606", "ELSA-2010-0610", "ELSA-2010-0723", "ELSA-2011-0017"]}, {"type": "osv", "idList": ["OSV:DSA-1436-1", "OSV:DSA-1503-1", "OSV:DSA-1503-2", "OSV:DSA-1504-1", "OSV:DSA-1630-1", "OSV:DSA-1636-1", "OSV:DSA-1844-1", "OSV:DSA-1865-1", "OSV:DSA-2003-1", "OSV:DSA-2005-1", "OSV:DSA-2053-1", "OSV:DSA-2094-1"]}, {"type": "prion", "idList": ["PRION:CVE-2007-6206", "PRION:CVE-2007-6733", "PRION:CVE-2008-0598", "PRION:CVE-2008-3275", "PRION:CVE-2009-1389", "PRION:CVE-2009-4020", "PRION:CVE-2009-4537", "PRION:CVE-2009-4538", "PRION:CVE-2010-0727", "PRION:CVE-2010-1083", "PRION:CVE-2010-1088", "PRION:CVE-2010-1188", "PRION:CVE-2010-2521", "PRION:CVE-2012-2319"]}, {"type": "redhat", "idList": ["RHSA-2008:0055", "RHSA-2008:0089", "RHSA-2008:0211", "RHSA-2008:0508", "RHSA-2008:0519", "RHSA-2008:0787", "RHSA-2008:0857", "RHSA-2008:0885", "RHSA-2008:0973", "RHSA-2009:0001", "RHSA-2009:0009", "RHSA-2009:0014", "RHSA-2009:1157", "RHSA-2009:1193", "RHSA-2009:1211", "RHSA-2009:1457", "RHSA-2009:1469", "RHSA-2010:0019", "RHSA-2010:0020", "RHSA-2010:0041", "RHSA-2010:0046", "RHSA-2010:0053", "RHSA-2010:0076", "RHSA-2010:0079", "RHSA-2010:0095", "RHSA-2010:0111", "RHSA-2010:0178", "RHSA-2010:0291", "RHSA-2010:0330", "RHSA-2010:0331", "RHSA-2010:0380", "RHSA-2010:0394", "RHSA-2010:0424", "RHSA-2010:0439", "RHSA-2010:0440", "RHSA-2010:0504", "RHSA-2010:0521", "RHSA-2010:0606", "RHSA-2010:0610", "RHSA-2010:0622", "RHSA-2010:0631", "RHSA-2010:0723", "RHSA-2010:0882", "RHSA-2010:0893", "RHSA-2010:0907"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:18707", "SECURITYVULNS:DOC:20387", "SECURITYVULNS:DOC:20515", "SECURITYVULNS:DOC:22139", "SECURITYVULNS:DOC:22217", "SECURITYVULNS:DOC:23463", "SECURITYVULNS:DOC:23925", "SECURITYVULNS:DOC:28091", "SECURITYVULNS:VULN:10053", "SECURITYVULNS:VULN:10626", "SECURITYVULNS:VULN:10715", "SECURITYVULNS:VULN:10869", "SECURITYVULNS:VULN:8485", "SECURITYVULNS:VULN:9235", "SECURITYVULNS:VULN:9285"]}, {"type": "seebug", "idList": ["SSV:11599", "SSV:15037", "SSV:18941", "SSV:19298", "SSV:19299", "SSV:19388", "SSV:19420", "SSV:19421", "SSV:20015", "SSV:2555", "SSV:2568", "SSV:3495", "SSV:4139"]}, {"type": "suse", "idList": ["SUSE-SA:2008:007", "SUSE-SA:2008:030", "SUSE-SA:2008:032", "SUSE-SA:2008:044", "SUSE-SA:2008:047", "SUSE-SA:2008:048", "SUSE-SA:2008:049", "SUSE-SA:2009:038", "SUSE-SA:2009:045", "SUSE-SA:2010:005", "SUSE-SA:2010:016", "SUSE-SA:2010:019", "SUSE-SA:2010:023", "SUSE-SA:2010:031", "SUSE-SA:2010:036", "SUSE-SA:2010:038", "SUSE-SA:2010:040", "SUSE-SA:2010:046", "SUSE-SU-2015:0812-1"]}, {"type": "ubuntu", "idList": ["USN-1000-1", "USN-1074-1", "USN-1074-2", "USN-1083-1", "USN-574-1", "USN-578-1", "USN-625-1", "USN-637-1", "USN-807-1", "USN-894-1", "USN-947-1", "USN-947-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2007-6206", "UB:CVE-2007-6733", "UB:CVE-2008-0598", "UB:CVE-2008-3275", "UB:CVE-2009-1389", "UB:CVE-2009-4020", "UB:CVE-2009-4537", "UB:CVE-2009-4538", "UB:CVE-2010-0727", "UB:CVE-2010-1083", "UB:CVE-2010-1088", "UB:CVE-2010-1188", "UB:CVE-2010-2521", "UB:CVE-2012-2319"]}, {"type": "veracode", "idList": ["VERACODE:23320", "VERACODE:23376", "VERACODE:23414", "VERACODE:23731", "VERACODE:23899", "VERACODE:23945", "VERACODE:23992", "VERACODE:24000", "VERACODE:24123", "VERACODE:24253", "VERACODE:24255"]}, {"type": "vmware", "idList": ["VMSA-2008-0011", "VMSA-2008-0011.3", "VMSA-2009-0014", "VMSA-2009-0014.3", "VMSA-2009-0016", "VMSA-2009-0016.6", "VMSA-2010-0009", "VMSA-2010-0009.2", "VMSA-2010-0016", "VMSA-2010-0016.1", "VMSA-2010-0017.1", "VMSA-2011-0009", "VMSA-2011-0009.3", "VMSA-2011-0012", "VMSA-2011-0012.3"]}]}, "backreferences": {"references": [{"type": "centos", "idList": ["CESA-2008:0211", "CESA-2008:0508", "CESA-2008:0519", "CESA-2008:0885", "CESA-2008:0973", "CESA-2009:0001-01", "CESA-2009:0014", "CESA-2009:1193", "CESA-2010:0019", "CESA-2010:0020", "CESA-2010:0046", "CESA-2010:0076", "CESA-2010:0394", "CESA-2010:0504", "CESA-2010:0606", "CESA-2010:0610", "CESA-2010:0723"]}, {"type": "checkpoint_security", "idList": ["CPS:SK44718"]}, {"type": "cve", "idList": ["CVE-2007-6206", "CVE-2007-6733"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2003-1:E3418"]}, {"type": "f5", "idList": ["SOL16479"]}, {"type": "fedora", "idList": ["FEDORA:101AF111631"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/LINUXRPM-ELSA-2008-0519/"]}, {"type": "nessus", "idList": ["CENTOS_RHSA-2009-1193.NASL", "ORACLELINUX_ELSA-2010-0019.NASL", "ORACLEVM_OVMSA-2009-0017.NASL", "SUSE_KERNEL-5336.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310103454", "OPENVAS:1361412562310840605", "OPENVAS:1361412562310861964", "OPENVAS:1361412562310870100", "OPENVAS:1361412562310870210", "OPENVAS:831196", "OPENVAS:840330", "OPENVAS:850129", "OPENVAS:870042"]}, {"type": "oraclelinux", "idList": ["ELSA-2008-0055", "ELSA-2008-0089", "ELSA-2008-0211", "ELSA-2008-0508", "ELSA-2008-0519", "ELSA-2008-0665", "ELSA-2008-0885", "ELSA-2008-0973", "ELSA-2009-0014", "ELSA-2009-0225", "ELSA-2009-1193", "ELSA-2009-1211", "ELSA-2010-0046", "ELSA-2010-0076", "ELSA-2010-0291", "ELSA-2010-0394", "ELSA-2010-0504", "ELSA-2010-0606", "ELSA-2010-0723"]}, {"type": "redhat", "idList": ["RHSA-2008:0089", "RHSA-2008:0508", "RHSA-2008:0519", "RHSA-2008:0885", "RHSA-2008:0973", "RHSA-2009:0014", "RHSA-2009:1193", "RHSA-2009:1211", "RHSA-2010:0046", "RHSA-2010:0178", "RHSA-2010:0331", "RHSA-2010:0394", "RHSA-2010:0424", "RHSA-2010:0606", "RHSA-2010:0723", "RHSA-2010:0907"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:23463"]}, {"type": "seebug", "idList": ["SSV:19298"]}, {"type": "suse", "idList": ["SUSE-SA:2009:038"]}, {"type": "ubuntu", "idList": ["USN-1074-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2010-1088"]}, {"type": "vmware", "idList": ["VMSA-2010-0016.1"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2009-4537", "epss": "0.054750000", "percentile": "0.919850000", "modified": "2023-03-15"}, {"cve": "CVE-2010-2521", "epss": "0.152010000", "percentile": "0.949330000", "modified": "2023-03-15"}, {"cve": "CVE-2008-0598", "epss": "0.000440000", "percentile": "0.082290000", "modified": "2023-03-15"}, {"cve": "CVE-2010-0727", "epss": "0.000420000", "percentile": "0.056320000", "modified": "2023-03-15"}, {"cve": "CVE-2007-6733", "epss": "0.000420000", "percentile": "0.056320000", "modified": "2023-03-15"}, {"cve": "CVE-2009-4020", "epss": "0.082760000", "percentile": "0.933260000", "modified": "2023-03-15"}, {"cve": "CVE-2010-1083", "epss": "0.000620000", "percentile": "0.241860000", "modified": "2023-03-15"}, {"cve": "CVE-2007-6206", "epss": "0.000440000", "percentile": "0.082290000", "modified": "2023-03-15"}, {"cve": "CVE-2010-1188", "epss": "0.048480000", "percentile": "0.914790000", "modified": "2023-03-15"}, {"cve": "CVE-2009-1389", "epss": "0.126830000", "percentile": "0.945330000", "modified": "2023-03-15"}, {"cve": "CVE-2008-3275", "epss": "0.000440000", "percentile": "0.082290000", "modified": "2023-03-15"}, {"cve": "CVE-2010-1088", "epss": "0.003300000", "percentile": "0.664340000", "modified": "2023-03-15"}], "vulnersScore": 0.6}, "_state": {"dependencies": 1701031813, "score": 1701032816, "epss": 0}, "_internal": {"score_hash": "7d43cfaf586e106487ef9b35ae1a399d"}, "pluginID": "1361412562310850140", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# SuSE Update for kernel SUSE-SA:2010:036\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"This update fixes various security issues and some bugs in the SUSE Linux\n Enterprise 9 kernel.\n\n Following security issues were fixed:\n CVE-2010-2521: A crafted NFS write request might have caused a buffer overwrite,\n potentially causing a kernel crash.\n\n CVE-2008-0598: The x86_64 copy_to_user implementation might have leaked kernel\n memory depending on specific user buffer setups.\n\n CVE-2009-4537: drivers/net/r8169.c in the r8169 driver in the Linux kernel\n did not properly check the size of an Ethernet frame that exceeds the MTU,\n which allows remote attackers to (1) cause a denial of service (temporary\n network outage) via a packet with a crafted size, in conjunction with\n certain packets containing A characters and certain packets containing E\n characters; or (2) cause a denial of service (system crash) via a packet\n with a crafted size, in conjunction with certain packets containing '\\0'\n characters, related to the value of the status register and erroneous\n behavior associated with the RxMaxSize register. NOTE: this vulnerability\n exists because of an incorrect fix for CVE-2009-1389.\n\n CVE-2010-1188: Use-after-free vulnerability in net/ipv4/tcp_input.c in\n the Linux kernel 2.6 when IPV6_RECVPKTINFO is set on a listening socket,\n allowed remote attackers to cause a denial of service (kernel panic)\n via a SYN packet while the socket is in a listening (TCP_LISTEN) state,\n which is not properly handled causes the skb structure to be freed.\n\n CVE-2008-3275: The (1) real_lookup and (2) __lookup_hash functions\n in fs/namei.c in the vfs implementation in the Linux kernel did not\n prevent creation of a child dentry for a deleted (aka S_DEAD) directory,\n which allowed local users to cause a denial of service ("overflow" of\n the UBIFS orphan area) via a series of attempted file creations within\n deleted directories.\n\n CVE-2007-6733: The nfs_lock function in fs/nfs/file.c in the Linux kernel\n did not properly remove POSIX locks on files that are setgid without\n group-execute permission, which allows local users to cause a denial of\n service (BUG and system crash) by locking a file on an NFS filesystem and\n then changing this files permissions, a related issue to CVE-2010-0727.\n\n CVE-2007-6206: The do_coredump function in fs/exec.c in Linux kernel\n did not change the UID of a core dump file if it exists before a root\n process creates a core dump in the same location, which might have allowed\n local users to obtain sensitive information.\n\n CVE-2010-1088: fs/namei.c in the Linux kernel did not always follow NFS\n automount "sy ...\n\n Description truncated, for more information please check the Reference URL\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_impact = \"remote denial of service\";\ntag_affected = \"kernel on SUSE SLES 9\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850140\");\n script_version(\"$Revision: 8438 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-16 18:38:23 +0100 (Tue, 16 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-09-10 14:21:00 +0200 (Fri, 10 Sep 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUSE-SA\", value: \"2010-036\");\n script_cve_id(\"CVE-2007-6206\", \"CVE-2007-6733\", \"CVE-2008-0598\", \"CVE-2008-3275\", \"CVE-2009-1389\", \"CVE-2009-4020\", \"CVE-2009-4537\", \"CVE-2010-0727\", \"CVE-2010-1083\", \"CVE-2010-1088\", \"CVE-2010-1188\", \"CVE-2010-2521\");\n script_name(\"SuSE Update for kernel SUSE-SA:2010:036\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"SLES9.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~2.6.5~7.323\", rls:\"SLES9.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-smp\", rpm:\"kernel-smp~2.6.5~7.323\", rls:\"SLES9.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~2.6.5~7.323\", rls:\"SLES9.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~2.6.5~7.323\", rls:\"SLES9.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.5~7.323\", rls:\"SLES9.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xen-kmp\", rpm:\"xen-kmp~3.0.4_2.6.5_7.323~0.2\", rls:\"SLES9.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "naslFamily": "SuSE Local Security Checks"}

{"nessus": [{"lastseen": "2023-12-04T14:38:23", "description": "This update fixes various security issues and some bugs in the SUSE Linux Enterprise 9 kernel.\n\nThe following security issues were fixed :\n\n - A crafted NFS write request might have caused a buffer overwrite, potentially causing a kernel crash.\n (CVE-2010-2521)\n\n - The x86_64 copy_to_user implementation might have leaked kernel memory depending on specific user buffer setups.\n (CVE-2008-0598)\n\n - drivers/net/r8169.c in the r8169 driver in the Linux kernel did not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to (1) cause a denial of service (temporary network outage) via a packet with a crafted size, in conjunction with certain packets containing A characters and certain packets containing E characters; or (2) cause a denial of service (system crash) via a packet with a crafted size, in conjunction with certain packets containing '\\0' characters, related to the value of the status register and erroneous behavior associated with the RxMaxSize register. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1389.\n (CVE-2009-4537)\n\n - Use-after-free vulnerability in net/ipv4/tcp_input.c in the Linux kernel 2.6 when IPV6_RECVPKTINFO is set on a listening socket, allowed remote attackers to cause a denial of service (kernel panic) via a SYN packet while the socket is in a listening (TCP_LISTEN) state, which is not properly handled causes the skb structure to be freed. (CVE-2010-1188)\n\n - The (1) real_lookup and (2) __lookup_hash functions in fs/namei.c in the vfs implementation in the Linux kernel did not prevent creation of a child dentry for a deleted (aka S_DEAD) directory, which allowed local users to cause a denial of service ('overflow' of the UBIFS orphan area) via a series of attempted file creations within deleted directories. (CVE-2008-3275)\n\n - The nfs_lock function in fs/nfs/file.c in the Linux kernel did not properly remove POSIX locks on files that are setgid without group-execute permission, which allows local users to cause a denial of service (BUG and system crash) by locking a file on an NFS filesystem and then changing this files permissions, a related issue to CVE-2010-0727. (CVE-2007-6733)\n\n - The do_coredump function in fs/exec.c in Linux kernel did not change the UID of a core dump file if it exists before a root process creates a core dump in the same location, which might have allowed local users to obtain sensitive information. (CVE-2007-6206)\n\n - fs/namei.c in the Linux kernel did not always follow NFS automount 'symlinks,' which allowed attackers to have an unknown impact, related to LOOKUP_FOLLOW.\n (CVE-2010-1088)\n\n - Stack-based buffer overflow in the hfs subsystem in the Linux kernel allowed remote attackers to have an unspecified impact via a crafted Hierarchical File System (HFS) filesystem, related to the hfs_readdir function in fs/hfs/dir.c. (CVE-2009-4020)\n\n - The processcompl_compat function in drivers/usb/core/devio.c in Linux kernel did not clear the transfer buffer before returning to userspace when a USB command fails, which might have made it easier for physically proximate attackers to obtain sensitive information (kernel memory). (CVE-2010-1083)", "cvss3": {}, "published": "2010-08-27T00:00:00", "type": "nessus", "title": "SuSE9 Security Update : Linux kernel (YOU Patch Number 12636)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-6206", "CVE-2007-6733", "CVE-2008-0598", "CVE-2008-3275", "CVE-2009-1389", "CVE-2009-4020", "CVE-2009-4537", "CVE-2010-0727", "CVE-2010-1083", "CVE-2010-1088", "CVE-2010-1188", "CVE-2010-2521"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE9_12636.NASL", "href": "https://www.tenable.com/plugins/nessus/48901", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48901);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-6206\", \"CVE-2007-6733\", \"CVE-2008-0598\", \"CVE-2008-3275\", \"CVE-2009-1389\", \"CVE-2009-4020\", \"CVE-2009-4537\", \"CVE-2010-0727\", \"CVE-2010-1083\", \"CVE-2010-1088\", \"CVE-2010-1188\", \"CVE-2010-2521\");\n\n script_name(english:\"SuSE9 Security Update : Linux kernel (YOU Patch Number 12636)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes various security issues and some bugs in the SUSE\nLinux Enterprise 9 kernel.\n\nThe following security issues were fixed :\n\n - A crafted NFS write request might have caused a buffer\n overwrite, potentially causing a kernel crash.\n (CVE-2010-2521)\n\n - The x86_64 copy_to_user implementation might have leaked\n kernel memory depending on specific user buffer setups.\n (CVE-2008-0598)\n\n - drivers/net/r8169.c in the r8169 driver in the Linux\n kernel did not properly check the size of an Ethernet\n frame that exceeds the MTU, which allows remote\n attackers to (1) cause a denial of service (temporary\n network outage) via a packet with a crafted size, in\n conjunction with certain packets containing A characters\n and certain packets containing E characters; or (2)\n cause a denial of service (system crash) via a packet\n with a crafted size, in conjunction with certain packets\n containing '\\0' characters, related to the value of the\n status register and erroneous behavior associated with\n the RxMaxSize register. NOTE: this vulnerability exists\n because of an incorrect fix for CVE-2009-1389.\n (CVE-2009-4537)\n\n - Use-after-free vulnerability in net/ipv4/tcp_input.c in\n the Linux kernel 2.6 when IPV6_RECVPKTINFO is set on a\n listening socket, allowed remote attackers to cause a\n denial of service (kernel panic) via a SYN packet while\n the socket is in a listening (TCP_LISTEN) state, which\n is not properly handled causes the skb structure to be\n freed. (CVE-2010-1188)\n\n - The (1) real_lookup and (2) __lookup_hash functions in\n fs/namei.c in the vfs implementation in the Linux kernel\n did not prevent creation of a child dentry for a deleted\n (aka S_DEAD) directory, which allowed local users to\n cause a denial of service ('overflow' of the UBIFS\n orphan area) via a series of attempted file creations\n within deleted directories. (CVE-2008-3275)\n\n - The nfs_lock function in fs/nfs/file.c in the Linux\n kernel did not properly remove POSIX locks on files that\n are setgid without group-execute permission, which\n allows local users to cause a denial of service (BUG and\n system crash) by locking a file on an NFS filesystem and\n then changing this files permissions, a related issue to\n CVE-2010-0727. (CVE-2007-6733)\n\n - The do_coredump function in fs/exec.c in Linux kernel\n did not change the UID of a core dump file if it exists\n before a root process creates a core dump in the same\n location, which might have allowed local users to obtain\n sensitive information. (CVE-2007-6206)\n\n - fs/namei.c in the Linux kernel did not always follow NFS\n automount 'symlinks,' which allowed attackers to have an\n unknown impact, related to LOOKUP_FOLLOW.\n (CVE-2010-1088)\n\n - Stack-based buffer overflow in the hfs subsystem in the\n Linux kernel allowed remote attackers to have an\n unspecified impact via a crafted Hierarchical File\n System (HFS) filesystem, related to the hfs_readdir\n function in fs/hfs/dir.c. (CVE-2009-4020)\n\n - The processcompl_compat function in\n drivers/usb/core/devio.c in Linux kernel did not clear\n the transfer buffer before returning to userspace when a\n USB command fails, which might have made it easier for\n physically proximate attackers to obtain sensitive\n information (kernel memory). (CVE-2010-1083)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-6206.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2007-6733/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-0598.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-3275.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1389.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-4020.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-4537.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2010-0727/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-1083.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-1088.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2010-1188/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2521.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 12636.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(16, 20, 119, 200, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 9 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SUSE9\", cpu:\"i586\", reference:\"kernel-bigsmp-2.6.5-7.323\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"i586\", reference:\"kernel-debug-2.6.5-7.323\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"i586\", reference:\"kernel-default-2.6.5-7.323\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"i586\", reference:\"kernel-smp-2.6.5-7.323\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"i586\", reference:\"kernel-source-2.6.5-7.323\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"i586\", reference:\"kernel-syms-2.6.5-7.323\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"i586\", reference:\"kernel-um-2.6.5-7.323\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"i586\", reference:\"kernel-xen-2.6.5-7.323\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"i586\", reference:\"kernel-xenpae-2.6.5-7.323\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"i586\", reference:\"um-host-install-initrd-1.0-48.36\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"i586\", reference:\"um-host-kernel-2.6.5-7.323\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"i586\", reference:\"xen-kmp-3.0.4_2.6.5_7.323-0.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-06T15:40:56", "description": "This update fixes a several security issues and various bugs in the SUSE Linux Enterprise 10 SP 2 kernel. The bugs fixed include a serious data corruption regression in NFS.\n\nThe following security issues were fixed :\n\n - drivers/net/r8169.c in the r8169 driver in the Linux kernel does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to (1) cause a denial of service (temporary network outage) via a packet with a crafted size, in conjunction with certain packets containing A characters and certain packets containing E characters; or (2) cause a denial of service (system crash) via a packet with a crafted size, in conjunction with certain packets containing '0' characters, related to the value of the status register and erroneous behavior associated with the RxMaxSize register. (CVE-2009-4537)\n\n - The ULE decapsulation functionality in drivers/media/dvb/dvb-core/dvb_net.c in dvb-core in the Linux kernel arlier allows attackers to cause a denial of service (infinite loop) via a crafted MPEG2-TS frame, related to an invalid Payload Pointer ULE.\n (CVE-2010-1086)\n\n - fs/namei.c in Linux kernel does not always follow NFS automount 'symlinks,' which allows attackers to have an unknown impact, related to LOOKUP_FOLLOW.\n (CVE-2010-1088)\n\n - Stack-based buffer overflow in the hfs subsystem in the Linux kernel allows remote attackers to have an unspecified impact via a crafted Hierarchical File System (HFS) filesystem, related to the hfs_readdir function in fs/hfs/dir.c. (CVE-2009-4020)\n\n - The processcompl_compat function in drivers/usb/core/devio.c in the Linux kernel does not clear the transfer buffer before returning to userspace when a USB command fails, which might make it easier for physically proximate attackers to obtain sensitive information (kernel memory). (CVE-2010-1083)\n\n - drivers/connector/connector.c in the Linux kernel allows local users to cause a denial of service (memory consumption and system crash) by sending the kernel many NETLINK_CONNECTOR messages. (CVE-2010-0410)", "cvss3": {}, "published": "2010-05-07T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 7011)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-4020", "CVE-2009-4537", "CVE-2010-0410", "CVE-2010-1083", "CVE-2010-1086", "CVE-2010-1088"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_KERNEL-7011.NASL", "href": "https://www.tenable.com/plugins/nessus/46252", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(46252);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-4020\", \"CVE-2009-4537\", \"CVE-2010-0410\", \"CVE-2010-1083\", \"CVE-2010-1086\", \"CVE-2010-1088\");\n\n script_name(english:\"SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 7011)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes a several security issues and various bugs in the\nSUSE Linux Enterprise 10 SP 2 kernel. The bugs fixed include a serious\ndata corruption regression in NFS.\n\nThe following security issues were fixed :\n\n - drivers/net/r8169.c in the r8169 driver in the Linux\n kernel does not properly check the size of an Ethernet\n frame that exceeds the MTU, which allows remote\n attackers to (1) cause a denial of service (temporary\n network outage) via a packet with a crafted size, in\n conjunction with certain packets containing A characters\n and certain packets containing E characters; or (2)\n cause a denial of service (system crash) via a packet\n with a crafted size, in conjunction with certain packets\n containing '0' characters, related to the value of the\n status register and erroneous behavior associated with\n the RxMaxSize register. (CVE-2009-4537)\n\n - The ULE decapsulation functionality in\n drivers/media/dvb/dvb-core/dvb_net.c in dvb-core in the\n Linux kernel arlier allows attackers to cause a denial\n of service (infinite loop) via a crafted MPEG2-TS frame,\n related to an invalid Payload Pointer ULE.\n (CVE-2010-1086)\n\n - fs/namei.c in Linux kernel does not always follow NFS\n automount 'symlinks,' which allows attackers to have an\n unknown impact, related to LOOKUP_FOLLOW.\n (CVE-2010-1088)\n\n - Stack-based buffer overflow in the hfs subsystem in the\n Linux kernel allows remote attackers to have an\n unspecified impact via a crafted Hierarchical File\n System (HFS) filesystem, related to the hfs_readdir\n function in fs/hfs/dir.c. (CVE-2009-4020)\n\n - The processcompl_compat function in\n drivers/usb/core/devio.c in the Linux kernel does not\n clear the transfer buffer before returning to userspace\n when a USB command fails, which might make it easier for\n physically proximate attackers to obtain sensitive\n information (kernel memory). (CVE-2010-1083)\n\n - drivers/connector/connector.c in the Linux kernel allows\n local users to cause a denial of service (memory\n consumption and system crash) by sending the kernel many\n NETLINK_CONNECTOR messages. (CVE-2010-0410)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-4020.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-4537.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0410.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-1083.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-1086.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-1088.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7011.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_cwe_id(20, 119, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/05/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"i586\", reference:\"kernel-bigsmp-2.6.16.60-0.42.10\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"i586\", reference:\"kernel-default-2.6.16.60-0.42.10\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"i586\", reference:\"kernel-smp-2.6.16.60-0.42.10\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"i586\", reference:\"kernel-source-2.6.16.60-0.42.10\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"i586\", reference:\"kernel-syms-2.6.16.60-0.42.10\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"i586\", reference:\"kernel-xen-2.6.16.60-0.42.10\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"i586\", reference:\"kernel-xenpae-2.6.16.60-0.42.10\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"i586\", reference:\"kernel-bigsmp-2.6.16.60-0.42.10\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"i586\", reference:\"kernel-debug-2.6.16.60-0.42.10\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"i586\", reference:\"kernel-default-2.6.16.60-0.42.10\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"i586\", reference:\"kernel-kdump-2.6.16.60-0.42.10\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"i586\", reference:\"kernel-smp-2.6.16.60-0.42.10\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"i586\", reference:\"kernel-source-2.6.16.60-0.42.10\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"i586\", reference:\"kernel-syms-2.6.16.60-0.42.10\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"i586\", reference:\"kernel-vmi-2.6.16.60-0.42.10\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"i586\", reference:\"kernel-vmipae-2.6.16.60-0.42.10\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"i586\", reference:\"kernel-xen-2.6.16.60-0.42.10\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"i586\", reference:\"kernel-xenpae-2.6.16.60-0.42.10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-06T16:17:37", "description": "This update fixes a several security issues and various bugs in the SUSE Linux Enterprise 10 SP 2 kernel. The bugs fixed include a serious data corruption regression in NFS.\n\nThe following security issues were fixed :\n\n - drivers/net/r8169.c in the r8169 driver in the Linux kernel does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to (1) cause a denial of service (temporary network outage) via a packet with a crafted size, in conjunction with certain packets containing A characters and certain packets containing E characters; or (2) cause a denial of service (system crash) via a packet with a crafted size, in conjunction with certain packets containing '0' characters, related to the value of the status register and erroneous behavior associated with the RxMaxSize register. (CVE-2009-4537)\n\n - The ULE decapsulation functionality in drivers/media/dvb/dvb-core/dvb_net.c in dvb-core in the Linux kernel arlier allows attackers to cause a denial of service (infinite loop) via a crafted MPEG2-TS frame, related to an invalid Payload Pointer ULE.\n (CVE-2010-1086)\n\n - fs/namei.c in Linux kernel does not always follow NFS automount 'symlinks,' which allows attackers to have an unknown impact, related to LOOKUP_FOLLOW.\n (CVE-2010-1088)\n\n - Stack-based buffer overflow in the hfs subsystem in the Linux kernel allows remote attackers to have an unspecified impact via a crafted Hierarchical File System (HFS) filesystem, related to the hfs_readdir function in fs/hfs/dir.c. (CVE-2009-4020)\n\n - The processcompl_compat function in drivers/usb/core/devio.c in the Linux kernel does not clear the transfer buffer before returning to userspace when a USB command fails, which might make it easier for physically proximate attackers to obtain sensitive information (kernel memory). (CVE-2010-1083)\n\n - drivers/connector/connector.c in the Linux kernel allows local users to cause a denial of service (memory consumption and system crash) by sending the kernel many NETLINK_CONNECTOR messages. (CVE-2010-0410)", "cvss3": {}, "published": "2012-05-17T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 7015)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-4020", "CVE-2009-4537", "CVE-2010-0410", "CVE-2010-1083", "CVE-2010-1086", "CVE-2010-1088"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_KERNEL-7015.NASL", "href": "https://www.tenable.com/plugins/nessus/59148", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59148);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-4020\", \"CVE-2009-4537\", \"CVE-2010-0410\", \"CVE-2010-1083\", \"CVE-2010-1086\", \"CVE-2010-1088\");\n\n script_name(english:\"SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 7015)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes a several security issues and various bugs in the\nSUSE Linux Enterprise 10 SP 2 kernel. The bugs fixed include a serious\ndata corruption regression in NFS.\n\nThe following security issues were fixed :\n\n - drivers/net/r8169.c in the r8169 driver in the Linux\n kernel does not properly check the size of an Ethernet\n frame that exceeds the MTU, which allows remote\n attackers to (1) cause a denial of service (temporary\n network outage) via a packet with a crafted size, in\n conjunction with certain packets containing A characters\n and certain packets containing E characters; or (2)\n cause a denial of service (system crash) via a packet\n with a crafted size, in conjunction with certain packets\n containing '0' characters, related to the value of the\n status register and erroneous behavior associated with\n the RxMaxSize register. (CVE-2009-4537)\n\n - The ULE decapsulation functionality in\n drivers/media/dvb/dvb-core/dvb_net.c in dvb-core in the\n Linux kernel arlier allows attackers to cause a denial\n of service (infinite loop) via a crafted MPEG2-TS frame,\n related to an invalid Payload Pointer ULE.\n (CVE-2010-1086)\n\n - fs/namei.c in Linux kernel does not always follow NFS\n automount 'symlinks,' which allows attackers to have an\n unknown impact, related to LOOKUP_FOLLOW.\n (CVE-2010-1088)\n\n - Stack-based buffer overflow in the hfs subsystem in the\n Linux kernel allows remote attackers to have an\n unspecified impact via a crafted Hierarchical File\n System (HFS) filesystem, related to the hfs_readdir\n function in fs/hfs/dir.c. (CVE-2009-4020)\n\n - The processcompl_compat function in\n drivers/usb/core/devio.c in the Linux kernel does not\n clear the transfer buffer before returning to userspace\n when a USB command fails, which might make it easier for\n physically proximate attackers to obtain sensitive\n information (kernel memory). (CVE-2010-1083)\n\n - drivers/connector/connector.c in the Linux kernel allows\n local users to cause a denial of service (memory\n consumption and system crash) by sending the kernel many\n NETLINK_CONNECTOR messages. (CVE-2010-0410)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-4020.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-4537.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0410.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-1083.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-1086.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-1088.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7015.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_cwe_id(20, 119, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/05/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"x86_64\", reference:\"kernel-default-2.6.16.60-0.42.10\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"x86_64\", reference:\"kernel-smp-2.6.16.60-0.42.10\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"x86_64\", reference:\"kernel-source-2.6.16.60-0.42.10\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"x86_64\", reference:\"kernel-syms-2.6.16.60-0.42.10\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"x86_64\", reference:\"kernel-xen-2.6.16.60-0.42.10\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"x86_64\", reference:\"kernel-debug-2.6.16.60-0.42.10\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"x86_64\", reference:\"kernel-default-2.6.16.60-0.42.10\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"x86_64\", reference:\"kernel-kdump-2.6.16.60-0.42.10\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"x86_64\", reference:\"kernel-smp-2.6.16.60-0.42.10\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"x86_64\", reference:\"kernel-source-2.6.16.60-0.42.10\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"x86_64\", reference:\"kernel-syms-2.6.16.60-0.42.10\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"x86_64\", reference:\"kernel-xen-2.6.16.60-0.42.10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T14:43:08", "description": "This SUSE Linux Enterprise 10 SP3 kernel update fixes a severe regression introduced by previous bugfix updates that would corrupt NFSv4 mounted data.\n\nThe update also fixes several other bugs and following security issue :\n\n - drivers/net/r8169.c in the r8169 driver of Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the maximum transmission unit (MTU), which allows remote attackers to.\n (CVE-2009-4537)\n\n 1. cause a denial of service (temporary network outage) via a packet with a crafted size, in conjunction with certain packets containing A characters and certain packets containing E characters; or 2. cause a denial of service (system crash) via a packet with a crafted size, in conjunction with certain packets containing '0' characters, related to the value of the status register and erroneous behavior associated with the RxMaxSize register.\n\n - An information leak in 32bit emulation on x86_64 machines could disclose sensitive information to local attackers. (CVE-2008-0598)", "cvss3": {}, "published": "2012-05-17T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : the Linux kernel (x86_64) (ZYPP Patch Number 7063)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0598", "CVE-2009-4537"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_KERNEL-7063.NASL", "href": "https://www.tenable.com/plugins/nessus/59149", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59149);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-0598\", \"CVE-2009-4537\");\n\n script_name(english:\"SuSE 10 Security Update : the Linux kernel (x86_64) (ZYPP Patch Number 7063)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This SUSE Linux Enterprise 10 SP3 kernel update fixes a severe\nregression introduced by previous bugfix updates that would corrupt\nNFSv4 mounted data.\n\nThe update also fixes several other bugs and following security \nissue :\n\n - drivers/net/r8169.c in the r8169 driver of Linux kernel\n 2.6.32.3 and earlier does not properly check the size of\n an Ethernet frame that exceeds the maximum transmission\n unit (MTU), which allows remote attackers to.\n (CVE-2009-4537)\n\n 1. cause a denial of service (temporary network outage)\n via a packet with a crafted size, in conjunction with\n certain packets containing A characters and certain\n packets containing E characters; or 2. cause a denial of\n service (system crash) via a packet with a crafted size,\n in conjunction with certain packets containing '0'\n characters, related to the value of the status register\n and erroneous behavior associated with the RxMaxSize\n register.\n\n - An information leak in 32bit emulation on x86_64\n machines could disclose sensitive information to local\n attackers. (CVE-2008-0598)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-0598.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-4537.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7063.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_cwe_id(20, 200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/05/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/05/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"x86_64\", reference:\"kernel-default-2.6.16.60-0.66.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"x86_64\", reference:\"kernel-smp-2.6.16.60-0.66.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"x86_64\", reference:\"kernel-source-2.6.16.60-0.66.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"x86_64\", reference:\"kernel-syms-2.6.16.60-0.66.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"x86_64\", reference:\"kernel-xen-2.6.16.60-0.66.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"kernel-debug-2.6.16.60-0.66.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"kernel-default-2.6.16.60-0.66.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"kernel-kdump-2.6.16.60-0.66.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"kernel-smp-2.6.16.60-0.66.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"kernel-source-2.6.16.60-0.66.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"kernel-syms-2.6.16.60-0.66.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"kernel-xen-2.6.16.60-0.66.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-06T15:23:20", "description": "drivers/net/r8169.c in the r8169 driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to (1) cause a denial of service (temporary network outage) via a packet with a crafted size, in conjunction with certain packets containing A characters and certain packets containing E characters; or (2) cause a denial of service (system crash) via a packet with a crafted size, in conjunction with certain packets containing '\\0' characters, related to the value of the status register and erroneous behavior associated with the RxMaxSize register. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1389.", "cvss3": {}, "published": "2015-04-23T00:00:00", "type": "nessus", "title": "F5 Networks BIG-IP : Linux kernel vulnerability (SOL16479)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1389", "CVE-2009-4537"], "modified": "2021-03-10T00:00:00", "cpe": ["cpe:/a:f5:big-ip_access_policy_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_wan_optimization_manager", "cpe:/a:f5:big-ip_webaccelerator", "cpe:/h:f5:big-ip", "cpe:/h:f5:big-ip_protocol_security_manager"], "id": "F5_BIGIP_SOL16479.NASL", "href": "https://www.tenable.com/plugins/nessus/83006", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution SOL16479.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83006);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/10\");\n\n script_cve_id(\"CVE-2009-1389\", \"CVE-2009-4537\");\n script_bugtraq_id(35281, 37521);\n\n script_name(english:\"F5 Networks BIG-IP : Linux kernel vulnerability (SOL16479)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"drivers/net/r8169.c in the r8169 driver in the Linux kernel 2.6.32.3\nand earlier does not properly check the size of an Ethernet frame that\nexceeds the MTU, which allows remote attackers to (1) cause a denial\nof service (temporary network outage) via a packet with a crafted\nsize, in conjunction with certain packets containing A characters and\ncertain packets containing E characters; or (2) cause a denial of\nservice (system crash) via a packet with a crafted size, in\nconjunction with certain packets containing '\\0' characters, related\nto the value of the status register and erroneous behavior associated\nwith the RxMaxSize register. NOTE: this vulnerability exists because\nof an incorrect fix for CVE-2009-1389.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K16479\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution SOL16479.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 119);\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_wan_optimization_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/06/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"SOL16479\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"10.1.0-10.2.4\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"11.0.0-11.6.0\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"10.0.0-10.2.4\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"11.0.0-11.6.0\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"10.0.0-10.2.4\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"11.0.0-11.6.0\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"10.0.0-10.2.4\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"11.0.0-11.6.0\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"10.0.0-10.2.4\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"11.0.0-11.6.0\");\n\n# PSM\nvmatrix[\"PSM\"] = make_array();\nvmatrix[\"PSM\"][\"affected\" ] = make_list(\"10.0.0-10.2.4\");\nvmatrix[\"PSM\"][\"unaffected\"] = make_list(\"11.0.0-11.4.1\");\n\n# WAM\nvmatrix[\"WAM\"] = make_array();\nvmatrix[\"WAM\"][\"affected\" ] = make_list(\"10.0.0-10.2.4\");\nvmatrix[\"WAM\"][\"unaffected\"] = make_list(\"11.0.0-11.3.0\");\n\n# WOM\nvmatrix[\"WOM\"] = make_array();\nvmatrix[\"WOM\"][\"affected\" ] = make_list(\"10.0.0-10.2.4\");\nvmatrix[\"WOM\"][\"unaffected\"] = make_list(\"11.0.0-11.3.0\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_hole(port:0, extra:bigip_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-06T15:54:48", "description": "This SUSE Linux Enterprise 10 SP3 kernel update fixes a severe regression introduced by previous bugfix updates that would corrupt NFSv4 mounted data.\n\nThe update also fixes several other bugs and following security issue :\n\n - drivers/net/r8169.c in the r8169 driver of Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the maximum transmission unit (MTU), which allows remote attackers to.\n (CVE-2009-4537)\n\n 1. cause a denial of service (temporary network outage) via a packet with a crafted size, in conjunction with certain packets containing A characters and certain packets containing E characters; or 2. cause a denial of service (system crash) via a packet with a crafted size, in conjunction with certain packets containing '0' characters, related to the value of the status register and erroneous behavior associated with the RxMaxSize register.\n\n - An information leak in 32bit emulation on x86_64 machines could disclose sensitive information to local attackers. (CVE-2008-0598)", "cvss3": {}, "published": "2010-10-11T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : Linux kernel (i386) (ZYPP Patch Number 7059)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0598", "CVE-2009-4537"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_KERNEL-7059.NASL", "href": "https://www.tenable.com/plugins/nessus/49871", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(49871);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-0598\", \"CVE-2009-4537\");\n\n script_name(english:\"SuSE 10 Security Update : Linux kernel (i386) (ZYPP Patch Number 7059)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This SUSE Linux Enterprise 10 SP3 kernel update fixes a severe\nregression introduced by previous bugfix updates that would corrupt\nNFSv4 mounted data.\n\nThe update also fixes several other bugs and following security \nissue :\n\n - drivers/net/r8169.c in the r8169 driver of Linux kernel\n 2.6.32.3 and earlier does not properly check the size of\n an Ethernet frame that exceeds the maximum transmission\n unit (MTU), which allows remote attackers to.\n (CVE-2009-4537)\n\n 1. cause a denial of service (temporary network outage)\n via a packet with a crafted size, in conjunction with\n certain packets containing A characters and certain\n packets containing E characters; or 2. cause a denial of\n service (system crash) via a packet with a crafted size,\n in conjunction with certain packets containing '0'\n characters, related to the value of the status register\n and erroneous behavior associated with the RxMaxSize\n register.\n\n - An information leak in 32bit emulation on x86_64\n machines could disclose sensitive information to local\n attackers. (CVE-2008-0598)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-0598.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-4537.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7059.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_cwe_id(20, 200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/05/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"i586\", reference:\"kernel-bigsmp-2.6.16.60-0.66.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"i586\", reference:\"kernel-default-2.6.16.60-0.66.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"i586\", reference:\"kernel-smp-2.6.16.60-0.66.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"i586\", reference:\"kernel-source-2.6.16.60-0.66.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"i586\", reference:\"kernel-syms-2.6.16.60-0.66.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"i586\", reference:\"kernel-xen-2.6.16.60-0.66.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"i586\", reference:\"kernel-xenpae-2.6.16.60-0.66.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"i586\", reference:\"kernel-bigsmp-2.6.16.60-0.66.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"i586\", reference:\"kernel-debug-2.6.16.60-0.66.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"i586\", reference:\"kernel-default-2.6.16.60-0.66.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"i586\", reference:\"kernel-kdump-2.6.16.60-0.66.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"i586\", reference:\"kernel-kdumppae-2.6.16.60-0.66.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"i586\", reference:\"kernel-smp-2.6.16.60-0.66.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"i586\", reference:\"kernel-source-2.6.16.60-0.66.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"i586\", reference:\"kernel-syms-2.6.16.60-0.66.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"i586\", reference:\"kernel-vmi-2.6.16.60-0.66.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"i586\", reference:\"kernel-vmipae-2.6.16.60-0.66.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"i586\", reference:\"kernel-xen-2.6.16.60-0.66.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"i586\", reference:\"kernel-xenpae-2.6.16.60-0.66.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-06T15:41:00", "description": "Updated kernel packages that fix three security issues, address several hundred bugs, and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 5. This is the fifth regular update.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThis update fixes the following security issues :\n\n* a race condition was found in the mac80211 implementation, a framework used for writing drivers for wireless devices. An attacker could trigger this flaw by sending a Delete Block ACK (DELBA) packet to a target system, resulting in a remote denial of service. Note:\nThis issue only affected users on 802.11n networks, and that also use the iwlagn driver with Intel wireless hardware. (CVE-2009-4027, Important)\n\n* a flaw was found in the gfs2_lock() implementation. The GFS2 locking code could skip the lock operation for files that have the S_ISGID bit (set-group-ID on execution) in their mode set. A local, unprivileged user on a system that has a GFS2 file system mounted could use this flaw to cause a kernel panic. (CVE-2010-0727, Moderate)\n\n* a divide-by-zero flaw was found in the ext4 file system code. A local attacker could use this flaw to cause a denial of service by mounting a specially crafted ext4 file system. (CVE-2009-4307, Low)\n\nThese updated packages also include several hundred bug fixes for and enhancements to the Linux kernel. Space precludes documenting each of these changes in this advisory and users are directed to the Red Hat Enterprise Linux 5.5 Release Notes for information on the most significant of these changes :\n\nhttp://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.5/html/ Release_Notes/\n\nAlso, for details concerning every bug fixed in and every enhancement added to the kernel for this release, refer to the kernel chapter in the Red Hat Enterprise Linux 5.5 Technical Notes :\n\nhttp://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.5/html/ Technical_Notes/kernel.html\n\nAll Red Hat Enterprise Linux 5 users are advised to install these updated packages, which address these vulnerabilities as well as fixing the bugs and adding the enhancements noted in the Red Hat Enterprise Linux 5.5 Release Notes and Technical Notes. The system must be rebooted for this update to take effect.", "cvss3": {}, "published": "2010-05-11T00:00:00", "type": "nessus", "title": "RHEL 5 : kernel (RHSA-2010:0178)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-6733", "CVE-2009-4026", "CVE-2009-4027", "CVE-2009-4307", "CVE-2010-0727", "CVE-2010-1188"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-pae", "p-cpe:/a:redhat:enterprise_linux:kernel-pae-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-xen", "p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel", "cpe:/o:redhat:enterprise_linux:5"], "id": "REDHAT-RHSA-2010-0178.NASL", "href": "https://www.tenable.com/plugins/nessus/46282", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0178. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(46282);\n script_version(\"1.34\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-6733\", \"CVE-2009-4026\", \"CVE-2009-4027\", \"CVE-2009-4307\", \"CVE-2010-0727\", \"CVE-2010-1188\");\n script_bugtraq_id(37170);\n script_xref(name:\"RHSA\", value:\"2010:0178\");\n\n script_name(english:\"RHEL 5 : kernel (RHSA-2010:0178)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix three security issues, address\nseveral hundred bugs, and add numerous enhancements are now available\nas part of the ongoing support and maintenance of Red Hat Enterprise\nLinux version 5. This is the fifth regular update.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n* a race condition was found in the mac80211 implementation, a\nframework used for writing drivers for wireless devices. An attacker\ncould trigger this flaw by sending a Delete Block ACK (DELBA) packet\nto a target system, resulting in a remote denial of service. Note:\nThis issue only affected users on 802.11n networks, and that also use\nthe iwlagn driver with Intel wireless hardware. (CVE-2009-4027,\nImportant)\n\n* a flaw was found in the gfs2_lock() implementation. The GFS2 locking\ncode could skip the lock operation for files that have the S_ISGID bit\n(set-group-ID on execution) in their mode set. A local, unprivileged\nuser on a system that has a GFS2 file system mounted could use this\nflaw to cause a kernel panic. (CVE-2010-0727, Moderate)\n\n* a divide-by-zero flaw was found in the ext4 file system code. A\nlocal attacker could use this flaw to cause a denial of service by\nmounting a specially crafted ext4 file system. (CVE-2009-4307, Low)\n\nThese updated packages also include several hundred bug fixes for and\nenhancements to the Linux kernel. Space precludes documenting each of\nthese changes in this advisory and users are directed to the Red Hat\nEnterprise Linux 5.5 Release Notes for information on the most\nsignificant of these changes :\n\nhttp://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.5/html/\nRelease_Notes/\n\nAlso, for details concerning every bug fixed in and every enhancement\nadded to the kernel for this release, refer to the kernel chapter in\nthe Red Hat Enterprise Linux 5.5 Technical Notes :\n\nhttp://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.5/html/\nTechnical_Notes/kernel.html\n\nAll Red Hat Enterprise Linux 5 users are advised to install these\nupdated packages, which address these vulnerabilities as well as\nfixing the bugs and adding the enhancements noted in the Red Hat\nEnterprise Linux 5.5 Release Notes and Technical Notes. The system\nmust be rebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-4027\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-4307\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0727\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-1188\"\n );\n # http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.5/html/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/documentation/en-us/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2010:0178\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(189, 362);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-PAE-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/12/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/03/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/05/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2007-6733\", \"CVE-2009-4026\", \"CVE-2009-4027\", \"CVE-2009-4307\", \"CVE-2010-0727\", \"CVE-2010-1188\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2010:0178\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2010:0178\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-2.6.18-194.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-2.6.18-194.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-2.6.18-194.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-PAE-2.6.18-194.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-PAE-devel-2.6.18-194.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-debug-2.6.18-194.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-debug-2.6.18-194.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.18-194.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-debug-devel-2.6.18-194.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-debug-devel-2.6.18-194.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.18-194.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-devel-2.6.18-194.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-devel-2.6.18-194.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.18-194.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"kernel-doc-2.6.18-194.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"kernel-headers-2.6.18-194.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-headers-2.6.18-194.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.18-194.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-kdump-2.6.18-194.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-kdump-devel-2.6.18-194.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-xen-2.6.18-194.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-xen-2.6.18-194.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-xen-devel-2.6.18-194.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-xen-devel-2.6.18-194.el5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-PAE / kernel-PAE-devel / kernel-debug / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T14:43:23", "description": "This kernel security update fixes lots of bugs and some", "cvss3": {}, "published": "2012-05-17T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 5605)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0598", "CVE-2008-1673", "CVE-2008-3272", "CVE-2008-3275"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_KERNEL-5605.NASL", "href": "https://www.tenable.com/plugins/nessus/59130", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59130);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-0598\", \"CVE-2008-1673\", \"CVE-2008-3272\", \"CVE-2008-3275\");\n\n script_name(english:\"SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 5605)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\"This kernel security update fixes lots of bugs and some\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-0598.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-1673.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-3272.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-3275.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 5605.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 189, 200, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/09/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/05/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"x86_64\", reference:\"kernel-default-2.6.16.60-0.30\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"x86_64\", reference:\"kernel-smp-2.6.16.60-0.30\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"x86_64\", reference:\"kernel-source-2.6.16.60-0.30\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"x86_64\", reference:\"kernel-syms-2.6.16.60-0.30\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"x86_64\", reference:\"kernel-xen-2.6.16.60-0.30\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"x86_64\", reference:\"kernel-debug-2.6.16.60-0.30\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"x86_64\", reference:\"kernel-default-2.6.16.60-0.30\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"x86_64\", reference:\"kernel-kdump-2.6.16.60-0.30\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"x86_64\", reference:\"kernel-smp-2.6.16.60-0.30\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"x86_64\", reference:\"kernel-source-2.6.16.60-0.30\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"x86_64\", reference:\"kernel-syms-2.6.16.60-0.30\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"x86_64\", reference:\"kernel-xen-2.6.16.60-0.30\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-10T16:47:53", "description": "The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2010-0178 advisory.\n\n - Race condition in the mac80211 subsystem in the Linux kernel before 2.6.32-rc8-next-20091201 allows remote attackers to cause a denial of service (system crash) via a Delete Block ACK (aka DELBA) packet that triggers a certain state change in the absence of an aggregation session. (CVE-2009-4027)\n\n - The ext4_fill_flex_info function in fs/ext4/super.c in the Linux kernel before 2.6.32-git6 allows user- assisted remote attackers to cause a denial of service (divide-by-zero error and panic) via a malformed ext4 filesystem containing a super block with a large FLEX_BG group size (aka s_log_groups_per_flex value). (CVE-2009-4307)\n\n - The gfs2_lock function in the Linux kernel before 2.6.34-rc1-next-20100312, and the gfs_lock function in the Linux kernel on Red Hat Enterprise Linux (RHEL) 5 and 6, does not properly remove POSIX locks on files that are setgid without group-execute permission, which allows local users to cause a denial of service (BUG and system crash) by locking a file on a (1) GFS or (2) GFS2 filesystem, and then changing this file's permissions. (CVE-2010-0727)\n\n - Use-after-free vulnerability in net/ipv4/tcp_input.c in the Linux kernel 2.6 before 2.6.20, when IPV6_RECVPKTINFO is set on a listening socket, allows remote attackers to cause a denial of service (kernel panic) via a SYN packet while the socket is in a listening (TCP_LISTEN) state, which is not properly handled and causes the skb structure to be freed. (CVE-2010-1188)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-09-07T00:00:00", "type": "nessus", "title": "Oracle Linux 5 : Oracle / Enterprise / Linux / 5.5 / kernel (ELSA-2010-0178)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-4027", "CVE-2009-4307", "CVE-2010-0727", "CVE-2010-1188"], "modified": "2023-09-07T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:ocfs2-2.6.18-194.el5", "p-cpe:/a:oracle:linux:oracleasm-2.6.18-194.el5", "p-cpe:/a:oracle:linux:kernel-xen-devel", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:oracleasm-2.6.18-194.el5pae", "p-cpe:/a:oracle:linux:oracleasm-2.6.18-194.el5xen", "p-cpe:/a:oracle:linux:kernel-pae", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:ocfs2-2.6.18-194.el5pae", "cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:kernel-xen", "p-cpe:/a:oracle:linux:ocfs2-2.6.18-194.el5debug", "p-cpe:/a:oracle:linux:ocfs2-2.6.18-194.el5xen", "p-cpe:/a:oracle:linux:oracleasm-2.6.18-194.el5debug", "p-cpe:/a:oracle:linux:kernel-pae-devel"], "id": "ORACLELINUX_ELSA-2010-0178.NASL", "href": "https://www.tenable.com/plugins/nessus/180620", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2010-0178.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(180620);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/09/07\");\n\n script_cve_id(\n \"CVE-2009-4027\",\n \"CVE-2009-4307\",\n \"CVE-2010-0727\",\n \"CVE-2010-1188\"\n );\n script_xref(name:\"IAVA\", value:\"2010-A-0001-S\");\n\n script_name(english:\"Oracle Linux 5 : Oracle / Enterprise / Linux / 5.5 / kernel (ELSA-2010-0178)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2010-0178 advisory.\n\n - Race condition in the mac80211 subsystem in the Linux kernel before 2.6.32-rc8-next-20091201 allows remote\n attackers to cause a denial of service (system crash) via a Delete Block ACK (aka DELBA) packet that\n triggers a certain state change in the absence of an aggregation session. (CVE-2009-4027)\n\n - The ext4_fill_flex_info function in fs/ext4/super.c in the Linux kernel before 2.6.32-git6 allows user-\n assisted remote attackers to cause a denial of service (divide-by-zero error and panic) via a malformed\n ext4 filesystem containing a super block with a large FLEX_BG group size (aka s_log_groups_per_flex\n value). (CVE-2009-4307)\n\n - The gfs2_lock function in the Linux kernel before 2.6.34-rc1-next-20100312, and the gfs_lock function in\n the Linux kernel on Red Hat Enterprise Linux (RHEL) 5 and 6, does not properly remove POSIX locks on files\n that are setgid without group-execute permission, which allows local users to cause a denial of service\n (BUG and system crash) by locking a file on a (1) GFS or (2) GFS2 filesystem, and then changing this\n file's permissions. (CVE-2010-0727)\n\n - Use-after-free vulnerability in net/ipv4/tcp_input.c in the Linux kernel 2.6 before 2.6.20, when\n IPV6_RECVPKTINFO is set on a listening socket, allows remote attackers to cause a denial of service\n (kernel panic) via a SYN packet while the socket is in a listening (TCP_LISTEN) state, which is not\n properly handled and causes the skb structure to be freed. (CVE-2010-1188)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2010-0178.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2010-1188\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/01/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/04/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/09/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-PAE-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ocfs2-2.6.18-194.el5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ocfs2-2.6.18-194.el5PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ocfs2-2.6.18-194.el5debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ocfs2-2.6.18-194.el5xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:oracleasm-2.6.18-194.el5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:oracleasm-2.6.18-194.el5PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:oracleasm-2.6.18-194.el5debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:oracleasm-2.6.18-194.el5xen\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(os_release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:os_release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 5', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['2.6.18-194.el5'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2010-0178');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '2.6';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-headers-2.6.18-194.el5', 'cpu':'i386', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-2.6.18'},\n {'reference':'kernel-2.6.18-194.el5', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-2.6.18'},\n {'reference':'kernel-PAE-2.6.18-194.el5', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-PAE-2.6.18'},\n {'reference':'kernel-PAE-devel-2.6.18-194.el5', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-PAE-devel-2.6.18'},\n {'reference':'kernel-debug-2.6.18-194.el5', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-2.6.18'},\n {'reference':'kernel-debug-devel-2.6.18-194.el5', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-2.6.18'},\n {'reference':'kernel-devel-2.6.18-194.el5', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-2.6.18'},\n {'reference':'kernel-xen-2.6.18-194.el5', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-xen-2.6.18'},\n {'reference':'kernel-xen-devel-2.6.18-194.el5', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-xen-devel-2.6.18'},\n {'reference':'ocfs2-2.6.18-194.el5-1.4.4-1.el5', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ocfs2-2.6.18-194.el5PAE-1.4.4-1.el5', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ocfs2-2.6.18-194.el5debug-1.4.4-1.el5', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ocfs2-2.6.18-194.el5xen-1.4.4-1.el5', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'oracleasm-2.6.18-194.el5-2.0.5-1.el5', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'oracleasm-2.6.18-194.el5PAE-2.0.5-1.el5', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'oracleasm-2.6.18-194.el5debug-2.0.5-1.el5', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'oracleasm-2.6.18-194.el5xen-2.0.5-1.el5', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-2.6.18-194.el5', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-2.6.18'},\n {'reference':'kernel-debug-2.6.18-194.el5', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-2.6.18'},\n {'reference':'kernel-debug-devel-2.6.18-194.el5', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-2.6.18'},\n {'reference':'kernel-devel-2.6.18-194.el5', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-2.6.18'},\n {'reference':'kernel-headers-2.6.18-194.el5', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-2.6.18'},\n {'reference':'kernel-xen-2.6.18-194.el5', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-xen-2.6.18'},\n {'reference':'kernel-xen-devel-2.6.18-194.el5', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-xen-devel-2.6.18'},\n {'reference':'ocfs2-2.6.18-194.el5-1.4.4-1.el5', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ocfs2-2.6.18-194.el5debug-1.4.4-1.el5', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ocfs2-2.6.18-194.el5xen-1.4.4-1.el5', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'oracleasm-2.6.18-194.el5-2.0.5-1.el5', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'oracleasm-2.6.18-194.el5debug-2.0.5-1.el5', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'oracleasm-2.6.18-194.el5xen-2.0.5-1.el5', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release) {\n if (exists_check) {\n if (rpm_exists(release:_release, rpm:exists_check) && rpm_check(release:_release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel / kernel-PAE / kernel-PAE-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-06T15:15:56", "description": "Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5.4 Extended Update Support.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity fixes :\n\n* a race condition was found in the mac80211 implementation, a framework used for writing drivers for wireless devices. An attacker could trigger this flaw by sending a Delete Block ACK (DELBA) packet to a target system, resulting in a remote denial of service. Note:\nThis issue only affected users on 802.11n networks, and that also use the iwlagn driver with Intel wireless hardware. (CVE-2009-4027, Important)\n\n* a use-after-free flaw was found in the tcp_rcv_state_process() function in the Linux kernel TCP/IP protocol suite implementation. If a system using IPv6 had the IPV6_RECVPKTINFO option set on a listening socket, a remote attacker could send an IPv6 packet to that system, causing a kernel panic (denial of service). (CVE-2010-1188, Important)\n\n* a flaw was found in the gfs2_lock() implementation. The GFS2 locking code could skip the lock operation for files that have the S_ISGID bit (set-group-ID on execution) in their mode set. A local, unprivileged user on a system that has a GFS2 file system mounted could use this flaw to cause a kernel panic (denial of service). (CVE-2010-0727, Moderate)\n\n* a divide-by-zero flaw was found in the ext4 file system code. A local attacker could use this flaw to cause a denial of service by mounting a specially crafted ext4 file system. (CVE-2009-4307, Low)\n\nBug fixes :\n\n* if a program that calls posix_fadvise() were compiled on x86, and then run on a 64-bit system, that program could experience various problems, including performance issues and the call to posix_fadvise() failing, causing the program to not run as expected or even abort.\nWith this update, when such programs attempt to call posix_fadvise() on 64-bit systems, sys32_fadvise64() is called instead, which resolves this issue. This update also fixes other 32-bit system calls that were mistakenly called on 64-bit systems (including systems running the kernel-xen kernel). (BZ#569597)\n\n* on some systems able to set a P-State limit via the BIOS, it was not possible to set the limit to a higher frequency if the system was rebooted while a low limit was set:\n'/sys/devices/system/cpu/cpu[x]/cpufreq/scaling_max_freq' would retain the low limit in these situations. With this update, limits are correctly set, even after being changed after a system reboot.\n(BZ#569727)\n\n* certain Intel ICH hardware (using the e1000e driver) has an NFS filtering capability that did not work as expected, causing memory corruption, which could lead to kernel panics, or other unexpected behavior. In a reported case, a panic occurred when running NFS connection tests. This update resolves this issue by disabling the filtering capability. (BZ#569797)\n\n* if 'open(/proc/[PID]/[xxxx])' was called at the same time the process was exiting, the call would fail with an EINVAL error (an incorrect error for this situation). With this update, the correct error, ENOENT, is returned in this situation. (BZ#571362)\n\n* multiqueue is used for transmitting data, but a single queue transmit ON/OFF scheme was used. This led to a race condition on systems with the bnx2x driver in situations where one queue became full, but not stopped, and the other queue enabled transmission. With this update, only a single queue is used. (BZ#576951)\n\n* the '/proc/sys/vm/mmap_min_addr' tunable helps prevent unprivileged users from creating new memory mappings below the minimum address. The sysctl value for mmap_min_addr could be changed by a process or user that has an effective user ID (euid) of 0, even if the process or user does not have the CAP_SYS_RAWIO capability. This update adds a capability check for the CAP_SYS_RAWIO capability before allowing the mmap_min_addr value to be changed. (BZ#577206)\n\nUsers should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.", "cvss3": {}, "published": "2013-01-24T00:00:00", "type": "nessus", "title": "RHEL 5 : kernel (RHSA-2010:0380)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-4027", "CVE-2009-4307", "CVE-2010-0727", "CVE-2010-1188"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-pae", "p-cpe:/a:redhat:enterprise_linux:kernel-pae-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-xen", "p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel", "cpe:/o:redhat:enterprise_linux:5.4"], "id": "REDHAT-RHSA-2010-0380.NASL", "href": "https://www.tenable.com/plugins/nessus/63932", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0380. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63932);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-4027\", \"CVE-2009-4307\", \"CVE-2010-0727\", \"CVE-2010-1188\");\n script_bugtraq_id(37170, 39016, 39101);\n script_xref(name:\"RHSA\", value:\"2010:0380\");\n\n script_name(english:\"RHEL 5 : kernel (RHSA-2010:0380)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix multiple security issues and several\nbugs are now available for Red Hat Enterprise Linux 5.4 Extended\nUpdate Support.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity fixes :\n\n* a race condition was found in the mac80211 implementation, a\nframework used for writing drivers for wireless devices. An attacker\ncould trigger this flaw by sending a Delete Block ACK (DELBA) packet\nto a target system, resulting in a remote denial of service. Note:\nThis issue only affected users on 802.11n networks, and that also use\nthe iwlagn driver with Intel wireless hardware. (CVE-2009-4027,\nImportant)\n\n* a use-after-free flaw was found in the tcp_rcv_state_process()\nfunction in the Linux kernel TCP/IP protocol suite implementation. If\na system using IPv6 had the IPV6_RECVPKTINFO option set on a listening\nsocket, a remote attacker could send an IPv6 packet to that system,\ncausing a kernel panic (denial of service). (CVE-2010-1188, Important)\n\n* a flaw was found in the gfs2_lock() implementation. The GFS2 locking\ncode could skip the lock operation for files that have the S_ISGID bit\n(set-group-ID on execution) in their mode set. A local, unprivileged\nuser on a system that has a GFS2 file system mounted could use this\nflaw to cause a kernel panic (denial of service). (CVE-2010-0727,\nModerate)\n\n* a divide-by-zero flaw was found in the ext4 file system code. A\nlocal attacker could use this flaw to cause a denial of service by\nmounting a specially crafted ext4 file system. (CVE-2009-4307, Low)\n\nBug fixes :\n\n* if a program that calls posix_fadvise() were compiled on x86, and\nthen run on a 64-bit system, that program could experience various\nproblems, including performance issues and the call to posix_fadvise()\nfailing, causing the program to not run as expected or even abort.\nWith this update, when such programs attempt to call posix_fadvise()\non 64-bit systems, sys32_fadvise64() is called instead, which resolves\nthis issue. This update also fixes other 32-bit system calls that were\nmistakenly called on 64-bit systems (including systems running the\nkernel-xen kernel). (BZ#569597)\n\n* on some systems able to set a P-State limit via the BIOS, it was not\npossible to set the limit to a higher frequency if the system was\nrebooted while a low limit was set:\n'/sys/devices/system/cpu/cpu[x]/cpufreq/scaling_max_freq' would retain\nthe low limit in these situations. With this update, limits are\ncorrectly set, even after being changed after a system reboot.\n(BZ#569727)\n\n* certain Intel ICH hardware (using the e1000e driver) has an NFS\nfiltering capability that did not work as expected, causing memory\ncorruption, which could lead to kernel panics, or other unexpected\nbehavior. In a reported case, a panic occurred when running NFS\nconnection tests. This update resolves this issue by disabling the\nfiltering capability. (BZ#569797)\n\n* if 'open(/proc/[PID]/[xxxx])' was called at the same time the\nprocess was exiting, the call would fail with an EINVAL error (an\nincorrect error for this situation). With this update, the correct\nerror, ENOENT, is returned in this situation. (BZ#571362)\n\n* multiqueue is used for transmitting data, but a single queue\ntransmit ON/OFF scheme was used. This led to a race condition on\nsystems with the bnx2x driver in situations where one queue became\nfull, but not stopped, and the other queue enabled transmission. With\nthis update, only a single queue is used. (BZ#576951)\n\n* the '/proc/sys/vm/mmap_min_addr' tunable helps prevent unprivileged\nusers from creating new memory mappings below the minimum address. The\nsysctl value for mmap_min_addr could be changed by a process or user\nthat has an effective user ID (euid) of 0, even if the process or user\ndoes not have the CAP_SYS_RAWIO capability. This update adds a\ncapability check for the CAP_SYS_RAWIO capability before allowing the\nmmap_min_addr value to be changed. (BZ#577206)\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues. The system must be\nrebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2009-4027.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2009-4307.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-0727.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-1188.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2010-0380.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(189, 362);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-PAE-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/04/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"RHEL5\", sp:\"4\", cpu:\"i686\", reference:\"kernel-2.6.18-164.17.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-2.6.18-164.17.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-2.6.18-164.17.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"4\", cpu:\"i686\", reference:\"kernel-PAE-2.6.18-164.17.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"4\", cpu:\"i686\", reference:\"kernel-PAE-devel-2.6.18-164.17.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"4\", cpu:\"i686\", reference:\"kernel-debug-2.6.18-164.17.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-debug-2.6.18-164.17.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.18-164.17.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"4\", cpu:\"i686\", reference:\"kernel-debug-devel-2.6.18-164.17.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-debug-devel-2.6.18-164.17.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.18-164.17.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"4\", cpu:\"i686\", reference:\"kernel-devel-2.6.18-164.17.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-devel-2.6.18-164.17.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.18-164.17.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"4\", reference:\"kernel-doc-2.6.18-164.17.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"4\", cpu:\"i386\", reference:\"kernel-headers-2.6.18-164.17.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-headers-2.6.18-164.17.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.18-164.17.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-kdump-2.6.18-164.17.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-kdump-devel-2.6.18-164.17.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"4\", cpu:\"i686\", reference:\"kernel-xen-2.6.18-164.17.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-xen-2.6.18-164.17.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"4\", cpu:\"i686\", reference:\"kernel-xen-devel-2.6.18-164.17.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-xen-devel-2.6.18-164.17.1.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-04T14:42:10", "description": "This kernel security update fixes lots of bugs and some", "cvss3": {}, "published": "2009-09-24T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : Linux Kernel (x86) (ZYPP Patch Number 5565)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0598", "CVE-2008-1673", "CVE-2008-3272", "CVE-2008-3275"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_KERNEL-5565.NASL", "href": "https://www.tenable.com/plugins/nessus/41534", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41534);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-0598\", \"CVE-2008-1673\", \"CVE-2008-3272\", \"CVE-2008-3275\");\n\n script_name(english:\"SuSE 10 Security Update : Linux Kernel (x86) (ZYPP Patch Number 5565)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\"This kernel security update fixes lots of bugs and some\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-0598.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-1673.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-3272.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-3275.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 5565.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 189, 200, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/08/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"i586\", reference:\"kernel-bigsmp-2.6.16.60-0.29\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"i586\", reference:\"kernel-default-2.6.16.60-0.29\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"i586\", reference:\"kernel-smp-2.6.16.60-0.29\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"i586\", reference:\"kernel-source-2.6.16.60-0.29\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"i586\", reference:\"kernel-syms-2.6.16.60-0.29\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"i586\", reference:\"kernel-xen-2.6.16.60-0.29\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"i586\", reference:\"kernel-xenpae-2.6.16.60-0.29\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"i586\", reference:\"kernel-bigsmp-2.6.16.60-0.29\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"i586\", reference:\"kernel-debug-2.6.16.60-0.29\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"i586\", reference:\"kernel-default-2.6.16.60-0.29\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"i586\", reference:\"kernel-kdump-2.6.16.60-0.29\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"i586\", reference:\"kernel-smp-2.6.16.60-0.29\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"i586\", reference:\"kernel-source-2.6.16.60-0.29\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"i586\", reference:\"kernel-syms-2.6.16.60-0.29\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"i586\", reference:\"kernel-vmi-2.6.16.60-0.29\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"i586\", reference:\"kernel-vmipae-2.6.16.60-0.29\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"i586\", reference:\"kernel-xen-2.6.16.60-0.29\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"i586\", reference:\"kernel-xenpae-2.6.16.60-0.29\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-04T14:45:34", "description": "It was discovered that there were multiple NULL pointer function dereferences in the Linux kernel terminal handling code. A local attacker could exploit this to execute arbitrary code as root, or crash the system, leading to a denial of service. (CVE-2008-2812)\n\nThe do_change_type routine did not correctly validation administrative users. A local attacker could exploit this to block mount points or cause private mounts to be shared, leading to denial of service or a possible loss of privacy. (CVE-2008-2931)\n\nTobias Klein discovered that the OSS interface through ALSA did not correctly validate the device number. A local attacker could exploit this to access sensitive kernel memory, leading to a denial of service or a loss of privacy. (CVE-2008-3272)\n\nZoltan Sogor discovered that new directory entries could be added to already deleted directories. A local attacker could exploit this, filling up available memory and disk space, leading to a denial of service. (CVE-2008-3275)\n\nIn certain situations, the fix for CVE-2008-0598 from USN-623-1 was causing infinite loops in the writev syscall. This update corrects the mistake. We apologize for the inconvenience.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2008-08-26T00:00:00", "type": "nessus", "title": "Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : linux, linux-source-2.6.15/20/22 vulnerabilities (USN-637-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0598", "CVE-2008-2812", "CVE-2008-2931", "CVE-2008-3272", "CVE-2008-3275"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.15", "p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.20", "p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.22", "p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.24", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-386", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-686", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-k8", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-server", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-xeon", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-openvz", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-rt", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-server", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-ume", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-xen", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-686", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-k8", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-server", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-xeon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-cell", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpia", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpiacompat", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-openvz", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-rt", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-ume", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-xen", "p-cpe:/a:canonical:ubuntu_linux:linux-image-debug-2.6-386", "p-cpe:/a:canonical:ubuntu_linux:linux-image-debug-2.6-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-debug-2.6-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-debug-2.6-server", "p-cpe:/a:canonical:ubuntu_linux:linux-image-debug-2.6-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-kernel-devel", "p-cpe:/a:canonical:ubuntu_linux:linux-libc-dev", "p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.15", "p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.20", "p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.22", "p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.24", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts", "cpe:/o:canonical:ubuntu_linux:7.04", "cpe:/o:canonical:ubuntu_linux:7.10", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts"], "id": "UBUNTU_USN-637-1.NASL", "href": "https://www.tenable.com/plugins/nessus/34048", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-637-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(34048);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2008-0598\", \"CVE-2008-2812\", \"CVE-2008-2931\", \"CVE-2008-3272\", \"CVE-2008-3275\");\n script_bugtraq_id(30076, 30126, 30559, 30647);\n script_xref(name:\"USN\", value:\"637-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : linux, linux-source-2.6.15/20/22 vulnerabilities (USN-637-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that there were multiple NULL pointer function\ndereferences in the Linux kernel terminal handling code. A local\nattacker could exploit this to execute arbitrary code as root, or\ncrash the system, leading to a denial of service. (CVE-2008-2812)\n\nThe do_change_type routine did not correctly validation administrative\nusers. A local attacker could exploit this to block mount points or\ncause private mounts to be shared, leading to denial of service or a\npossible loss of privacy. (CVE-2008-2931)\n\nTobias Klein discovered that the OSS interface through ALSA did not\ncorrectly validate the device number. A local attacker could exploit\nthis to access sensitive kernel memory, leading to a denial of service\nor a loss of privacy. (CVE-2008-3272)\n\nZoltan Sogor discovered that new directory entries could be added to\nalready deleted directories. A local attacker could exploit this,\nfilling up available memory and disk space, leading to a denial of\nservice. (CVE-2008-3275)\n\nIn certain situations, the fix for CVE-2008-0598 from USN-623-1 was\ncausing infinite loops in the writev syscall. This update corrects the\nmistake. We apologize for the inconvenience.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/637-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 189, 200, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.15\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.20\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.22\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.24\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-k8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-xeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-openvz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-ume\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-k8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-xeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-cell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpia\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpiacompat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-openvz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-ume\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-debug-2.6-386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-debug-2.6-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-debug-2.6-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-debug-2.6-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-debug-2.6-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-libc-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.15\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.20\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.22\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.24\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/06/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/08/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/08/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2008-2021 Canonical, Inc. / NASL script (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(6\\.06|7\\.04|7\\.10|8\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 7.04 / 7.10 / 8.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2008-0598\", \"CVE-2008-2812\", \"CVE-2008-2931\", \"CVE-2008-3272\", \"CVE-2008-3275\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-637-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-doc-2.6.15\", pkgver:\"2.6.15-52.71\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-headers-2.6.15-52\", pkgver:\"2.6.15-52.71\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-headers-2.6.15-52-386\", pkgver:\"2.6.15-52.71\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-headers-2.6.15-52-686\", pkgver:\"2.6.15-52.71\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-headers-2.6.15-52-amd64-generic\", pkgver:\"2.6.15-52.71\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-headers-2.6.15-52-amd64-k8\", pkgver:\"2.6.15-52.71\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-headers-2.6.15-52-amd64-server\", pkgver:\"2.6.15-52.71\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-headers-2.6.15-52-amd64-xeon\", pkgver:\"2.6.15-52.71\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-headers-2.6.15-52-server\", pkgver:\"2.6.15-52.71\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-image-2.6.15-52-386\", pkgver:\"2.6.15-52.71\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-image-2.6.15-52-686\", pkgver:\"2.6.15-52.71\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-image-2.6.15-52-amd64-generic\", pkgver:\"2.6.15-52.71\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-image-2.6.15-52-amd64-k8\", pkgver:\"2.6.15-52.71\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-image-2.6.15-52-amd64-server\", pkgver:\"2.6.15-52.71\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-image-2.6.15-52-amd64-xeon\", pkgver:\"2.6.15-52.71\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-image-2.6.15-52-server\", pkgver:\"2.6.15-52.71\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-kernel-devel\", pkgver:\"2.6.15-52.71\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-source-2.6.15\", pkgver:\"2.6.15-52.71\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"linux-doc-2.6.20\", pkgver:\"2.6.20-17.39\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"linux-headers-2.6.20-17\", pkgver:\"2.6.20-17.39\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"linux-headers-2.6.20-17-386\", pkgver:\"2.6.20-17.39\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"linux-headers-2.6.20-17-generic\", pkgver:\"2.6.20-17.39\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"linux-headers-2.6.20-17-lowlatency\", pkgver:\"2.6.20-17.39\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"linux-headers-2.6.20-17-server\", pkgver:\"2.6.20-17.39\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"linux-image-2.6.20-17-386\", pkgver:\"2.6.20-17.39\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"linux-image-2.6.20-17-generic\", pkgver:\"2.6.20-17.39\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"linux-image-2.6.20-17-lowlatency\", pkgver:\"2.6.20-17.39\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"linux-image-2.6.20-17-server\", pkgver:\"2.6.20-17.39\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"linux-image-debug-2.6.20-17-386\", pkgver:\"2.6.20-17.39\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"linux-image-debug-2.6.20-17-generic\", pkgver:\"2.6.20-17.39\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"linux-image-debug-2.6.20-17-lowlatency\", pkgver:\"2.6.20-17.39\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"linux-image-debug-2.6.20-17-server\", pkgver:\"2.6.20-17.39\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"linux-kernel-devel\", pkgver:\"2.6.20-17.39\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"linux-libc-dev\", pkgver:\"2.6.20-17.39\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"linux-source-2.6.20\", pkgver:\"2.6.20-17.39\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-doc-2.6.22\", pkgver:\"2.6.22-15.58\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-headers-2.6.22-15\", pkgver:\"2.6.22-15.58\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-headers-2.6.22-15-386\", pkgver:\"2.6.22-15.58\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-headers-2.6.22-15-generic\", pkgver:\"2.6.22-15.58\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-headers-2.6.22-15-rt\", pkgver:\"2.6.22-15.58\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-headers-2.6.22-15-server\", pkgver:\"2.6.22-15.58\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-headers-2.6.22-15-ume\", pkgver:\"2.6.22-15.58\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-headers-2.6.22-15-virtual\", pkgver:\"2.6.22-15.58\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-headers-2.6.22-15-xen\", pkgver:\"2.6.22-15.58\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-image-2.6.22-15-386\", pkgver:\"2.6.22-15.58\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-image-2.6.22-15-cell\", pkgver:\"2.6.22-15.58\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-image-2.6.22-15-generic\", pkgver:\"2.6.22-15.58\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-image-2.6.22-15-lpia\", pkgver:\"2.6.22-15.58\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-image-2.6.22-15-lpiacompat\", pkgver:\"2.6.22-15.58\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-image-2.6.22-15-rt\", pkgver:\"2.6.22-15.58\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-image-2.6.22-15-server\", pkgver:\"2.6.22-15.58\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-image-2.6.22-15-ume\", pkgver:\"2.6.22-15.58\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-image-2.6.22-15-virtual\", pkgver:\"2.6.22-15.58\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-image-2.6.22-15-xen\", pkgver:\"2.6.22-15.58\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-image-debug-2.6.22-15-386\", pkgver:\"2.6.22-15.58\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-image-debug-2.6.22-15-generic\", pkgver:\"2.6.22-15.58\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-image-debug-2.6.22-15-server\", pkgver:\"2.6.22-15.58\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-image-debug-2.6.22-15-virtual\", pkgver:\"2.6.22-15.58\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-kernel-devel\", pkgver:\"2.6.22-15.58\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-libc-dev\", pkgver:\"2.6.22-15.58\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-source-2.6.22\", pkgver:\"2.6.22-15.58\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-doc-2.6.24\", pkgver:\"2.6.24-19.41\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-headers-2.6.24-19\", pkgver:\"2.6.24-19.41\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-headers-2.6.24-19-386\", pkgver:\"2.6.24-19.41\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-headers-2.6.24-19-generic\", pkgver:\"2.6.24-19.41\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-headers-2.6.24-19-openvz\", pkgver:\"2.6.24-19.41\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-headers-2.6.24-19-rt\", pkgver:\"2.6.24-19.41\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-headers-2.6.24-19-server\", pkgver:\"2.6.24-19.41\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-headers-2.6.24-19-virtual\", pkgver:\"2.6.24-19.41\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-headers-2.6.24-19-xen\", pkgver:\"2.6.24-19.41\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-19-386\", pkgver:\"2.6.24-19.41\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-19-generic\", pkgver:\"2.6.24-19.41\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-19-lpia\", pkgver:\"2.6.24-19.41\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-19-lpiacompat\", pkgver:\"2.6.24-19.41\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-19-openvz\", pkgver:\"2.6.24-19.41\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-19-rt\", pkgver:\"2.6.24-19.41\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-19-server\", pkgver:\"2.6.24-19.41\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-19-virtual\", pkgver:\"2.6.24-19.41\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-19-xen\", pkgver:\"2.6.24-19.41\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-debug-2.6.24-19-386\", pkgver:\"2.6.24-19.41\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-debug-2.6.24-19-generic\", pkgver:\"2.6.24-19.41\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-debug-2.6.24-19-server\", pkgver:\"2.6.24-19.41\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-debug-2.6.24-19-virtual\", pkgver:\"2.6.24-19.41\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-kernel-devel\", pkgver:\"2.6.24-19.41\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-libc-dev\", pkgver:\"2.6.24-19.41\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-source-2.6.24\", pkgver:\"2.6.24-19.41\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-doc-2.6.15 / linux-doc-2.6.20 / linux-doc-2.6.22 / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-06T16:20:08", "description": "This updated gfs-kmod is already in SL 5.5.\n\nA flaw was found in the gfs_lock() implementation. The GFS locking code could skip the lock operation for files that have the S_ISGID bit (set-group-ID on execution) in their mode set. A local, unprivileged user on a system that has a GFS file system mounted could use this flaw to cause a kernel panic. (CVE-2010-0727)\n\nThese updated gfs-kmod packages are in sync with the latest kernel (2.6.18-194.el5). The modules in earlier gfs-kmod packages failed to load because they did not match the running kernel. It was possible to force-load the modules. With this update, however, users no longer need to.\n\nThese updated gfs-kmod packages also fix the following bugs :\n\n - when SELinux was in permissive mode, a race condition during file creation could have caused one or more cluster nodes to be fenced and lock the remaining nodes out of the GFS file system. This race condition no longer occurs with this update. (BZ#471258)\n\n - when ACLs (Access Control Lists) are enabled on a GFS file system, if a transaction that has started to do a write request does not have enough spare blocks for the operation it causes a kernel panic. This update ensures that there are enough blocks for the write request before starting the operation. (BZ#513885)\n\n - requesting a 'flock' on a file in GFS in either read-only or read-write mode would sometimes cause a 'Resource temporarily unavailable' state error (error 11 for EWOULDBLOCK) to occur. In these cases, a flock could not be obtained on the file in question. This has been fixed with this update so that flocks can successfully be obtained on GFS files without this error occurring.\n (BZ#515717)\n\n - the GFS withdraw function is a data integrity feature of GFS file systems in a cluster. If the GFS kernel module detects an inconsistency in a GFS file system following an I/O operation, the file system becomes unavailable to the cluster. The GFS withdraw function is less severe than a kernel panic, which would cause another node to fence the node. With this update, you can override the GFS withdraw function by mounting the file system with the '-o errors=panic' option specified. When this option is specified, any errors that would normally cause the system to withdraw cause the system to panic instead.\n This stops the node's cluster communications, which causes the node to be fenced. (BZ#517145)\n\nFinally, these updated gfs-kmod packages provide the following enhancement :\n\n - the GFS kernel modules have been updated to use the new generic freeze and unfreeze ioctl interface that is also supported by the following file systems: ext3, ext4, GFS2, JFS and ReiserFS. With this update, GFS supports freeze/unfreeze through the VFS-level FIFREEZE/FITHAW ioctl interface. (BZ#487610)", "cvss3": {}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : gfs-kmod on SL 5.0-5.4 i386/x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0727"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20100330_GFS_KMOD_ON_SL_5_0.NASL", "href": "https://www.tenable.com/plugins/nessus/60768", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60768);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0727\");\n\n script_name(english:\"Scientific Linux Security Update : gfs-kmod on SL 5.0-5.4 i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This updated gfs-kmod is already in SL 5.5.\n\nA flaw was found in the gfs_lock() implementation. The GFS locking\ncode could skip the lock operation for files that have the S_ISGID bit\n(set-group-ID on execution) in their mode set. A local, unprivileged\nuser on a system that has a GFS file system mounted could use this\nflaw to cause a kernel panic. (CVE-2010-0727)\n\nThese updated gfs-kmod packages are in sync with the latest kernel\n(2.6.18-194.el5). The modules in earlier gfs-kmod packages failed to\nload because they did not match the running kernel. It was possible to\nforce-load the modules. With this update, however, users no longer\nneed to.\n\nThese updated gfs-kmod packages also fix the following bugs :\n\n - when SELinux was in permissive mode, a race condition\n during file creation could have caused one or more\n cluster nodes to be fenced and lock the remaining nodes\n out of the GFS file system. This race condition no\n longer occurs with this update. (BZ#471258)\n\n - when ACLs (Access Control Lists) are enabled on a GFS\n file system, if a transaction that has started to do a\n write request does not have enough spare blocks for the\n operation it causes a kernel panic. This update ensures\n that there are enough blocks for the write request\n before starting the operation. (BZ#513885)\n\n - requesting a 'flock' on a file in GFS in either\n read-only or read-write mode would sometimes cause a\n 'Resource temporarily unavailable' state error (error 11\n for EWOULDBLOCK) to occur. In these cases, a flock could\n not be obtained on the file in question. This has been\n fixed with this update so that flocks can successfully\n be obtained on GFS files without this error occurring.\n (BZ#515717)\n\n - the GFS withdraw function is a data integrity feature of\n GFS file systems in a cluster. If the GFS kernel module\n detects an inconsistency in a GFS file system following\n an I/O operation, the file system becomes unavailable to\n the cluster. The GFS withdraw function is less severe\n than a kernel panic, which would cause another node to\n fence the node. With this update, you can override the\n GFS withdraw function by mounting the file system with\n the '-o errors=panic' option specified. When this option\n is specified, any errors that would normally cause the\n system to withdraw cause the system to panic instead.\n This stops the node's cluster communications, which\n causes the node to be fenced. (BZ#517145)\n\nFinally, these updated gfs-kmod packages provide the following\nenhancement :\n\n - the GFS kernel modules have been updated to use the new\n generic freeze and unfreeze ioctl interface that is also\n supported by the following file systems: ext3, ext4,\n GFS2, JFS and ReiserFS. With this update, GFS supports\n freeze/unfreeze through the VFS-level FIFREEZE/FITHAW\n ioctl interface. (BZ#487610)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=471258\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=487610\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=513885\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=515717\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=517145\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1005&L=scientific-linux-errata&T=0&P=1546\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6312d736\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected kmod-gfs, kmod-gfs-PAE and / or kmod-gfs-xen\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/03/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/03/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"kmod-gfs-0.1.34-12.el5\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"i386\", reference:\"kmod-gfs-PAE-0.1.34-12.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kmod-gfs-xen-0.1.34-12.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-06T15:47:51", "description": "Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel :\n\nThe gfs2_lock function in the Linux kernel before 2.6.34-rc1-next-20100312, and the gfs_lock function in the Linux kernel on Red Hat Enterprise Linux (RHEL) 5 and 6, does not properly remove POSIX locks on files that are setgid without group-execute permission, which allows local users to cause a denial of service (BUG and system crash) by locking a file on a (1) GFS or (2) GFS2 filesystem, and then changing this file's permissions. (CVE-2010-0727)\n\nThe do_pages_move function in mm/migrate.c in the Linux kernel before 2.6.33-rc7 does not validate node values, which allows local users to read arbitrary kernel memory locations, cause a denial of service (OOPS), and possibly have unspecified other impact by specifying a node that is not part of the kernel's node set. (CVE-2010-0415)\n\ndrivers/net/e1000e/netdev.c in the e1000e driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to have an unspecified impact via crafted packets, a related issue to CVE-2009-4537. (CVE-2009-4538)\n\nThe load_elf_binary function in fs/binfmt_elf.c in the Linux kernel before 2.6.32.8 on the x86_64 platform does not ensure that the ELF interpreter is available before a call to the SET_PERSONALITY macro, which allows local users to cause a denial of service (system crash) via a 32-bit application that attempts to execute a 64-bit application and then triggers a segmentation fault, as demonstrated by amd64_killer, related to the flush_old_exec function. (CVE-2010-0307)\n\nAditionally, it was added support for some backlight models used in Samsung laptops and fixes to detect Saitek X52 joysticks.\n\nTo update your kernel, please follow the directions located at :\n\nhttp://www.mandriva.com/en/security/kernelupdate", "cvss3": {}, "published": "2010-07-30T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : kernel (MDVSA-2010:066)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-4537", "CVE-2009-4538", "CVE-2010-0307", "CVE-2010-0415", "CVE-2010-0727"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:lzma-kernel-desktop586-latest", "p-cpe:/a:mandriva:linux:lzma-kernel-server-latest", "p-cpe:/a:mandriva:linux:madwifi-kernel-2.6.31.12-desktop-2mnb", "p-cpe:/a:mandriva:linux:madwifi-kernel-2.6.31.12-desktop586-2mnb", "p-cpe:/a:mandriva:linux:madwifi-kernel-2.6.31.12-server-2mnb", "p-cpe:/a:mandriva:linux:madwifi-kernel-desktop-latest", "p-cpe:/a:mandriva:linux:madwifi-kernel-desktop586-latest", "p-cpe:/a:mandriva:linux:madwifi-kernel-server-latest", "p-cpe:/a:mandriva:linux:nvidia-current-kernel-2.6.31.12-desktop-2mnb", "p-cpe:/a:mandriva:linux:nvidia-current-kernel-2.6.31.12-desktop586-2mnb", "p-cpe:/a:mandriva:linux:nvidia-current-kernel-2.6.31.12-server-2mnb", "p-cpe:/a:mandriva:linux:nvidia-current-kernel-desktop-latest", "p-cpe:/a:mandriva:linux:nvidia-current-kernel-desktop586-latest", "p-cpe:/a:mandriva:linux:broadcom-wl-kernel-2.6.31.12-desktop-2mnb", "p-cpe:/a:mandriva:linux:broadcom-wl-kernel-2.6.31.12-desktop586-2mnb", "p-cpe:/a:mandriva:linux:broadcom-wl-kernel-2.6.31.12-server-2mnb", "p-cpe:/a:mandriva:linux:broadcom-wl-kernel-desktop-latest", "p-cpe:/a:mandriva:linux:broadcom-wl-kernel-desktop586-latest", "p-cpe:/a:mandriva:linux:broadcom-wl-kernel-server-latest", "p-cpe:/a:mandriva:linux:em8300-kernel-2.6.31.12-desktop-2mnb", "p-cpe:/a:mandriva:linux:em8300-kernel-2.6.31.12-desktop586-2mnb", "p-cpe:/a:mandriva:linux:em8300-kernel-2.6.31.12-server-2mnb", "p-cpe:/a:mandriva:linux:em8300-kernel-desktop-latest", "p-cpe:/a:mandriva:linux:em8300-kernel-desktop586-latest", "p-cpe:/a:mandriva:linux:em8300-kernel-server-latest", "p-cpe:/a:mandriva:linux:fglrx-kernel-2.6.31.12-desktop-2mnb", "p-cpe:/a:mandriva:linux:fglrx-kernel-2.6.31.12-desktop586-2mnb", "p-cpe:/a:mandriva:linux:fglrx-kernel-2.6.31.12-server-2mnb", "p-cpe:/a:mandriva:linux:fglrx-kernel-desktop-latest", "p-cpe:/a:mandriva:linux:fglrx-kernel-desktop586-latest", "p-cpe:/a:mandriva:linux:fglrx-kernel-server-latest", "p-cpe:/a:mandriva:linux:hcfpcimodem-kernel-2.6.31.12-desktop-2mnb", "p-cpe:/a:mandriva:linux:hcfpcimodem-kernel-2.6.31.12-desktop586-2mnb", "p-cpe:/a:mandriva:linux:hcfpcimodem-kernel-2.6.31.12-server-2mnb", "p-cpe:/a:mandriva:linux:hcfpcimodem-kernel-desktop-latest", "p-cpe:/a:mandriva:linux:hcfpcimodem-kernel-desktop586-latest", "p-cpe:/a:mandriva:linux:hcfpcimodem-kernel-server-latest", "p-cpe:/a:mandriva:linux:hsfmodem-kernel-2.6.31.12-desktop-2mnb", "p-cpe:/a:mandriva:linux:hsfmodem-kernel-2.6.31.12-desktop586-2mnb", "p-cpe:/a:mandriva:linux:hsfmodem-kernel-2.6.31.12-server-2mnb", "p-cpe:/a:mandriva:linux:hsfmodem-kernel-desktop-latest", "p-cpe:/a:mandriva:linux:hsfmodem-kernel-desktop586-latest", "p-cpe:/a:mandriva:linux:hsfmodem-kernel-server-latest", "p-cpe:/a:mandriva:linux:kernel-2.6.31.12-2mnb", "p-cpe:/a:mandriva:linux:kernel-desktop-2.6.31.12-2mnb", "p-cpe:/a:mandriva:linux:kernel-desktop-devel-2.6.31.12-2mnb", "p-cpe:/a:mandriva:linux:kernel-desktop-devel-latest", "p-cpe:/a:mandriva:linux:kernel-desktop-latest", "p-cpe:/a:mandriva:linux:kernel-desktop586-2.6.31.12-2mnb", "p-cpe:/a:mandriva:linux:kernel-desktop586-devel-2.6.31.12-2mnb", "p-cpe:/a:mandriva:linux:kernel-desktop586-devel-latest", "p-cpe:/a:mandriva:linux:kernel-desktop586-latest", "p-cpe:/a:mandriva:linux:kernel-doc", "p-cpe:/a:mandriva:linux:kernel-server-2.6.31.12-2mnb", "p-cpe:/a:mandriva:linux:kernel-server-devel-2.6.31.12-2mnb", "p-cpe:/a:mandriva:linux:kernel-server-devel-latest", "p-cpe:/a:mandriva:linux:kernel-server-latest", "p-cpe:/a:mandriva:linux:kernel-source-2.6.31.12-2mnb", "p-cpe:/a:mandriva:linux:kernel-source-latest", "p-cpe:/a:mandriva:linux:libafs-kernel-2.6.31.12-desktop-2mnb", "p-cpe:/a:mandriva:linux:libafs-kernel-2.6.31.12-desktop586-2mnb", "p-cpe:/a:mandriva:linux:nvidia-current-kernel-server-latest", "p-cpe:/a:mandriva:linux:nvidia173-kernel-2.6.31.12-desktop-2mnb", "p-cpe:/a:mandriva:linux:nvidia173-kernel-2.6.31.12-desktop586-2mnb", "p-cpe:/a:mandriva:linux:nvidia173-kernel-2.6.31.12-server-2mnb", "p-cpe:/a:mandriva:linux:nvidia173-kernel-desktop-latest", "p-cpe:/a:mandriva:linux:nvidia173-kernel-desktop586-latest", "p-cpe:/a:mandriva:linux:nvidia173-kernel-server-latest", "p-cpe:/a:mandriva:linux:nvidia96xx-kernel-2.6.31.12-desktop-2mnb", "p-cpe:/a:mandriva:linux:nvidia96xx-kernel-2.6.31.12-desktop586-2mnb", "p-cpe:/a:mandriva:linux:nvidia96xx-kernel-2.6.31.12-server-2mnb", "p-cpe:/a:mandriva:linux:nvidia96xx-kernel-desktop-latest", "p-cpe:/a:mandriva:linux:nvidia96xx-kernel-desktop586-latest", "p-cpe:/a:mandriva:linux:nvidia96xx-kernel-server-latest", "p-cpe:/a:mandriva:linux:slmodem-kernel-2.6.31.12-desktop-2mnb", "p-cpe:/a:mandriva:linux:slmodem-kernel-2.6.31.12-desktop586-2mnb", "p-cpe:/a:mandriva:linux:slmodem-kernel-2.6.31.12-server-2mnb", "p-cpe:/a:mandriva:linux:slmodem-kernel-desktop-latest", "p-cpe:/a:mandriva:linux:slmodem-kernel-desktop586-latest", "p-cpe:/a:mandriva:linux:slmodem-kernel-server-latest", "p-cpe:/a:mandriva:linux:squashfs-lzma-kernel-2.6.31.12-desktop-2mnb", "p-cpe:/a:mandriva:linux:squashfs-lzma-kernel-2.6.31.12-desktop586-2mnb", "p-cpe:/a:mandriva:linux:squashfs-lzma-kernel-2.6.31.12-server-2mnb", "p-cpe:/a:mandriva:linux:squashfs-lzma-kernel-desktop-latest", "p-cpe:/a:mandriva:linux:squashfs-lzma-kernel-desktop586-latest", "p-cpe:/a:mandriva:linux:squashfs-lzma-kernel-server-latest", "p-cpe:/a:mandriva:linux:vboxadditions-kernel-2.6.31.12-desktop-2mnb", "p-cpe:/a:mandriva:linux:vboxadditions-kernel-2.6.31.12-desktop586-2mnb", "p-cpe:/a:mandriva:linux:vboxadditions-kernel-2.6.31.12-server-2mnb", "p-cpe:/a:mandriva:linux:vboxadditions-kernel-desktop-latest", "p-cpe:/a:mandriva:linux:vboxadditions-kernel-desktop586-latest", "p-cpe:/a:mandriva:linux:vboxadditions-kernel-server-latest", "p-cpe:/a:mandriva:linux:virtualbox-kernel-2.6.31.12-desktop-2mnb", "p-cpe:/a:mandriva:linux:virtualbox-kernel-2.6.31.12-desktop586-2mnb", "p-cpe:/a:mandriva:linux:virtualbox-kernel-2.6.31.12-server-2mnb", "p-cpe:/a:mandriva:linux:virtualbox-kernel-desktop-latest", "p-cpe:/a:mandriva:linux:virtualbox-kernel-desktop586-latest", "p-cpe:/a:mandriva:linux:virtualbox-kernel-server-latest", "p-cpe:/a:mandriva:linux:vpnclient-kernel-2.6.31.12-desktop-2mnb", "p-cpe:/a:mandriva:linux:vpnclient-kernel-2.6.31.12-desktop586-2mnb", "p-cpe:/a:mandriva:linux:vpnclient-kernel-2.6.31.12-server-2mnb", "p-cpe:/a:mandriva:linux:vpnclient-kernel-desktop-latest", "p-cpe:/a:mandriva:linux:vpnclient-kernel-desktop586-latest", "p-cpe:/a:mandriva:linux:vpnclient-kernel-server-latest", "p-cpe:/a:mandriva:linux:libafs-kernel-2.6.31.12-server-2mnb", "p-cpe:/a:mandriva:linux:libafs-kernel-desktop-latest", "p-cpe:/a:mandriva:linux:libafs-kernel-desktop586-latest", "p-cpe:/a:mandriva:linux:libafs-kernel-server-latest", "p-cpe:/a:mandriva:linux:lirc-kernel-2.6.31.12-desktop-2mnb", "p-cpe:/a:mandriva:linux:lirc-kernel-2.6.31.12-desktop586-2mnb", "p-cpe:/a:mandriva:linux:lirc-kernel-2.6.31.12-server-2mnb", "p-cpe:/a:mandriva:linux:lirc-kernel-desktop-latest", "p-cpe:/a:mandriva:linux:lirc-kernel-desktop586-latest", "p-cpe:/a:mandriva:linux:lirc-kernel-server-latest", "p-cpe:/a:mandriva:linux:lzma-kernel-2.6.31.12-desktop-2mnb", "p-cpe:/a:mandriva:linux:lzma-kernel-2.6.31.12-desktop586-2mnb", "p-cpe:/a:mandriva:linux:lzma-kernel-2.6.31.12-server-2mnb", "p-cpe:/a:mandriva:linux:lzma-kernel-desktop-latest", "cpe:/o:mandriva:linux:2010.0"], "id": "MANDRIVA_MDVSA-2010-066.NASL", "href": "https://www.tenable.com/plugins/nessus/48176", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2010:066. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48176);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-4538\", \"CVE-2010-0307\", \"CVE-2010-0415\", \"CVE-2010-0727\");\n script_bugtraq_id(37523, 38027, 38144);\n script_xref(name:\"MDVSA\", value:\"2010:066\");\n\n script_name(english:\"Mandriva Linux Security Advisory : kernel (MDVSA-2010:066)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Some vulnerabilities were discovered and corrected in the Linux 2.6\nkernel :\n\nThe gfs2_lock function in the Linux kernel before\n2.6.34-rc1-next-20100312, and the gfs_lock function in the Linux\nkernel on Red Hat Enterprise Linux (RHEL) 5 and 6, does not properly\nremove POSIX locks on files that are setgid without group-execute\npermission, which allows local users to cause a denial of service (BUG\nand system crash) by locking a file on a (1) GFS or (2) GFS2\nfilesystem, and then changing this file's permissions. (CVE-2010-0727)\n\nThe do_pages_move function in mm/migrate.c in the Linux kernel before\n2.6.33-rc7 does not validate node values, which allows local users to\nread arbitrary kernel memory locations, cause a denial of service\n(OOPS), and possibly have unspecified other impact by specifying a\nnode that is not part of the kernel's node set. (CVE-2010-0415)\n\ndrivers/net/e1000e/netdev.c in the e1000e driver in the Linux kernel\n2.6.32.3 and earlier does not properly check the size of an Ethernet\nframe that exceeds the MTU, which allows remote attackers to have an\nunspecified impact via crafted packets, a related issue to\nCVE-2009-4537. (CVE-2009-4538)\n\nThe load_elf_binary function in fs/binfmt_elf.c in the Linux kernel\nbefore 2.6.32.8 on the x86_64 platform does not ensure that the ELF\ninterpreter is available before a call to the SET_PERSONALITY macro,\nwhich allows local users to cause a denial of service (system crash)\nvia a 32-bit application that attempts to execute a 64-bit application\nand then triggers a segmentation fault, as demonstrated by\namd64_killer, related to the flush_old_exec function. (CVE-2010-0307)\n\nAditionally, it was added support for some backlight models used in\nSamsung laptops and fixes to detect Saitek X52 joysticks.\n\nTo update your kernel, please follow the directions located at :\n\nhttp://www.mandriva.com/en/security/kernelupdate\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:broadcom-wl-kernel-2.6.31.12-desktop-2mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:broadcom-wl-kernel-2.6.31.12-desktop586-2mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:broadcom-wl-kernel-2.6.31.12-server-2mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:broadcom-wl-kernel-desktop-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:broadcom-wl-kernel-desktop586-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:broadcom-wl-kernel-server-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:em8300-kernel-2.6.31.12-desktop-2mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:em8300-kernel-2.6.31.12-desktop586-2mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:em8300-kernel-2.6.31.12-server-2mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:em8300-kernel-desktop-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:em8300-kernel-desktop586-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:em8300-kernel-server-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:fglrx-kernel-2.6.31.12-desktop-2mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:fglrx-kernel-2.6.31.12-desktop586-2mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:fglrx-kernel-2.6.31.12-server-2mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:fglrx-kernel-desktop-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:fglrx-kernel-desktop586-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:fglrx-kernel-server-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:hcfpcimodem-kernel-2.6.31.12-desktop-2mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:hcfpcimodem-kernel-2.6.31.12-desktop586-2mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:hcfpcimodem-kernel-2.6.31.12-server-2mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:hcfpcimodem-kernel-desktop-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:hcfpcimodem-kernel-desktop586-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:hcfpcimodem-kernel-server-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:hsfmodem-kernel-2.6.31.12-desktop-2mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:hsfmodem-kernel-2.6.31.12-desktop586-2mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:hsfmodem-kernel-2.6.31.12-server-2mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:hsfmodem-kernel-desktop-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:hsfmodem-kernel-desktop586-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:hsfmodem-kernel-server-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-2.6.31.12-2mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-desktop-2.6.31.12-2mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-desktop-devel-2.6.31.12-2mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-desktop-devel-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-desktop-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-desktop586-2.6.31.12-2mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-desktop586-devel-2.6.31.12-2mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-desktop586-devel-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-desktop586-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-server-2.6.31.12-2mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-server-devel-2.6.31.12-2mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-server-devel-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-server-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-source-2.6.31.12-2mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-source-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libafs-kernel-2.6.31.12-desktop-2mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libafs-kernel-2.6.31.12-desktop586-2mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libafs-kernel-2.6.31.12-server-2mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libafs-kernel-desktop-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libafs-kernel-desktop586-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libafs-kernel-server-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lirc-kernel-2.6.31.12-desktop-2mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lirc-kernel-2.6.31.12-desktop586-2mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lirc-kernel-2.6.31.12-server-2mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lirc-kernel-desktop-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lirc-kernel-desktop586-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lirc-kernel-server-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lzma-kernel-2.6.31.12-desktop-2mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lzma-kernel-2.6.31.12-desktop586-2mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lzma-kernel-2.6.31.12-server-2mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lzma-kernel-desktop-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lzma-kernel-desktop586-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lzma-kernel-server-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:madwifi-kernel-2.6.31.12-desktop-2mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:madwifi-kernel-2.6.31.12-desktop586-2mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:madwifi-kernel-2.6.31.12-server-2mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:madwifi-kernel-desktop-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:madwifi-kernel-desktop586-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:madwifi-kernel-server-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nvidia-current-kernel-2.6.31.12-desktop-2mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nvidia-current-kernel-2.6.31.12-desktop586-2mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nvidia-current-kernel-2.6.31.12-server-2mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nvidia-current-kernel-desktop-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nvidia-current-kernel-desktop586-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nvidia-current-kernel-server-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nvidia173-kernel-2.6.31.12-desktop-2mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nvidia173-kernel-2.6.31.12-desktop586-2mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nvidia173-kernel-2.6.31.12-server-2mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nvidia173-kernel-desktop-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nvidia173-kernel-desktop586-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nvidia173-kernel-server-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nvidia96xx-kernel-2.6.31.12-desktop-2mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nvidia96xx-kernel-2.6.31.12-desktop586-2mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nvidia96xx-kernel-2.6.31.12-server-2mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nvidia96xx-kernel-desktop-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nvidia96xx-kernel-desktop586-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nvidia96xx-kernel-server-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:slmodem-kernel-2.6.31.12-desktop-2mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:slmodem-kernel-2.6.31.12-desktop586-2mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:slmodem-kernel-2.6.31.12-server-2mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:slmodem-kernel-desktop-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:slmodem-kernel-desktop586-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:slmodem-kernel-server-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:squashfs-lzma-kernel-2.6.31.12-desktop-2mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:squashfs-lzma-kernel-2.6.31.12-desktop586-2mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:squashfs-lzma-kernel-2.6.31.12-server-2mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:squashfs-lzma-kernel-desktop-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:squashfs-lzma-kernel-desktop586-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:squashfs-lzma-kernel-server-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vboxadditions-kernel-2.6.31.12-desktop-2mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vboxadditions-kernel-2.6.31.12-desktop586-2mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vboxadditions-kernel-2.6.31.12-server-2mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vboxadditions-kernel-desktop-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vboxadditions-kernel-desktop586-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vboxadditions-kernel-server-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:virtualbox-kernel-2.6.31.12-desktop-2mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:virtualbox-kernel-2.6.31.12-desktop586-2mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:virtualbox-kernel-2.6.31.12-server-2mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:virtualbox-kernel-desktop-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:virtualbox-kernel-desktop586-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:virtualbox-kernel-server-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vpnclient-kernel-2.6.31.12-desktop-2mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vpnclient-kernel-2.6.31.12-desktop586-2mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vpnclient-kernel-2.6.31.12-server-2mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vpnclient-kernel-desktop-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vpnclient-kernel-desktop586-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vpnclient-kernel-server-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/03/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2010.0\", reference:\"broadcom-wl-kernel-2.6.31.12-desktop-2mnb-5.10.91.9-2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"broadcom-wl-kernel-2.6.31.12-desktop586-2mnb-5.10.91.9-2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"broadcom-wl-kernel-2.6.31.12-server-2mnb-5.10.91.9-2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"broadcom-wl-kernel-desktop-latest-5.10.91.9-1.20100322.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"broadcom-wl-kernel-desktop586-latest-5.10.91.9-1.20100322.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"broadcom-wl-kernel-server-latest-5.10.91.9-1.20100322.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"em8300-kernel-2.6.31.12-desktop-2mnb-0.17.4-1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"em8300-kernel-2.6.31.12-desktop586-2mnb-0.17.4-1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"em8300-kernel-2.6.31.12-server-2mnb-0.17.4-1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"em8300-kernel-desktop-latest-0.17.4-1.20100322.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"em8300-kernel-desktop586-latest-0.17.4-1.20100322.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"em8300-kernel-server-latest-0.17.4-1.20100322.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"fglrx-kernel-2.6.31.12-desktop-2mnb-8.650-1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"fglrx-kernel-2.6.31.12-desktop586-2mnb-8.650-1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"fglrx-kernel-2.6.31.12-server-2mnb-8.650-1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"fglrx-kernel-desktop-latest-8.650-1.20100322.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"fglrx-kernel-desktop586-latest-8.650-1.20100322.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"fglrx-kernel-server-latest-8.650-1.20100322.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"hcfpcimodem-kernel-2.6.31.12-desktop-2mnb-1.19-1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"hcfpcimodem-kernel-2.6.31.12-desktop586-2mnb-1.19-1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"hcfpcimodem-kernel-2.6.31.12-server-2mnb-1.19-1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"hcfpcimodem-kernel-desktop-latest-1.19-1.20100322.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"hcfpcimodem-kernel-desktop586-latest-1.19-1.20100322.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"hcfpcimodem-kernel-server-latest-1.19-1.20100322.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"hsfmodem-kernel-2.6.31.12-desktop-2mnb-7.80.02.05-1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"hsfmodem-kernel-2.6.31.12-desktop586-2mnb-7.80.02.05-1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"hsfmodem-kernel-2.6.31.12-server-2mnb-7.80.02.05-1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"hsfmodem-kernel-desktop-latest-7.80.02.05-1.20100322.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"hsfmodem-kernel-desktop586-latest-7.80.02.05-1.20100322.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"hsfmodem-kernel-server-latest-7.80.02.05-1.20100322.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"kernel-2.6.31.12-2mnb-1-1mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"kernel-desktop-2.6.31.12-2mnb-1-1mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"kernel-desktop-devel-2.6.31.12-2mnb-1-1mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"kernel-desktop-devel-latest-2.6.31.12-2mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"kernel-desktop-latest-2.6.31.12-2mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"kernel-desktop586-2.6.31.12-2mnb-1-1mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"kernel-desktop586-devel-2.6.31.12-2mnb-1-1mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"kernel-desktop586-devel-latest-2.6.31.12-2mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"kernel-desktop586-latest-2.6.31.12-2mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"kernel-doc-2.6.31.12-2mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"kernel-server-2.6.31.12-2mnb-1-1mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"kernel-server-devel-2.6.31.12-2mnb-1-1mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"kernel-server-devel-latest-2.6.31.12-2mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"kernel-server-latest-2.6.31.12-2mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"kernel-source-2.6.31.12-2mnb-1-1mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"kernel-source-latest-2.6.31.12-2mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"libafs-kernel-2.6.31.12-desktop-2mnb-1.4.11-2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libafs-kernel-2.6.31.12-desktop586-2mnb-1.4.11-2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"libafs-kernel-2.6.31.12-server-2mnb-1.4.11-2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"libafs-kernel-desktop-latest-1.4.11-1.20100322.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libafs-kernel-desktop586-latest-1.4.11-1.20100322.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"libafs-kernel-server-latest-1.4.11-1.20100322.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"lirc-kernel-2.6.31.12-desktop-2mnb-0.8.6-2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"lirc-kernel-2.6.31.12-desktop586-2mnb-0.8.6-2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"lirc-kernel-2.6.31.12-server-2mnb-0.8.6-2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"lirc-kernel-desktop-latest-0.8.6-1.20100322.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"lirc-kernel-desktop586-latest-0.8.6-1.20100322.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"lirc-kernel-server-latest-0.8.6-1.20100322.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"lzma-kernel-2.6.31.12-desktop-2mnb-4.43-28mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"lzma-kernel-2.6.31.12-desktop586-2mnb-4.43-28mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"lzma-kernel-2.6.31.12-server-2mnb-4.43-28mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"lzma-kernel-desktop-latest-4.43-1.20100322.28mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"lzma-kernel-desktop586-latest-4.43-1.20100322.28mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"lzma-kernel-server-latest-4.43-1.20100322.28mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"madwifi-kernel-2.6.31.12-desktop-2mnb-0.9.4-4.r4068mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"madwifi-kernel-2.6.31.12-desktop586-2mnb-0.9.4-4.r4068mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"madwifi-kernel-2.6.31.12-server-2mnb-0.9.4-4.r4068mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"madwifi-kernel-desktop-latest-0.9.4-1.20100322.4.r4068mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"madwifi-kernel-desktop586-latest-0.9.4-1.20100322.4.r4068mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"madwifi-kernel-server-latest-0.9.4-1.20100322.4.r4068mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"nvidia-current-kernel-2.6.31.12-desktop-2mnb-185.18.36-4mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"nvidia-current-kernel-2.6.31.12-desktop586-2mnb-185.18.36-4mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"nvidia-current-kernel-2.6.31.12-server-2mnb-185.18.36-4mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"nvidia-current-kernel-desktop-latest-185.18.36-1.20100322.4mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"nvidia-current-kernel-desktop586-latest-185.18.36-1.20100322.4mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"nvidia-current-kernel-server-latest-185.18.36-1.20100322.4mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"nvidia173-kernel-2.6.31.12-desktop-2mnb-173.14.20-7mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"nvidia173-kernel-2.6.31.12-desktop586-2mnb-173.14.20-7mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"nvidia173-kernel-2.6.31.12-server-2mnb-173.14.20-7mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"nvidia173-kernel-desktop-latest-173.14.20-1.20100322.7mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"nvidia173-kernel-desktop586-latest-173.14.20-1.20100322.7mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"nvidia173-kernel-server-latest-173.14.20-1.20100322.7mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"nvidia96xx-kernel-2.6.31.12-desktop-2mnb-96.43.13-7mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"nvidia96xx-kernel-2.6.31.12-desktop586-2mnb-96.43.13-7mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"nvidia96xx-kernel-2.6.31.12-server-2mnb-96.43.13-7mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"nvidia96xx-kernel-desktop-latest-96.43.13-1.20100322.7mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"nvidia96xx-kernel-desktop586-latest-96.43.13-1.20100322.7mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"nvidia96xx-kernel-server-latest-96.43.13-1.20100322.7mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"slmodem-kernel-2.6.31.12-desktop-2mnb-2.9.11-0.20080817.4.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"slmodem-kernel-2.6.31.12-desktop586-2mnb-2.9.11-0.20080817.4.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"slmodem-kernel-2.6.31.12-server-2mnb-2.9.11-0.20080817.4.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"slmodem-kernel-desktop-latest-2.9.11-1.20100322.0.20080817.4.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"slmodem-kernel-desktop586-latest-2.9.11-1.20100322.0.20080817.4.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"slmodem-kernel-server-latest-2.9.11-1.20100322.0.20080817.4.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"squashfs-lzma-kernel-2.6.31.12-desktop-2mnb-3.3-11mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"squashfs-lzma-kernel-2.6.31.12-desktop586-2mnb-3.3-11mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"squashfs-lzma-kernel-2.6.31.12-server-2mnb-3.3-11mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"squashfs-lzma-kernel-desktop-latest-3.3-1.20100322.11mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"squashfs-lzma-kernel-desktop586-latest-3.3-1.20100322.11mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"squashfs-lzma-kernel-server-latest-3.3-1.20100322.11mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"vboxadditions-kernel-2.6.31.12-desktop-2mnb-3.0.8-1.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"vboxadditions-kernel-2.6.31.12-desktop586-2mnb-3.0.8-1.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"vboxadditions-kernel-2.6.31.12-server-2mnb-3.0.8-1.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"vboxadditions-kernel-desktop-latest-3.0.8-1.20100322.1.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"vboxadditions-kernel-desktop586-latest-3.0.8-1.20100322.1.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"vboxadditions-kernel-server-latest-3.0.8-1.20100322.1.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"virtualbox-kernel-2.6.31.12-desktop-2mnb-3.0.8-1.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"virtualbox-kernel-2.6.31.12-desktop586-2mnb-3.0.8-1.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"virtualbox-kernel-2.6.31.12-server-2mnb-3.0.8-1.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"virtualbox-kernel-desktop-latest-3.0.8-1.20100322.1.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"virtualbox-kernel-desktop586-latest-3.0.8-1.20100322.1.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"virtualbox-kernel-server-latest-3.0.8-1.20100322.1.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"vpnclient-kernel-2.6.31.12-desktop-2mnb-4.8.02.0030-1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"vpnclient-kernel-2.6.31.12-desktop586-2mnb-4.8.02.0030-1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"vpnclient-kernel-2.6.31.12-server-2mnb-4.8.02.0030-1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"vpnclient-kernel-desktop-latest-4.8.02.0030-1.20100322.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"vpnclient-kernel-desktop586-latest-4.8.02.0030-1.20100322.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"vpnclient-kernel-server-latest-4.8.02.0030-1.20100322.1mdv2010.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-10T16:42:23", "description": "The remote Oracle Linux 5 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2010-0291 advisory.\n\n - The gfs2_lock function in the Linux kernel before 2.6.34-rc1-next-20100312, and the gfs_lock function in the Linux kernel on Red Hat Enterprise Linux (RHEL) 5 and 6, does not properly remove POSIX locks on files that are setgid without group-execute permission, which allows local users to cause a denial of service (BUG and system crash) by locking a file on a (1) GFS or (2) GFS2 filesystem, and then changing this file's permissions. (CVE-2010-0727)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-09-07T00:00:00", "type": "nessus", "title": "Oracle Linux 5 : gfs-kmod (ELSA-2010-0291)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0727"], "modified": "2023-09-07T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:kmod-gfs-pae", "p-cpe:/a:oracle:linux:kmod-gfs-xen", "cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:kmod-gfs"], "id": "ORACLELINUX_ELSA-2010-0291.NASL", "href": "https://www.tenable.com/plugins/nessus/181112", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2010-0291.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(181112);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/09/07\");\n\n script_cve_id(\"CVE-2010-0727\");\n\n script_name(english:\"Oracle Linux 5 : gfs-kmod (ELSA-2010-0291)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 5 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2010-0291 advisory.\n\n - The gfs2_lock function in the Linux kernel before 2.6.34-rc1-next-20100312, and the gfs_lock function in\n the Linux kernel on Red Hat Enterprise Linux (RHEL) 5 and 6, does not properly remove POSIX locks on files\n that are setgid without group-execute permission, which allows local users to cause a denial of service\n (BUG and system crash) by locking a file on a (1) GFS or (2) GFS2 filesystem, and then changing this\n file's permissions. (CVE-2010-0727)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2010-0291.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kmod-gfs, kmod-gfs-PAE and / or kmod-gfs-xen packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2010-0727\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/03/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/04/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/09/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kmod-gfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kmod-gfs-PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kmod-gfs-xen\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(os_release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:os_release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 5', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar pkgs = [\n {'reference':'kmod-gfs-0.1.34-12.el5', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kmod-gfs-PAE-0.1.34-12.el5', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kmod-gfs-xen-0.1.34-12.el5', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kmod-gfs-0.1.34-12.el5', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kmod-gfs-xen-0.1.34-12.el5', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release) {\n if (exists_check) {\n if (rpm_exists(release:_release, rpm:exists_check) && rpm_check(release:_release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kmod-gfs / kmod-gfs-PAE / kmod-gfs-xen');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-06T15:42:19", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2009-4537 Fabian Yamaguchi reported a missing check for Ethernet frames larger than the MTU in the r8169 driver. This may allow users on the local network to crash a system, resulting in a denial of service.\n\n - CVE-2010-0727 Sachin Prabhu reported an issue in the GFS2 filesystem.\n Local users can trigger a BUG() altering the permissions on a locked file, resulting in a denial of service.\n\n - CVE-2010-1083 Linus Torvalds reported an issue in the USB subsystem, which may allow local users to obtain portions of sensitive kernel memory.\n\n - CVE-2010-1084 Neil Brown reported an issue in the Bluetooth subsystem that may permit remote attackers to overwrite memory through the creation of large numbers of sockets, resulting in a denial of service.\n\n - CVE-2010-1086 Ang Way Chuang reported an issue in the DVB subsystem for Digital TV adapters. By creating a specially-encoded MPEG2-TS frame, a remote attacker could cause the receiver to enter an endless loop, resulting in a denial of service.\n\n - CVE-2010-1087 Trond Myklebust reported an issue in the NFS filesystem.\n A local user may cause an oops by sending a fatal signal during a file truncation operation, resulting in a denial of service.\n\n - CVE-2010-1088 Al Viro reported an issue where automount symlinks may not be followed when LOOKUP_FOLLOW is not set. This has an unknown security impact.\n\n - CVE-2010-1162 Catalin Marinas reported an issue in the tty subsystem that allows local attackers to cause a kernel memory leak, possibly resulting in a denial of service.\n\n - CVE-2010-1173 Chris Guo from Nokia China and Jukka Taimisto and Olli Jarva from Codenomicon Ltd reported an issue in the SCTP subsystem that allows a remote attacker to cause a denial of service using a malformed init package.\n\n - CVE-2010-1187 Neil Hormon reported an issue in the TIPC subsystem.\n Local users can cause a denial of service by way of a NULL pointer dereference by sending datagrams through AF_TIPC before entering network mode.\n\n - CVE-2010-1437 Toshiyuki Okajima reported a race condition in the keyring subsystem. Local users can cause memory corruption via keyctl commands that access a keyring in the process of being deleted, resulting in a denial of service.\n\n - CVE-2010-1446 Wufei reported an issue with kgdb on the PowerPC architecture, allowing local users to write to kernel memory. Note: this issue does not affect binary kernels provided by Debian. The fix is provided for the benefit of users who build their own kernels from Debian source.\n\n - CVE-2010-1451 Brad Spengler reported an issue on the SPARC architecture that allows local users to execute non-executable pages.\n\nThis update also includes fixes a regression introduced by a previous update. See the referenced Debian bug page for details.", "cvss3": {}, "published": "2010-05-26T00:00:00", "type": "nessus", "title": "Debian DSA-2053-1 : linux-2.6 - privilege escalation/denial of service/information leak", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-4537", "CVE-2010-0727", "CVE-2010-1083", "CVE-2010-1084", "CVE-2010-1086", "CVE-2010-1087", "CVE-2010-1088", "CVE-2010-1162", "CVE-2010-1173", "CVE-2010-1187", "CVE-2010-1437", "CVE-2010-1446", "CVE-2010-1451"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:linux-2.6", "cpe:/o:debian:debian_linux:5.0"], "id": "DEBIAN_DSA-2053.NASL", "href": "https://www.tenable.com/plugins/nessus/46725", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2053. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(46725);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2009-4537\", \"CVE-2010-0727\", \"CVE-2010-1083\", \"CVE-2010-1084\", \"CVE-2010-1086\", \"CVE-2010-1087\", \"CVE-2010-1088\", \"CVE-2010-1162\", \"CVE-2010-1173\", \"CVE-2010-1187\", \"CVE-2010-1437\", \"CVE-2010-1446\", \"CVE-2010-1451\");\n script_bugtraq_id(37521, 38393, 38479, 38898, 39042, 39044, 39101, 39120, 39480, 39569, 39719, 39794, 39798);\n script_xref(name:\"DSA\", value:\"2053\");\n\n script_name(english:\"Debian DSA-2053-1 : linux-2.6 - privilege escalation/denial of service/information leak\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service or privilege escalation. The Common\nVulnerabilities and Exposures project identifies the following\nproblems :\n\n - CVE-2009-4537\n Fabian Yamaguchi reported a missing check for Ethernet\n frames larger than the MTU in the r8169 driver. This may\n allow users on the local network to crash a system,\n resulting in a denial of service.\n\n - CVE-2010-0727\n Sachin Prabhu reported an issue in the GFS2 filesystem.\n Local users can trigger a BUG() altering the permissions\n on a locked file, resulting in a denial of service.\n\n - CVE-2010-1083\n Linus Torvalds reported an issue in the USB subsystem,\n which may allow local users to obtain portions of\n sensitive kernel memory.\n\n - CVE-2010-1084\n Neil Brown reported an issue in the Bluetooth subsystem\n that may permit remote attackers to overwrite memory\n through the creation of large numbers of sockets,\n resulting in a denial of service.\n\n - CVE-2010-1086\n Ang Way Chuang reported an issue in the DVB subsystem\n for Digital TV adapters. By creating a specially-encoded\n MPEG2-TS frame, a remote attacker could cause the\n receiver to enter an endless loop, resulting in a denial\n of service.\n\n - CVE-2010-1087\n Trond Myklebust reported an issue in the NFS filesystem.\n A local user may cause an oops by sending a fatal signal\n during a file truncation operation, resulting in a\n denial of service.\n\n - CVE-2010-1088\n Al Viro reported an issue where automount symlinks may\n not be followed when LOOKUP_FOLLOW is not set. This has\n an unknown security impact.\n\n - CVE-2010-1162\n Catalin Marinas reported an issue in the tty subsystem\n that allows local attackers to cause a kernel memory\n leak, possibly resulting in a denial of service.\n\n - CVE-2010-1173\n Chris Guo from Nokia China and Jukka Taimisto and Olli\n Jarva from Codenomicon Ltd reported an issue in the SCTP\n subsystem that allows a remote attacker to cause a\n denial of service using a malformed init package.\n\n - CVE-2010-1187\n Neil Hormon reported an issue in the TIPC subsystem.\n Local users can cause a denial of service by way of a\n NULL pointer dereference by sending datagrams through\n AF_TIPC before entering network mode.\n\n - CVE-2010-1437\n Toshiyuki Okajima reported a race condition in the\n keyring subsystem. Local users can cause memory\n corruption via keyctl commands that access a keyring in\n the process of being deleted, resulting in a denial of\n service.\n\n - CVE-2010-1446\n Wufei reported an issue with kgdb on the PowerPC\n architecture, allowing local users to write to kernel\n memory. Note: this issue does not affect binary kernels\n provided by Debian. The fix is provided for the benefit\n of users who build their own kernels from Debian source.\n\n - CVE-2010-1451\n Brad Spengler reported an issue on the SPARC\n architecture that allows local users to execute\n non-executable pages.\n\nThis update also includes fixes a regression introduced by a previous\nupdate. See the referenced Debian bug page for details.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=573071\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-4537\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-0727\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-1083\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-1084\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-1086\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-1087\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-1088\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-1162\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-1173\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-1187\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-1437\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-1446\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-1451\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2010/dsa-2053\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the linux-2.6 and user-mode-linux packages.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 2.6.26-22lenny1.\n\nThe user-mode-linux source package was additional rebuilt for\ncompatibility to take advantage of this update. The updated version of\nthe package is 2.6.26-1um-2+22lenny1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-2.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/01/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/05/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/05/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"linux-doc-2.6.26\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-486\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-4kc-malta\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-5kc-malta\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-686\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-686-bigmem\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-all\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-all-alpha\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-all-amd64\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-all-arm\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-all-armel\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-all-hppa\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-all-i386\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-all-ia64\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-all-mips\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-all-mipsel\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-all-powerpc\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-all-s390\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-all-sparc\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-alpha-generic\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-alpha-legacy\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-alpha-smp\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-amd64\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-common\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-common-openvz\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-common-vserver\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-common-xen\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-footbridge\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-iop32x\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-itanium\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-ixp4xx\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-mckinley\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-openvz-686\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-openvz-amd64\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-orion5x\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-parisc\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-parisc-smp\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-parisc64\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-parisc64-smp\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-powerpc\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-powerpc-smp\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-powerpc64\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-r4k-ip22\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-r5k-cobalt\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-r5k-ip32\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-s390\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-s390x\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-sb1-bcm91250a\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-sb1a-bcm91480b\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-sparc64\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-sparc64-smp\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-versatile\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-vserver-686\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-vserver-686-bigmem\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-vserver-amd64\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-vserver-itanium\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-vserver-mckinley\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-vserver-powerpc\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-vserver-powerpc64\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-vserver-s390x\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-vserver-sparc64\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-xen-686\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-xen-amd64\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-486\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-4kc-malta\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-5kc-malta\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-686\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-686-bigmem\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-alpha-generic\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-alpha-legacy\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-alpha-smp\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-amd64\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-footbridge\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-iop32x\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-itanium\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-ixp4xx\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-mckinley\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-openvz-686\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-openvz-amd64\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-orion5x\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-parisc\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-parisc-smp\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-parisc64\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-parisc64-smp\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-powerpc\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-powerpc-smp\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-powerpc64\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-r4k-ip22\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-r5k-cobalt\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-r5k-ip32\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-s390\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-s390-tape\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-s390x\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-sb1-bcm91250a\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-sb1a-bcm91480b\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-sparc64\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-sparc64-smp\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-versatile\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-vserver-686\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-vserver-686-bigmem\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-vserver-amd64\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-vserver-itanium\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-vserver-mckinley\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-vserver-powerpc\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-vserver-powerpc64\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-vserver-s390x\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-vserver-sparc64\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-xen-686\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-xen-amd64\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-libc-dev\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-manual-2.6.26\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-modules-2.6.26-2-xen-686\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-modules-2.6.26-2-xen-amd64\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-patch-debian-2.6.26\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-source-2.6.26\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-support-2.6.26-2\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-tree-2.6.26\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"xen-linux-system-2.6.26-2-xen-686\", reference:\"2.6.26-22lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"xen-linux-system-2.6.26-2-xen-amd64\", reference:\"2.6.26-22lenny1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-06T15:16:19", "description": "Updated gfs-kmod packages that fix one security issue are now available for Red Hat Enterprise Linux 5.4 Extended Update Support, kernel release 2.6.18-164.19.1.el5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe gfs-kmod packages contain modules that provide the ability to mount and use GFS file systems.\n\nA flaw was found in the gfs_lock() implementation. The GFS locking code could skip the lock operation for files that have the S_ISGID bit (set-group-ID on execution) in their mode set. A local, unprivileged user on a system that has a GFS file system mounted could use this flaw to cause a kernel panic. (CVE-2010-0727)\n\nThese updated gfs-kmod packages are in sync with the latest kernel (2.6.18-164.19.1.el5). The modules in earlier gfs-kmod packages failed to load because they did not match the running kernel. It was possible to force-load the modules. With this update, however, users no longer need to.\n\nUsers are advised to upgrade to these latest gfs-kmod packages, updated for use with the 2.6.18-164.19.1.el5 kernel, which contain a backported patch to correct this issue.", "cvss3": {}, "published": "2013-01-24T00:00:00", "type": "nessus", "title": "RHEL 5 : gfs-kmod (RHSA-2010:0521)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0727"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kmod-gfs", "p-cpe:/a:redhat:enterprise_linux:kmod-gfs-pae", "p-cpe:/a:redhat:enterprise_linux:kmod-gfs-xen", "cpe:/o:redhat:enterprise_linux:5.4"], "id": "REDHAT-RHSA-2010-0521.NASL", "href": "https://www.tenable.com/plugins/nessus/63938", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0521. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63938);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0727\");\n script_bugtraq_id(39101);\n script_xref(name:\"RHSA\", value:\"2010:0521\");\n\n script_name(english:\"RHEL 5 : gfs-kmod (RHSA-2010:0521)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated gfs-kmod packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 5.4 Extended Update Support,\nkernel release 2.6.18-164.19.1.el5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe gfs-kmod packages contain modules that provide the ability to\nmount and use GFS file systems.\n\nA flaw was found in the gfs_lock() implementation. The GFS locking\ncode could skip the lock operation for files that have the S_ISGID bit\n(set-group-ID on execution) in their mode set. A local, unprivileged\nuser on a system that has a GFS file system mounted could use this\nflaw to cause a kernel panic. (CVE-2010-0727)\n\nThese updated gfs-kmod packages are in sync with the latest kernel\n(2.6.18-164.19.1.el5). The modules in earlier gfs-kmod packages failed\nto load because they did not match the running kernel. It was possible\nto force-load the modules. With this update, however, users no longer\nneed to.\n\nUsers are advised to upgrade to these latest gfs-kmod packages,\nupdated for use with the 2.6.18-164.19.1.el5 kernel, which contain a\nbackported patch to correct this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-0727.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2010-0521.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected kmod-gfs, kmod-gfs-PAE and / or kmod-gfs-xen\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kmod-gfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kmod-gfs-PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kmod-gfs-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"RHEL5\", sp:\"4\", cpu:\"i686\", reference:\"kmod-gfs-0.1.34-2.el5_4.3\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"4\", cpu:\"x86_64\", reference:\"kmod-gfs-0.1.34-2.el5_4.3\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"4\", cpu:\"i686\", reference:\"kmod-gfs-PAE-0.1.34-2.el5_4.3\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"4\", cpu:\"i686\", reference:\"kmod-gfs-xen-0.1.34-2.el5_4.3\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"4\", cpu:\"x86_64\", reference:\"kmod-gfs-xen-0.1.34-2.el5_4.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-06T15:16:20", "description": "Updated kernel packages that fix one security issue and four bugs are now available for Red Hat Enterprise Linux 5.4 Extended Update Support.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThis update fixes the following security issue :\n\n* Buffer overflow flaws were found in the Linux kernel's implementation of the server-side External Data Representation (XDR) for the Network File System (NFS) version 4. An attacker on the local network could send a specially crafted large compound request to the NFSv4 server, which could possibly result in a kernel panic (denial of service) or, potentially, code execution. (CVE-2010-2521, Important)\n\nThis update also fixes the following bugs :\n\n* A race condition existed when generating new process IDs with the result that the wrong process could have been signaled or killed accidentally, leading to various application faults. This update detects and disallows the reuse of PID numbers. (BZ#638865)\n\n* In a two node cluster, moving 100 files between two folders using the lock master was nearly instantaneous. However, not using the lock master resulted in considerably worse performance on both GFS1 (Global File System 1) and GFS2 (Global File System 2) file systems. With this update, not using the lock master does not lead to worsened performance on either of the aforementioned file systems. (BZ#639071)\n\n* The device naming changed after additional devices were added to the system and caused various problems. With this update, device naming remains constant after adding any additional devices. (BZ#646764)\n\n* On some bnx2-based devices, frames could drop unexpectedly. This was shown by the increasing 'rx_fw_discards' values in the 'ethtool\n--statistics' output. With this update, frames are no longer dropped and all bnx2-based devices work as expected. (BZ#649254)\n\nUsers should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.", "cvss3": {}, "published": "2013-01-24T00:00:00", "type": "nessus", "title": "RHEL 5 : kernel (RHSA-2010:0907)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2521"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-pae", "p-cpe:/a:redhat:enterprise_linux:kernel-pae-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-xen", "p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel", "cpe:/o:redhat:enterprise_linux:5.4"], "id": "REDHAT-RHSA-2010-0907.NASL", "href": "https://www.tenable.com/plugins/nessus/63960", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0907. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63960);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-2521\");\n script_bugtraq_id(42249);\n script_xref(name:\"RHSA\", value:\"2010:0907\");\n\n script_name(english:\"RHEL 5 : kernel (RHSA-2010:0907)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix one security issue and four bugs are\nnow available for Red Hat Enterprise Linux 5.4 Extended Update\nSupport.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issue :\n\n* Buffer overflow flaws were found in the Linux kernel's\nimplementation of the server-side External Data Representation (XDR)\nfor the Network File System (NFS) version 4. An attacker on the local\nnetwork could send a specially crafted large compound request to the\nNFSv4 server, which could possibly result in a kernel panic (denial of\nservice) or, potentially, code execution. (CVE-2010-2521, Important)\n\nThis update also fixes the following bugs :\n\n* A race condition existed when generating new process IDs with the\nresult that the wrong process could have been signaled or killed\naccidentally, leading to various application faults. This update\ndetects and disallows the reuse of PID numbers. (BZ#638865)\n\n* In a two node cluster, moving 100 files between two folders using\nthe lock master was nearly instantaneous. However, not using the lock\nmaster resulted in considerably worse performance on both GFS1 (Global\nFile System 1) and GFS2 (Global File System 2) file systems. With this\nupdate, not using the lock master does not lead to worsened\nperformance on either of the aforementioned file systems. (BZ#639071)\n\n* The device naming changed after additional devices were added to the\nsystem and caused various problems. With this update, device naming\nremains constant after adding any additional devices. (BZ#646764)\n\n* On some bnx2-based devices, frames could drop unexpectedly. This was\nshown by the increasing 'rx_fw_discards' values in the 'ethtool\n--statistics' output. With this update, frames are no longer dropped\nand all bnx2-based devices work as expected. (BZ#649254)\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues. The system must be\nrebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-2521.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2010-0907.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-PAE-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"RHEL5\", sp:\"4\", cpu:\"i686\", reference:\"kernel-2.6.18-164.30.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-2.6.18-164.30.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-2.6.18-164.30.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"4\", cpu:\"i686\", reference:\"kernel-PAE-2.6.18-164.30.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"4\", cpu:\"i686\", reference:\"kernel-PAE-devel-2.6.18-164.30.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"4\", cpu:\"i686\", reference:\"kernel-debug-2.6.18-164.30.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-debug-2.6.18-164.30.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.18-164.30.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"4\", cpu:\"i686\", reference:\"kernel-debug-devel-2.6.18-164.30.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-debug-devel-2.6.18-164.30.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.18-164.30.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"4\", cpu:\"i686\", reference:\"kernel-devel-2.6.18-164.30.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-devel-2.6.18-164.30.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.18-164.30.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"4\", reference:\"kernel-doc-2.6.18-164.30.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"4\", cpu:\"i386\", reference:\"kernel-headers-2.6.18-164.30.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-headers-2.6.18-164.30.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.18-164.30.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-kdump-2.6.18-164.30.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-kdump-devel-2.6.18-164.30.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"4\", cpu:\"i686\", reference:\"kernel-xen-2.6.18-164.30.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-xen-2.6.18-164.30.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"4\", cpu:\"i686\", reference:\"kernel-xen-devel-2.6.18-164.30.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-xen-devel-2.6.18-164.30.1.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-06T15:15:58", "description": "Updated kernel packages that fix one security issue and three bugs are now available for Red Hat Enterprise Linux 5.3 Extended Update Support.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThis update fixes the following security issue :\n\n* Buffer overflow flaws were found in the Linux kernel's implementation of the server-side External Data Representation (XDR) for the Network File System (NFS) version 4. An attacker on the local network could send a specially crafted large compound request to the NFSv4 server, which could possibly result in a kernel panic (denial of service) or, potentially, code execution. (CVE-2010-2521, Important)\n\nThis update also fixes the following bugs :\n\n* A race condition existed when generating new process IDs with the result that the wrong process could have been signaled or killed accidentally, leading to various application faults. This update detects and disallows the reuse of PID numbers. (BZ#638864)\n\n* When multiple JBD-based (Journaling Block Device) file systems were mounted concurrently, and no other JBD-based file systems were already mounted, a race could occur between JBD slab cache creation and deletion. (BZ#645653)\n\n* A missing memory barrier caused a race condition in the AIO subsystem between the read_events() and aio_complete() functions. This may have caused a thread in read_events() to sleep indefinitely, possibly causing an application hang. (BZ#638868)\n\nUsers should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.", "cvss3": {}, "published": "2013-01-24T00:00:00", "type": "nessus", "title": "RHEL 5 : kernel (RHSA-2010:0893)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2521"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-pae", "p-cpe:/a:redhat:enterprise_linux:kernel-pae-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "cpe:/o:redhat:enterprise_linux:5.3", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-xen", "p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel"], "id": "REDHAT-RHSA-2010-0893.NASL", "href": "https://www.tenable.com/plugins/nessus/63958", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0893. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63958);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-2521\");\n script_bugtraq_id(42249);\n script_xref(name:\"RHSA\", value:\"2010:0893\");\n\n script_name(english:\"RHEL 5 : kernel (RHSA-2010:0893)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix one security issue and three bugs are\nnow available for Red Hat Enterprise Linux 5.3 Extended Update\nSupport.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issue :\n\n* Buffer overflow flaws were found in the Linux kernel's\nimplementation of the server-side External Data Representation (XDR)\nfor the Network File System (NFS) version 4. An attacker on the local\nnetwork could send a specially crafted large compound request to the\nNFSv4 server, which could possibly result in a kernel panic (denial of\nservice) or, potentially, code execution. (CVE-2010-2521, Important)\n\nThis update also fixes the following bugs :\n\n* A race condition existed when generating new process IDs with the\nresult that the wrong process could have been signaled or killed\naccidentally, leading to various application faults. This update\ndetects and disallows the reuse of PID numbers. (BZ#638864)\n\n* When multiple JBD-based (Journaling Block Device) file systems were\nmounted concurrently, and no other JBD-based file systems were already\nmounted, a race could occur between JBD slab cache creation and\ndeletion. (BZ#645653)\n\n* A missing memory barrier caused a race condition in the AIO\nsubsystem between the read_events() and aio_complete() functions. This\nmay have caused a thread in read_events() to sleep indefinitely,\npossibly causing an application hang. (BZ#638868)\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues. The system must be\nrebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-2521.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2010-0893.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-PAE-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"i686\", reference:\"kernel-2.6.18-128.26.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-2.6.18-128.26.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-2.6.18-128.26.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"i686\", reference:\"kernel-PAE-2.6.18-128.26.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"i686\", reference:\"kernel-PAE-devel-2.6.18-128.26.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"i686\", reference:\"kernel-debug-2.6.18-128.26.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-debug-2.6.18-128.26.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.18-128.26.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"i686\", reference:\"kernel-debug-devel-2.6.18-128.26.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-debug-devel-2.6.18-128.26.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.18-128.26.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"i686\", reference:\"kernel-devel-2.6.18-128.26.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-devel-2.6.18-128.26.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.18-128.26.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", reference:\"kernel-doc-2.6.18-128.26.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"i386\", reference:\"kernel-headers-2.6.18-128.26.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-headers-2.6.18-128.26.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.18-128.26.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-kdump-2.6.18-128.26.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-kdump-devel-2.6.18-128.26.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"i686\", reference:\"kernel-xen-2.6.18-128.26.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-xen-2.6.18-128.26.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"i686\", reference:\"kernel-xen-devel-2.6.18-128.26.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-xen-devel-2.6.18-128.26.1.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-06T15:41:41", "description": "Updated kernel packages that fix multiple security issues, several bugs, and add three enhancements are now available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity fixes :\n\n* RHSA-2009:1024 introduced a flaw in the ptrace implementation on Itanium systems. ptrace_check_attach() was not called during certain ptrace() requests. Under certain circumstances, a local, unprivileged user could use this flaw to call ptrace() on a process they do not own, giving them control over that process. (CVE-2010-0729, Important)\n\n* a flaw was found in the kernel's Unidirectional Lightweight Encapsulation (ULE) implementation. A remote attacker could send a specially crafted ISO MPEG-2 Transport Stream (TS) frame to a target system, resulting in a denial of service. (CVE-2010-1086, Important)\n\n* a use-after-free flaw was found in tcp_rcv_state_process() in the kernel's TCP/IP protocol suite implementation. If a system using IPv6 had the IPV6_RECVPKTINFO option set on a listening socket, a remote attacker could send an IPv6 packet to that system, causing a kernel panic. (CVE-2010-1188, Important)\n\n* a divide-by-zero flaw was found in azx_position_ok() in the Intel High Definition Audio driver, snd-hda-intel. A local, unprivileged user could trigger this flaw to cause a denial of service.\n(CVE-2010-1085, Moderate)\n\n* an information leak flaw was found in the kernel's USB implementation. Certain USB errors could result in an uninitialized kernel buffer being sent to user-space. An attacker with physical access to a target system could use this flaw to cause an information leak. (CVE-2010-1083, Low)\n\nRed Hat would like to thank Ang Way Chuang for reporting CVE-2010-1086.\n\nBug fixes :\n\n* a regression prevented the Broadcom BCM5761 network device from working when in the first (top) PCI-E slot of Hewlett-Packard (HP) Z600 systems. Note: The card worked in the 2nd or 3rd PCI-E slot.\n(BZ#567205)\n\n* the Xen hypervisor supports 168 GB of RAM for 32-bit guests. The physical address range was set incorrectly, however, causing 32-bit, para-virtualized Red Hat Enterprise Linux 4.8 guests to crash when launched on AMD64 or Intel 64 hosts that have more than 64 GB of RAM.\n(BZ#574392)\n\n* RHSA-2009:1024 introduced a regression, causing diskdump to fail on systems with certain adapters using the qla2xxx driver. (BZ#577234)\n\n* a race condition caused TX to stop in a guest using the virtio_net driver. (BZ#580089)\n\n* on some systems, using the 'arp_validate=3' bonding option caused both links to show as 'down' even though the arp_target was responding to ARP requests sent by the bonding driver. (BZ#580842)\n\n* in some circumstances, when a Red Hat Enterprise Linux client connected to a re-booted Windows-based NFS server, server-side filehandle-to-inode mapping changes caused a kernel panic.\n'bad_inode_ops' handling was changed to prevent this. Note:\nfilehandle-to-inode mapping changes may still cause errors, but not panics. (BZ#582908)\n\n* when installing a Red Hat Enterprise Linux 4 guest via PXE, hard-coded fixed-size scatterlists could conflict with host requests, causing the guest's kernel to panic. With this update, dynamically allocated scatterlists are used, resolving this issue. (BZ#582911)\n\nEnhancements :\n\n* kernel support for connlimit. Note: iptables errata update RHBA-2010:0395 is also required for connlimit to work correctly.\n(BZ#563223)\n\n* support for the Intel architectural performance monitoring subsystem (arch_perfmon). On supported CPUs, arch_perfmon offers means to mark performance events and options for configuring and counting these events. (BZ#582913)\n\n* kernel support for OProfile sampling of Intel microarchitecture (Nehalem) CPUs. This update alone does not address OProfile support for such CPUs. A future oprofile package update will allow OProfile to work on Intel Nehalem CPUs. (BZ#582241)\n\nUsers should upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements.\nThe system must be rebooted for this update to take effect.", "cvss3": {}, "published": "2010-05-10T00:00:00", "type": "nessus", "title": "CentOS 4 : kernel (CESA-2010:0394)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0729", "CVE-2010-1083", "CVE-2010-1085", "CVE-2010-1086", "CVE-2010-1188"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:kernel-hugemem", "p-cpe:/a:centos:centos:kernel-hugemem-devel", "p-cpe:/a:centos:centos:kernel-largesmp", "p-cpe:/a:centos:centos:kernel-largesmp-devel", "p-cpe:/a:centos:centos:kernel-smp", "p-cpe:/a:centos:centos:kernel-smp-devel", "p-cpe:/a:centos:centos:kernel-xenu", "p-cpe:/a:centos:centos:kernel-xenu-devel", "cpe:/o:centos:centos:4", "p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel-doc"], "id": "CENTOS_RHSA-2010-0394.NASL", "href": "https://www.tenable.com/plugins/nessus/46256", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0394 and \n# CentOS Errata and Security Advisory 2010:0394 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(46256);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2010-0729\", \"CVE-2010-1083\", \"CVE-2010-1085\", \"CVE-2010-1086\", \"CVE-2010-1188\");\n script_bugtraq_id(38348, 38479, 38702, 39016, 39042);\n script_xref(name:\"RHSA\", value:\"2010:0394\");\n\n script_name(english:\"CentOS 4 : kernel (CESA-2010:0394)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix multiple security issues, several\nbugs, and add three enhancements are now available for Red Hat\nEnterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity fixes :\n\n* RHSA-2009:1024 introduced a flaw in the ptrace implementation on\nItanium systems. ptrace_check_attach() was not called during certain\nptrace() requests. Under certain circumstances, a local, unprivileged\nuser could use this flaw to call ptrace() on a process they do not\nown, giving them control over that process. (CVE-2010-0729, Important)\n\n* a flaw was found in the kernel's Unidirectional Lightweight\nEncapsulation (ULE) implementation. A remote attacker could send a\nspecially crafted ISO MPEG-2 Transport Stream (TS) frame to a target\nsystem, resulting in a denial of service. (CVE-2010-1086, Important)\n\n* a use-after-free flaw was found in tcp_rcv_state_process() in the\nkernel's TCP/IP protocol suite implementation. If a system using IPv6\nhad the IPV6_RECVPKTINFO option set on a listening socket, a remote\nattacker could send an IPv6 packet to that system, causing a kernel\npanic. (CVE-2010-1188, Important)\n\n* a divide-by-zero flaw was found in azx_position_ok() in the Intel\nHigh Definition Audio driver, snd-hda-intel. A local, unprivileged\nuser could trigger this flaw to cause a denial of service.\n(CVE-2010-1085, Moderate)\n\n* an information leak flaw was found in the kernel's USB\nimplementation. Certain USB errors could result in an uninitialized\nkernel buffer being sent to user-space. An attacker with physical\naccess to a target system could use this flaw to cause an information\nleak. (CVE-2010-1083, Low)\n\nRed Hat would like to thank Ang Way Chuang for reporting\nCVE-2010-1086.\n\nBug fixes :\n\n* a regression prevented the Broadcom BCM5761 network device from\nworking when in the first (top) PCI-E slot of Hewlett-Packard (HP)\nZ600 systems. Note: The card worked in the 2nd or 3rd PCI-E slot.\n(BZ#567205)\n\n* the Xen hypervisor supports 168 GB of RAM for 32-bit guests. The\nphysical address range was set incorrectly, however, causing 32-bit,\npara-virtualized Red Hat Enterprise Linux 4.8 guests to crash when\nlaunched on AMD64 or Intel 64 hosts that have more than 64 GB of RAM.\n(BZ#574392)\n\n* RHSA-2009:1024 introduced a regression, causing diskdump to fail on\nsystems with certain adapters using the qla2xxx driver. (BZ#577234)\n\n* a race condition caused TX to stop in a guest using the virtio_net\ndriver. (BZ#580089)\n\n* on some systems, using the 'arp_validate=3' bonding option caused\nboth links to show as 'down' even though the arp_target was responding\nto ARP requests sent by the bonding driver. (BZ#580842)\n\n* in some circumstances, when a Red Hat Enterprise Linux client\nconnected to a re-booted Windows-based NFS server, server-side\nfilehandle-to-inode mapping changes caused a kernel panic.\n'bad_inode_ops' handling was changed to prevent this. Note:\nfilehandle-to-inode mapping changes may still cause errors, but not\npanics. (BZ#582908)\n\n* when installing a Red Hat Enterprise Linux 4 guest via PXE,\nhard-coded fixed-size scatterlists could conflict with host requests,\ncausing the guest's kernel to panic. With this update, dynamically\nallocated scatterlists are used, resolving this issue. (BZ#582911)\n\nEnhancements :\n\n* kernel support for connlimit. Note: iptables errata update\nRHBA-2010:0395 is also required for connlimit to work correctly.\n(BZ#563223)\n\n* support for the Intel architectural performance monitoring subsystem\n(arch_perfmon). On supported CPUs, arch_perfmon offers means to mark\nperformance events and options for configuring and counting these\nevents. (BZ#582913)\n\n* kernel support for OProfile sampling of Intel microarchitecture\n(Nehalem) CPUs. This update alone does not address OProfile support\nfor such CPUs. A future oprofile package update will allow OProfile to\nwork on Intel Nehalem CPUs. (BZ#582241)\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues and add these enhancements.\nThe system must be rebooted for this update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-May/016631.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1bd51e5a\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-May/016632.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?56f1b02f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-hugemem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-hugemem-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-largesmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-largesmp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-smp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-xenU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-xenU-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/03/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/05/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/05/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"kernel-2.6.9-89.0.25.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"kernel-2.6.9-89.0.25.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"kernel-devel-2.6.9-89.0.25.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.9-89.0.25.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"kernel-doc-2.6.9-89.0.25.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"kernel-doc-2.6.9-89.0.25.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"kernel-hugemem-2.6.9-89.0.25.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"kernel-hugemem-devel-2.6.9-89.0.25.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"kernel-largesmp-2.6.9-89.0.25.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"kernel-largesmp-devel-2.6.9-89.0.25.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"kernel-smp-2.6.9-89.0.25.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"kernel-smp-2.6.9-89.0.25.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"kernel-smp-devel-2.6.9-89.0.25.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"kernel-smp-devel-2.6.9-89.0.25.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"kernel-xenU-2.6.9-89.0.25.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"kernel-xenU-2.6.9-89.0.25.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"kernel-xenU-devel-2.6.9-89.0.25.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"kernel-xenU-devel-2.6.9-89.0.25.EL\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-devel / kernel-doc / kernel-hugemem / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-06T15:15:15", "description": "Updated gfs-kmod packages that fix one security issue, numerous bugs, and add one enhancement are now available for Red Hat Enterprise Linux 5.5, kernel release 2.6.18-194.el5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe gfs-kmod packages contain modules that provide the ability to mount and use GFS file systems.\n\nA flaw was found in the gfs_lock() implementation. The GFS locking code could skip the lock operation for files that have the S_ISGID bit (set-group-ID on execution) in their mode set. A local, unprivileged user on a system that has a GFS file system mounted could use this flaw to cause a kernel panic. (CVE-2010-0727)\n\nThese updated gfs-kmod packages are in sync with the latest kernel (2.6.18-194.el5). The modules in earlier gfs-kmod packages failed to load because they did not match the running kernel. It was possible to force-load the modules. With this update, however, users no longer need to.\n\nThese updated gfs-kmod packages also fix the following bugs :\n\n* when SELinux was in permissive mode, a race condition during file creation could have caused one or more cluster nodes to be fenced and lock the remaining nodes out of the GFS file system. This race condition no longer occurs with this update. (BZ#471258)\n\n* when ACLs (Access Control Lists) are enabled on a GFS file system, if a transaction that has started to do a write request does not have enough spare blocks for the operation it causes a kernel panic. This update ensures that there are enough blocks for the write request before starting the operation. (BZ#513885)\n\n* requesting a 'flock' on a file in GFS in either read-only or read-write mode would sometimes cause a 'Resource temporarily unavailable' state error (error 11 for EWOULDBLOCK) to occur. In these cases, a flock could not be obtained on the file in question. This has been fixed with this update so that flocks can successfully be obtained on GFS files without this error occurring. (BZ#515717)\n\n* the GFS withdraw function is a data integrity feature of GFS file systems in a cluster. If the GFS kernel module detects an inconsistency in a GFS file system following an I/O operation, the file system becomes unavailable to the cluster. The GFS withdraw function is less severe than a kernel panic, which would cause another node to fence the node. With this update, you can override the GFS withdraw function by mounting the file system with the '-o errors=panic' option specified. When this option is specified, any errors that would normally cause the system to withdraw cause the system to panic instead. This stops the node's cluster communications, which causes the node to be fenced. (BZ#517145)\n\nFinally, these updated gfs-kmod packages provide the following enhancement :\n\n* the GFS kernel modules have been updated to use the new generic freeze and unfreeze ioctl interface that is also supported by the following file systems: ext3, ext4, GFS2, JFS and ReiserFS. With this update, GFS supports freeze/unfreeze through the VFS-level FIFREEZE/FITHAW ioctl interface. (BZ#487610)\n\nUsers are advised to upgrade to these latest gfs-kmod packages, updated for use with the 2.6.18-194.el5 kernel, which contain backported patches to correct these issues, fix these bugs, and add this enhancement.", "cvss3": {}, "published": "2013-01-24T00:00:00", "type": "nessus", "title": "RHEL 5 : gfs-kmod (RHSA-2010:0291)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0727"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kmod-gfs", "p-cpe:/a:redhat:enterprise_linux:kmod-gfs-pae", "p-cpe:/a:redhat:enterprise_linux:kmod-gfs-xen", "cpe:/o:redhat:enterprise_linux:5"], "id": "REDHAT-RHSA-2010-0291.NASL", "href": "https://www.tenable.com/plugins/nessus/63925", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0291. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63925);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0727\");\n script_xref(name:\"RHSA\", value:\"2010:0291\");\n\n script_name(english:\"RHEL 5 : gfs-kmod (RHSA-2010:0291)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated gfs-kmod packages that fix one security issue, numerous bugs,\nand add one enhancement are now available for Red Hat Enterprise Linux\n5.5, kernel release 2.6.18-194.el5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe gfs-kmod packages contain modules that provide the ability to\nmount and use GFS file systems.\n\nA flaw was found in the gfs_lock() implementation. The GFS locking\ncode could skip the lock operation for files that have the S_ISGID bit\n(set-group-ID on execution) in their mode set. A local, unprivileged\nuser on a system that has a GFS file system mounted could use this\nflaw to cause a kernel panic. (CVE-2010-0727)\n\nThese updated gfs-kmod packages are in sync with the latest kernel\n(2.6.18-194.el5). The modules in earlier gfs-kmod packages failed to\nload because they did not match the running kernel. It was possible to\nforce-load the modules. With this update, however, users no longer\nneed to.\n\nThese updated gfs-kmod packages also fix the following bugs :\n\n* when SELinux was in permissive mode, a race condition during file\ncreation could have caused one or more cluster nodes to be fenced and\nlock the remaining nodes out of the GFS file system. This race\ncondition no longer occurs with this update. (BZ#471258)\n\n* when ACLs (Access Control Lists) are enabled on a GFS file system,\nif a transaction that has started to do a write request does not have\nenough spare blocks for the operation it causes a kernel panic. This\nupdate ensures that there are enough blocks for the write request\nbefore starting the operation. (BZ#513885)\n\n* requesting a 'flock' on a file in GFS in either read-only or\nread-write mode would sometimes cause a 'Resource temporarily\nunavailable' state error (error 11 for EWOULDBLOCK) to occur. In these\ncases, a flock could not be obtained on the file in question. This has\nbeen fixed with this update so that flocks can successfully be\nobtained on GFS files without this error occurring. (BZ#515717)\n\n* the GFS withdraw function is a data integrity feature of GFS file\nsystems in a cluster. If the GFS kernel module detects an\ninconsistency in a GFS file system following an I/O operation, the\nfile system becomes unavailable to the cluster. The GFS withdraw\nfunction is less severe than a kernel panic, which would cause another\nnode to fence the node. With this update, you can override the GFS\nwithdraw function by mounting the file system with the '-o\nerrors=panic' option specified. When this option is specified, any\nerrors that would normally cause the system to withdraw cause the\nsystem to panic instead. This stops the node's cluster communications,\nwhich causes the node to be fenced. (BZ#517145)\n\nFinally, these updated gfs-kmod packages provide the following\nenhancement :\n\n* the GFS kernel modules have been updated to use the new generic\nfreeze and unfreeze ioctl interface that is also supported by the\nfollowing file systems: ext3, ext4, GFS2, JFS and ReiserFS. With this\nupdate, GFS supports freeze/unfreeze through the VFS-level\nFIFREEZE/FITHAW ioctl interface. (BZ#487610)\n\nUsers are advised to upgrade to these latest gfs-kmod packages,\nupdated for use with the 2.6.18-194.el5 kernel, which contain\nbackported patches to correct these issues, fix these bugs, and add\nthis enhancement.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-0727.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2010-0291.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected kmod-gfs, kmod-gfs-PAE and / or kmod-gfs-xen\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kmod-gfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kmod-gfs-PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kmod-gfs-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/03/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kmod-gfs-0.1.34-12.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kmod-gfs-0.1.34-12.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kmod-gfs-PAE-0.1.34-12.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kmod-gfs-xen-0.1.34-12.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kmod-gfs-xen-0.1.34-12.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-06T16:19:31", "description": "A flaw was found in the gfs_lock() implementation. The GFS locking code could skip the lock operation for files that have the S_ISGID bit (set-group-ID on execution) in their mode set. A local, unprivileged user on a system that has a GFS file system mounted could use this flaw to cause a kernel panic. (CVE-2010-0727)\n\nAs well, these updated GFS packages are in sync with the latest kernel (2.4.21-63.EL). The modules in earlier GFS packages fail to load because they do not match the running kernel. It is possible to force-load the modules; however, with this update, force-loading the modules is not required. (BZ#525198)\n\nUsers are advised to upgrade to these latest GFS packages, which resolve this issue and are updated for use with the 2.4.21-63.EL kernel.", "cvss3": {}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : GFS on SL3.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0727"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20100330_GFS_ON_SL3_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60760", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60760);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0727\");\n\n script_name(english:\"Scientific Linux Security Update : GFS on SL3.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was found in the gfs_lock() implementation. The GFS locking\ncode could skip the lock operation for files that have the S_ISGID bit\n(set-group-ID on execution) in their mode set. A local, unprivileged\nuser on a system that has a GFS file system mounted could use this\nflaw to cause a kernel panic. (CVE-2010-0727)\n\nAs well, these updated GFS packages are in sync with the latest kernel\n(2.4.21-63.EL). The modules in earlier GFS packages fail to load\nbecause they do not match the running kernel. It is possible to\nforce-load the modules; however, with this update, force-loading the\nmodules is not required. (BZ#525198)\n\nUsers are advised to upgrade to these latest GFS packages, which\nresolve this issue and are updated for use with the 2.4.21-63.EL\nkernel.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=525198\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1003&L=scientific-linux-errata&T=0&P=3822\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ab620ba2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/03/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL3\", reference:\"GFS-6.0.2.36-13\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"GFS-devel-6.0.2.36-13\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"GFS-modules-6.0.2.36-13\")) flag++;\nif (rpm_check(release:\"SL3\", cpu:\"i386\", reference:\"GFS-modules-hugemem-6.0.2.36-13\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"GFS-modules-smp-6.0.2.36-13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-06T15:40:39", "description": "Updated kernel packages that fix multiple security issues, several bugs, and add three enhancements are now available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity fixes :\n\n* RHSA-2009:1024 introduced a flaw in the ptrace implementation on Itanium systems. ptrace_check_attach() was not called during certain ptrace() requests. Under certain circumstances, a local, unprivileged user could use this flaw to call ptrace() on a process they do not own, giving them control over that process. (CVE-2010-0729, Important)\n\n* a flaw was found in the kernel's Unidirectional Lightweight Encapsulation (ULE) implementation. A remote attacker could send a specially crafted ISO MPEG-2 Transport Stream (TS) frame to a target system, resulting in a denial of service. (CVE-2010-1086, Important)\n\n* a use-after-free flaw was found in tcp_rcv_state_process() in the kernel's TCP/IP protocol suite implementation. If a system using IPv6 had the IPV6_RECVPKTINFO option set on a listening socket, a remote attacker could send an IPv6 packet to that system, causing a kernel panic. (CVE-2010-1188, Important)\n\n* a divide-by-zero flaw was found in azx_position_ok() in the Intel High Definition Audio driver, snd-hda-intel. A local, unprivileged user could trigger this flaw to cause a denial of service.\n(CVE-2010-1085, Moderate)\n\n* an information leak flaw was found in the kernel's USB implementation. Certain USB errors could result in an uninitialized kernel buffer being sent to user-space. An attacker with physical access to a target system could use this flaw to cause an information leak. (CVE-2010-1083, Low)\n\nRed Hat would like to thank Ang Way Chuang for reporting CVE-2010-1086.\n\nBug fixes :\n\n* a regression prevented the Broadcom BCM5761 network device from working when in the first (top) PCI-E slot of Hewlett-Packard (HP) Z600 systems. Note: The card worked in the 2nd or 3rd PCI-E slot.\n(BZ#567205)\n\n* the Xen hypervisor supports 168 GB of RAM for 32-bit guests. The physical address range was set incorrectly, however, causing 32-bit, para-virtualized Red Hat Enterprise Linux 4.8 guests to crash when launched on AMD64 or Intel 64 hosts that have more than 64 GB of RAM.\n(BZ#574392)\n\n* RHSA-2009:1024 introduced a regression, causing diskdump to fail on systems with certain adapters using the qla2xxx driver. (BZ#577234)\n\n* a race condition caused TX to stop in a guest using the virtio_net driver. (BZ#580089)\n\n* on some systems, using the 'arp_validate=3' bonding option caused both links to show as 'down' even though the arp_target was responding to ARP requests sent by the bonding driver. (BZ#580842)\n\n* in some circumstances, when a Red Hat Enterprise Linux client connected to a re-booted Windows-based NFS server, server-side filehandle-to-inode mapping changes caused a kernel panic.\n'bad_inode_ops' handling was changed to prevent this. Note:\nfilehandle-to-inode mapping changes may still cause errors, but not panics. (BZ#582908)\n\n* when installing a Red Hat Enterprise Linux 4 guest via PXE, hard-coded fixed-size scatterlists could conflict with host requests, causing the guest's kernel to panic. With this update, dynamically allocated scatterlists are used, resolving this issue. (BZ#582911)\n\nEnhancements :\n\n* kernel support for connlimit. Note: iptables errata update RHBA-2010:0395 is also required for connlimit to work correctly.\n(BZ#563223)\n\n* support for the Intel architectural performance monitoring subsystem (arch_perfmon). On supported CPUs, arch_perfmon offers means to mark performance events and options for configuring and counting these events. (BZ#582913)\n\n* kernel support for OProfile sampling of Intel microarchitecture (Nehalem) CPUs. This update alone does not address OProfile support for such CPUs. A future oprofile package update will allow OProfile to work on Intel Nehalem CPUs. (BZ#582241)\n\nUsers should upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements.\nThe system must be rebooted for this update to take effect.", "cvss3": {}, "published": "2010-05-11T00:00:00", "type": "nessus", "title": "RHEL 4 : kernel (RHSA-2010:0394)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0729", "CVE-2010-1083", "CVE-2010-1085", "CVE-2010-1086", "CVE-2010-1188"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-hugemem", "p-cpe:/a:redhat:enterprise_linux:kernel-hugemem-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-largesmp", "p-cpe:/a:redhat:enterprise_linux:kernel-largesmp-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-smp", "p-cpe:/a:redhat:enterprise_linux:kernel-smp-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-xenu", "p-cpe:/a:redhat:enterprise_linux:kernel-xenu-devel", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:4.8"], "id": "REDHAT-RHSA-2010-0394.NASL", "href": "https://www.tenable.com/plugins/nessus/46306", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0394. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(46306);\n script_version(\"1.24\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0729\", \"CVE-2010-1083\", \"CVE-2010-1085\", \"CVE-2010-1086\", \"CVE-2010-1188\");\n script_bugtraq_id(38348, 38479, 38702, 39016, 39042);\n script_xref(name:\"RHSA\", value:\"2010:0394\");\n\n script_name(english:\"RHEL 4 : kernel (RHSA-2010:0394)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix multiple security issues, several\nbugs, and add three enhancements are now available for Red Hat\nEnterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity fixes :\n\n* RHSA-2009:1024 introduced a flaw in the ptrace implementation on\nItanium systems. ptrace_check_attach() was not called during certain\nptrace() requests. Under certain circumstances, a local, unprivileged\nuser could use this flaw to call ptrace() on a process they do not\nown, giving them control over that process. (CVE-2010-0729, Important)\n\n* a flaw was found in the kernel's Unidirectional Lightweight\nEncapsulation (ULE) implementation. A remote attacker could send a\nspecially crafted ISO MPEG-2 Transport Stream (TS) frame to a target\nsystem, resulting in a denial of service. (CVE-2010-1086, Important)\n\n* a use-after-free flaw was found in tcp_rcv_state_process() in the\nkernel's TCP/IP protocol suite implementation. If a system using IPv6\nhad the IPV6_RECVPKTINFO option set on a listening socket, a remote\nattacker could send an IPv6 packet to that system, causing a kernel\npanic. (CVE-2010-1188, Important)\n\n* a divide-by-zero flaw was found in azx_position_ok() in the Intel\nHigh Definition Audio driver, snd-hda-intel. A local, unprivileged\nuser could trigger this flaw to cause a denial of service.\n(CVE-2010-1085, Moderate)\n\n* an information leak flaw was found in the kernel's USB\nimplementation. Certain USB errors could result in an uninitialized\nkernel buffer being sent to user-space. An attacker with physical\naccess to a target system could use this flaw to cause an information\nleak. (CVE-2010-1083, Low)\n\nRed Hat would like to thank Ang Way Chuang for reporting\nCVE-2010-1086.\n\nBug fixes :\n\n* a regression prevented the Broadcom BCM5761 network device from\nworking when in the first (top) PCI-E slot of Hewlett-Packard (HP)\nZ600 systems. Note: The card worked in the 2nd or 3rd PCI-E slot.\n(BZ#567205)\n\n* the Xen hypervisor supports 168 GB of RAM for 32-bit guests. The\nphysical address range was set incorrectly, however, causing 32-bit,\npara-virtualized Red Hat Enterprise Linux 4.8 guests to crash when\nlaunched on AMD64 or Intel 64 hosts that have more than 64 GB of RAM.\n(BZ#574392)\n\n* RHSA-2009:1024 introduced a regression, causing diskdump to fail on\nsystems with certain adapters using the qla2xxx driver. (BZ#577234)\n\n* a race condition caused TX to stop in a guest using the virtio_net\ndriver. (BZ#580089)\n\n* on some systems, using the 'arp_validate=3' bonding option caused\nboth links to show as 'down' even though the arp_target was responding\nto ARP requests sent by the bonding driver. (BZ#580842)\n\n* in some circumstances, when a Red Hat Enterprise Linux client\nconnected to a re-booted Windows-based NFS server, server-side\nfilehandle-to-inode mapping changes caused a kernel panic.\n'bad_inode_ops' handling was changed to prevent this. Note:\nfilehandle-to-inode mapping changes may still cause errors, but not\npanics. (BZ#582908)\n\n* when installing a Red Hat Enterprise Linux 4 guest via PXE,\nhard-coded fixed-size scatterlists could conflict with host requests,\ncausing the guest's kernel to panic. With this update, dynamically\nallocated scatterlists are used, resolving this issue. (BZ#582911)\n\nEnhancements :\n\n* kernel support for connlimit. Note: iptables errata update\nRHBA-2010:0395 is also required for connlimit to work correctly.\n(BZ#563223)\n\n* support for the Intel architectural performance monitoring subsystem\n(arch_perfmon). On supported CPUs, arch_perfmon offers means to mark\nperformance events and options for configuring and counting these\nevents. (BZ#582913)\n\n* kernel support for OProfile sampling of Intel microarchitecture\n(Nehalem) CPUs. This update alone does not address OProfile support\nfor such CPUs. A future oprofile package update will allow OProfile to\nwork on Intel Nehalem CPUs. (BZ#582241)\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues and add these enhancements.\nThe system must be rebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0729\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-1083\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-1085\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-1086\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-1188\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2010:0394\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-hugemem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-hugemem-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-largesmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-largesmp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-smp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xenU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xenU-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.8\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/03/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/05/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/05/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2010-0729\", \"CVE-2010-1083\", \"CVE-2010-1085\", \"CVE-2010-1086\", \"CVE-2010-1188\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2010:0394\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2010:0394\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"kernel-2.6.9-89.0.25.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"kernel-devel-2.6.9-89.0.25.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"kernel-doc-2.6.9-89.0.25.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i686\", reference:\"kernel-hugemem-2.6.9-89.0.25.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i686\", reference:\"kernel-hugemem-devel-2.6.9-89.0.25.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"kernel-largesmp-2.6.9-89.0.25.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"kernel-largesmp-devel-2.6.9-89.0.25.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i686\", reference:\"kernel-smp-2.6.9-89.0.25.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"kernel-smp-2.6.9-89.0.25.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i686\", reference:\"kernel-smp-devel-2.6.9-89.0.25.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"kernel-smp-devel-2.6.9-89.0.25.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i686\", reference:\"kernel-xenU-2.6.9-89.0.25.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"kernel-xenU-2.6.9-89.0.25.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i686\", reference:\"kernel-xenU-devel-2.6.9-89.0.25.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"kernel-xenU-devel-2.6.9-89.0.25.EL\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-devel / kernel-doc / kernel-hugemem / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-06T16:20:03", "description": "Security fixes :\n\n - Kernel update 2.6.9-89.EL introduced a flaw in the ptrace implementation on Itanium systems.\n ptrace_check_attach() was not called during certain ptrace() requests. Under certain circumstances, a local, unprivileged user could use this flaw to call ptrace() on a process they do not own, giving them control over that process. (CVE-2010-0729, Important)\n\n - a flaw was found in the kernel's Unidirectional Lightweight Encapsulation (ULE) implementation. A remote attacker could send a specially crafted ISO MPEG-2 Transport Stream (TS) frame to a target system, resulting in a denial of service. (CVE-2010-1086, Important)\n\n - a use-after-free flaw was found in tcp_rcv_state_process() in the kernel's TCP/IP protocol suite implementation. If a system using IPv6 had the IPV6_RECVPKTINFO option set on a listening socket, a remote attacker could send an IPv6 packet to that system, causing a kernel panic. (CVE-2010-1188, Important)\n\n - a divide-by-zero flaw was found in azx_position_ok() in the Intel High Definition Audio driver, snd-hda-intel. A local, unprivileged user could trigger this flaw to cause a denial of service. (CVE-2010-1085, Moderate)\n\n - an information leak flaw was found in the kernel's USB implementation. Certain USB errors could result in an uninitialized kernel buffer being sent to user-space. An attacker with physical access to a target system could use this flaw to cause an information leak.\n (CVE-2010-1083, Low)\n\nBug fixes :\n\n - a regression prevented the Broadcom BCM5761 network device from working when in the first (top) PCI-E slot of Hewlett-Packard (HP) Z600 systems. Note: The card worked in the 2nd or 3rd PCI-E slot. (BZ#567205)\n\n - the Xen hypervisor supports 168 GB of RAM for 32-bit guests. The physical address range was set incorrectly, however, causing 32-bit, para-virtualized Scientific Linux 4.8 guests to crash when launched on AMD64 or Intel 64 hosts that have more than 64 GB of RAM.\n (BZ#574392)\n\n - Kernel update 2.6.9-89.EL introduced a regression, causing diskdump to fail on systems with certain adapters using the qla2xxx driver. (BZ#577234)\n\n - a race condition caused TX to stop in a guest using the virtio_net driver. (BZ#580089)\n\n - on some systems, using the 'arp_validate=3' bonding option caused both links to show as 'down' even though the arp_target was responding to ARP requests sent by the bonding driver. (BZ#580842)\n\n - in some circumstances, when a Scientific Linux client connected to a re-booted Windows-based NFS server, server-side filehandle-to-inode mapping changes caused a kernel panic. 'bad_inode_ops' handling was changed to prevent this. Note: filehandle-to-inode mapping changes may still cause errors, but not panics. (BZ#582908)\n\n - when installing a Scientific Linux 4 guest via PXE, hard-coded fixed-size scatterlists could conflict with host requests, causing the guest's kernel to panic. With this update, dynamically allocated scatterlists are used, resolving this issue. (BZ#582911)\n\nEnhancements :\n\n - kernel support for connlimit. Note: iptables errata update RHBA-2010:0395 is also required for connlimit to work correctly. (BZ#563223)\n\n - support for the Intel architectural performance monitoring subsystem (arch_perfmon). On supported CPUs, arch_perfmon offers means to mark performance events and options for configuring and counting these events.\n (BZ#582913)\n\n - kernel support for OProfile sampling of Intel microarchitecture (Nehalem) CPUs. This update alone does not address OProfile support for such CPUs. A future oprofile package update will allow OProfile to work on Intel Nehalem CPUs. (BZ#582241)\n\nThe system must be rebooted for this update to take effect.", "cvss3": {}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : kernel on SL4.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0729", "CVE-2010-1083", "CVE-2010-1085", "CVE-2010-1086", "CVE-2010-1188"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20100505_KERNEL_ON_SL4_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60787", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60787);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0729\", \"CVE-2010-1083\", \"CVE-2010-1085\", \"CVE-2010-1086\", \"CVE-2010-1188\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL4.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fixes :\n\n - Kernel update 2.6.9-89.EL introduced a flaw in the\n ptrace implementation on Itanium systems.\n ptrace_check_attach() was not called during certain\n ptrace() requests. Under certain circumstances, a local,\n unprivileged user could use this flaw to call ptrace()\n on a process they do not own, giving them control over\n that process. (CVE-2010-0729, Important)\n\n - a flaw was found in the kernel's Unidirectional\n Lightweight Encapsulation (ULE) implementation. A remote\n attacker could send a specially crafted ISO MPEG-2\n Transport Stream (TS) frame to a target system,\n resulting in a denial of service. (CVE-2010-1086,\n Important)\n\n - a use-after-free flaw was found in\n tcp_rcv_state_process() in the kernel's TCP/IP protocol\n suite implementation. If a system using IPv6 had the\n IPV6_RECVPKTINFO option set on a listening socket, a\n remote attacker could send an IPv6 packet to that\n system, causing a kernel panic. (CVE-2010-1188,\n Important)\n\n - a divide-by-zero flaw was found in azx_position_ok() in\n the Intel High Definition Audio driver, snd-hda-intel. A\n local, unprivileged user could trigger this flaw to\n cause a denial of service. (CVE-2010-1085, Moderate)\n\n - an information leak flaw was found in the kernel's USB\n implementation. Certain USB errors could result in an\n uninitialized kernel buffer being sent to user-space. An\n attacker with physical access to a target system could\n use this flaw to cause an information leak.\n (CVE-2010-1083, Low)\n\nBug fixes :\n\n - a regression prevented the Broadcom BCM5761 network\n device from working when in the first (top) PCI-E slot\n of Hewlett-Packard (HP) Z600 systems. Note: The card\n worked in the 2nd or 3rd PCI-E slot. (BZ#567205)\n\n - the Xen hypervisor supports 168 GB of RAM for 32-bit\n guests. The physical address range was set incorrectly,\n however, causing 32-bit, para-virtualized Scientific\n Linux 4.8 guests to crash when launched on AMD64 or\n Intel 64 hosts that have more than 64 GB of RAM.\n (BZ#574392)\n\n - Kernel update 2.6.9-89.EL introduced a regression,\n causing diskdump to fail on systems with certain\n adapters using the qla2xxx driver. (BZ#577234)\n\n - a race condition caused TX to stop in a guest using the\n virtio_net driver. (BZ#580089)\n\n - on some systems, using the 'arp_validate=3' bonding\n option caused both links to show as 'down' even though\n the arp_target was responding to ARP requests sent by\n the bonding driver. (BZ#580842)\n\n - in some circumstances, when a Scientific Linux client\n connected to a re-booted Windows-based NFS server,\n server-side filehandle-to-inode mapping changes caused a\n kernel panic. 'bad_inode_ops' handling was changed to\n prevent this. Note: filehandle-to-inode mapping changes\n may still cause errors, but not panics. (BZ#582908)\n\n - when installing a Scientific Linux 4 guest via PXE,\n hard-coded fixed-size scatterlists could conflict with\n host requests, causing the guest's kernel to panic. With\n this update, dynamically allocated scatterlists are\n used, resolving this issue. (BZ#582911)\n\nEnhancements :\n\n - kernel support for connlimit. Note: iptables errata\n update RHBA-2010:0395 is also required for connlimit to\n work correctly. (BZ#563223)\n\n - support for the Intel architectural performance\n monitoring subsystem (arch_perfmon). On supported CPUs,\n arch_perfmon offers means to mark performance events and\n options for configuring and counting these events.\n (BZ#582913)\n\n - kernel support for OProfile sampling of Intel\n microarchitecture (Nehalem) CPUs. This update alone does\n not address OProfile support for such CPUs. A future\n oprofile package update will allow OProfile to work on\n Intel Nehalem CPUs. (BZ#582241)\n\nThe system must be rebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=563223\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=567205\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=574392\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=577234\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=580089\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=580842\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=582241\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=582908\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=582911\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=582913\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1005&L=scientific-linux-errata&T=0&P=588\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e599594d\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/03/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/05/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"kernel-2.6.9-89.0.25.EL\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"kernel-devel-2.6.9-89.0.25.EL\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"kernel-doc-2.6.9-89.0.25.EL\")) flag++;\nif (rpm_check(release:\"SL4\", cpu:\"i386\", reference:\"kernel-hugemem-2.6.9-89.0.25.EL\")) flag++;\nif (rpm_check(release:\"SL4\", cpu:\"i386\", reference:\"kernel-hugemem-devel-2.6.9-89.0.25.EL\")) flag++;\nif (rpm_check(release:\"SL4\", cpu:\"x86_64\", reference:\"kernel-largesmp-2.6.9-89.0.25.EL\")) flag++;\nif (rpm_check(release:\"SL4\", cpu:\"x86_64\", reference:\"kernel-largesmp-devel-2.6.9-89.0.25.EL\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"kernel-smp-2.6.9-89.0.25.EL\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"kernel-smp-devel-2.6.9-89.0.25.EL\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"kernel-xenU-2.6.9-89.0.25.EL\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"kernel-xenU-devel-2.6.9-89.0.25.EL\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-06T15:23:39", "description": "From Red Hat Security Advisory 2010:0394 :\n\nUpdated kernel packages that fix multiple security issues, several bugs, and add three enhancements are now available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity fixes :\n\n* RHSA-2009:1024 introduced a flaw in the ptrace implementation on Itanium systems. ptrace_check_attach() was not called during certain ptrace() requests. Under certain circumstances, a local, unprivileged user could use this flaw to call ptrace() on a process they do not own, giving them control over that process. (CVE-2010-0729, Important)\n\n* a flaw was found in the kernel's Unidirectional Lightweight Encapsulation (ULE) implementation. A remote attacker could send a specially crafted ISO MPEG-2 Transport Stream (TS) frame to a target system, resulting in a denial of service. (CVE-2010-1086, Important)\n\n* a use-after-free flaw was found in tcp_rcv_state_process() in the kernel's TCP/IP protocol suite implementation. If a system using IPv6 had the IPV6_RECVPKTINFO option set on a listening socket, a remote attacker could send an IPv6 packet to that system, causing a kernel panic. (CVE-2010-1188, Important)\n\n* a divide-by-zero flaw was found in azx_position_ok() in the Intel High Definition Audio driver, snd-hda-intel. A local, unprivileged user could trigger this flaw to cause a denial of service.\n(CVE-2010-1085, Moderate)\n\n* an information leak flaw was found in the kernel's USB implementation. Certain USB errors could result in an uninitialized kernel buffer being sent to user-space. An attacker with physical access to a target system could use this flaw to cause an information leak. (CVE-2010-1083, Low)\n\nRed Hat would like to thank Ang Way Chuang for reporting CVE-2010-1086.\n\nBug fixes :\n\n* a regression prevented the Broadcom BCM5761 network device from working when in the first (top) PCI-E slot of Hewlett-Packard (HP) Z600 systems. Note: The card worked in the 2nd or 3rd PCI-E slot.\n(BZ#567205)\n\n* the Xen hypervisor supports 168 GB of RAM for 32-bit guests. The physical address range was set incorrectly, however, causing 32-bit, para-virtualized Red Hat Enterprise Linux 4.8 guests to crash when launched on AMD64 or Intel 64 hosts that have more than 64 GB of RAM.\n(BZ#574392)\n\n* RHSA-2009:1024 introduced a regression, causing diskdump to fail on systems with certain adapters using the qla2xxx driver. (BZ#577234)\n\n* a race condition caused TX to stop in a guest using the virtio_net driver. (BZ#580089)\n\n* on some systems, using the 'arp_validate=3' bonding option caused both links to show as 'down' even though the arp_target was responding to ARP requests sent by the bonding driver. (BZ#580842)\n\n* in some circumstances, when a Red Hat Enterprise Linux client connected to a re-booted Windows-based NFS server, server-side filehandle-to-inode mapping changes caused a kernel panic.\n'bad_inode_ops' handling was changed to prevent this. Note:\nfilehandle-to-inode mapping changes may still cause errors, but not panics. (BZ#582908)\n\n* when installing a Red Hat Enterprise Linux 4 guest via PXE, hard-coded fixed-size scatterlists could conflict with host requests, causing the guest's kernel to panic. With this update, dynamically allocated scatterlists are used, resolving this issue. (BZ#582911)\n\nEnhancements :\n\n* kernel support for connlimit. Note: iptables errata update RHBA-2010:0395 is also required for connlimit to work correctly.\n(BZ#563223)\n\n* support for the Intel architectural performance monitoring subsystem (arch_perfmon). On supported CPUs, arch_perfmon offers means to mark performance events and options for configuring and counting these events. (BZ#582913)\n\n* kernel support for OProfile sampling of Intel microarchitecture (Nehalem) CPUs. This update alone does not address OProfile support for such CPUs. A future oprofile package update will allow OProfile to work on Intel Nehalem CPUs. (BZ#582241)\n\nUsers should upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements.\nThe system must be rebooted for this update to take effect.", "cvss3": {}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 4 : kernel (ELSA-2010-0394)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0729", "CVE-2010-1083", "CVE-2010-1085", "CVE-2010-1086", "CVE-2010-1188"], "modified": "2021-08-24T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-doc", "p-cpe:/a:oracle:linux:kernel-hugemem", "p-cpe:/a:oracle:linux:kernel-hugemem-devel", "p-cpe:/a:oracle:linux:kernel-largesmp", "p-cpe:/a:oracle:linux:kernel-largesmp-devel", "p-cpe:/a:oracle:linux:kernel-smp", "p-cpe:/a:oracle:linux:kernel-smp-devel", "p-cpe:/a:oracle:linux:kernel-xenu", "p-cpe:/a:oracle:linux:kernel-xenu-devel", "cpe:/o:oracle:linux:4"], "id": "ORACLELINUX_ELSA-2010-0394.NASL", "href": "https://www.tenable.com/plugins/nessus/68036", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2010:0394 and \n# Oracle Linux Security Advisory ELSA-2010-0394 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68036);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/24\");\n\n script_cve_id(\"CVE-2010-0729\", \"CVE-2010-1083\", \"CVE-2010-1085\", \"CVE-2010-1086\", \"CVE-2010-1188\");\n script_bugtraq_id(38348, 38479, 38702, 39016, 39042);\n script_xref(name:\"RHSA\", value:\"2010:0394\");\n\n script_name(english:\"Oracle Linux 4 : kernel (ELSA-2010-0394)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2010:0394 :\n\nUpdated kernel packages that fix multiple security issues, several\nbugs, and add three enhancements are now available for Red Hat\nEnterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity fixes :\n\n* RHSA-2009:1024 introduced a flaw in the ptrace implementation on\nItanium systems. ptrace_check_attach() was not called during certain\nptrace() requests. Under certain circumstances, a local, unprivileged\nuser could use this flaw to call ptrace() on a process they do not\nown, giving them control over that process. (CVE-2010-0729, Important)\n\n* a flaw was found in the kernel's Unidirectional Lightweight\nEncapsulation (ULE) implementation. A remote attacker could send a\nspecially crafted ISO MPEG-2 Transport Stream (TS) frame to a target\nsystem, resulting in a denial of service. (CVE-2010-1086, Important)\n\n* a use-after-free flaw was found in tcp_rcv_state_process() in the\nkernel's TCP/IP protocol suite implementation. If a system using IPv6\nhad the IPV6_RECVPKTINFO option set on a listening socket, a remote\nattacker could send an IPv6 packet to that system, causing a kernel\npanic. (CVE-2010-1188, Important)\n\n* a divide-by-zero flaw was found in azx_position_ok() in the Intel\nHigh Definition Audio driver, snd-hda-intel. A local, unprivileged\nuser could trigger this flaw to cause a denial of service.\n(CVE-2010-1085, Moderate)\n\n* an information leak flaw was found in the kernel's USB\nimplementation. Certain USB errors could result in an uninitialized\nkernel buffer being sent to user-space. An attacker with physical\naccess to a target system could use this flaw to cause an information\nleak. (CVE-2010-1083, Low)\n\nRed Hat would like to thank Ang Way Chuang for reporting\nCVE-2010-1086.\n\nBug fixes :\n\n* a regression prevented the Broadcom BCM5761 network device from\nworking when in the first (top) PCI-E slot of Hewlett-Packard (HP)\nZ600 systems. Note: The card worked in the 2nd or 3rd PCI-E slot.\n(BZ#567205)\n\n* the Xen hypervisor supports 168 GB of RAM for 32-bit guests. The\nphysical address range was set incorrectly, however, causing 32-bit,\npara-virtualized Red Hat Enterprise Linux 4.8 guests to crash when\nlaunched on AMD64 or Intel 64 hosts that have more than 64 GB of RAM.\n(BZ#574392)\n\n* RHSA-2009:1024 introduced a regression, causing diskdump to fail on\nsystems with certain adapters using the qla2xxx driver. (BZ#577234)\n\n* a race condition caused TX to stop in a guest using the virtio_net\ndriver. (BZ#580089)\n\n* on some systems, using the 'arp_validate=3' bonding option caused\nboth links to show as 'down' even though the arp_target was responding\nto ARP requests sent by the bonding driver. (BZ#580842)\n\n* in some circumstances, when a Red Hat Enterprise Linux client\nconnected to a re-booted Windows-based NFS server, server-side\nfilehandle-to-inode mapping changes caused a kernel panic.\n'bad_inode_ops' handling was changed to prevent this. Note:\nfilehandle-to-inode mapping changes may still cause errors, but not\npanics. (BZ#582908)\n\n* when installing a Red Hat Enterprise Linux 4 guest via PXE,\nhard-coded fixed-size scatterlists could conflict with host requests,\ncausing the guest's kernel to panic. With this update, dynamically\nallocated scatterlists are used, resolving this issue. (BZ#582911)\n\nEnhancements :\n\n* kernel support for connlimit. Note: iptables errata update\nRHBA-2010:0395 is also required for connlimit to work correctly.\n(BZ#563223)\n\n* support for the Intel architectural performance monitoring subsystem\n(arch_perfmon). On supported CPUs, arch_perfmon offers means to mark\nperformance events and options for configuring and counting these\nevents. (BZ#582913)\n\n* kernel support for OProfile sampling of Intel microarchitecture\n(Nehalem) CPUs. This update alone does not address OProfile support\nfor such CPUs. A future oprofile package update will allow OProfile to\nwork on Intel Nehalem CPUs. (BZ#582241)\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues and add these enhancements.\nThe system must be rebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2010-May/001452.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-hugemem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-hugemem-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-largesmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-largesmp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-smp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-xenU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-xenU-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/03/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/05/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n cve_list = make_list(\"CVE-2010-0729\", \"CVE-2010-1083\", \"CVE-2010-1085\", \"CVE-2010-1086\", \"CVE-2010-1188\"); \n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for ELSA-2010-0394\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item(\"Host/uname/major_minor\");\nif (empty_or_null(kernel_major_minor)) exit(1, \"Unable to determine kernel major-minor level.\");\nexpected_kernel_major_minor = \"2.6\";\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, \"running kernel level \" + expected_kernel_major_minor + \", it is running kernel level \" + kernel_major_minor);\n\nflag = 0;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-2.6.9\") && rpm_check(release:\"EL4\", reference:\"kernel-2.6.9-89.0.25.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-devel-2.6.9\") && rpm_check(release:\"EL4\", reference:\"kernel-devel-2.6.9-89.0.25.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-doc-2.6.9\") && rpm_check(release:\"EL4\", reference:\"kernel-doc-2.6.9-89.0.25.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-hugemem-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"kernel-hugemem-2.6.9-89.0.25.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-hugemem-devel-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"kernel-hugemem-devel-2.6.9-89.0.25.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-largesmp-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"ia64\", reference:\"kernel-largesmp-2.6.9-89.0.25.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-largesmp-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"kernel-largesmp-2.6.9-89.0.25.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-largesmp-devel-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"ia64\", reference:\"kernel-largesmp-devel-2.6.9-89.0.25.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-largesmp-devel-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"kernel-largesmp-devel-2.6.9-89.0.25.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-smp-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"kernel-smp-2.6.9-89.0.25.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-smp-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"kernel-smp-2.6.9-89.0.25.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-smp-devel-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"kernel-smp-devel-2.6.9-89.0.25.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-smp-devel-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"kernel-smp-devel-2.6.9-89.0.25.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-xenU-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"kernel-xenU-2.6.9-89.0.25.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-xenU-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"kernel-xenU-2.6.9-89.0.25.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-xenU-devel-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"kernel-xenU-devel-2.6.9-89.0.25.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-xenU-devel-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"kernel-xenU-devel-2.6.9-89.0.25.0.1.EL\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T14:43:24", "description": "This SUSE Linux Enterprise 10 SP3 kernel update (for x86_64 only) fixes a severe regression introduced by the previous bugfix that would make some machines not boot due to iommu / AGP memory issues.\n\nThe update also fixes several other bugs and the following security issue :\n\n - drivers/net/r8169.c in the r8169 driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to (1) cause a denial of service (temporary network outage) via a packet with a crafted size, in conjunction with certain packets containing A characters and certain packets containing E characters;\n or (2) cause a denial of service (system crash) via a packet with a crafted size, in conjunction with certain packets containing '0' characters, related to the value of the status register and erroneous behavior associated with the RxMaxSize register. (CVE-2009-4537)", "cvss3": {}, "published": "2012-05-17T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : kernel-debug (ZYPP Patch Number 6986)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-4537"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_KERNEL-6986.NASL", "href": "https://www.tenable.com/plugins/nessus/59147", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59147);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-4537\");\n\n script_name(english:\"SuSE 10 Security Update : kernel-debug (ZYPP Patch Number 6986)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This SUSE Linux Enterprise 10 SP3 kernel update (for x86_64 only)\nfixes a severe regression introduced by the previous bugfix that would\nmake some machines not boot due to iommu / AGP memory issues.\n\nThe update also fixes several other bugs and the following security\nissue :\n\n - drivers/net/r8169.c in the r8169 driver in the Linux\n kernel 2.6.32.3 and earlier does not properly check the\n size of an Ethernet frame that exceeds the MTU, which\n allows remote attackers to (1) cause a denial of service\n (temporary network outage) via a packet with a crafted\n size, in conjunction with certain packets containing A\n characters and certain packets containing E characters;\n or (2) cause a denial of service (system crash) via a\n packet with a crafted size, in conjunction with certain\n packets containing '0' characters, related to the value\n of the status register and erroneous behavior associated\n with the RxMaxSize register. (CVE-2009-4537)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-4537.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 6986.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/05/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"x86_64\", reference:\"kernel-default-2.6.16.60-0.62.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"x86_64\", reference:\"kernel-smp-2.6.16.60-0.62.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"x86_64\", reference:\"kernel-source-2.6.16.60-0.62.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"x86_64\", reference:\"kernel-syms-2.6.16.60-0.62.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"x86_64\", reference:\"kernel-xen-2.6.16.60-0.62.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"kernel-debug-2.6.16.60-0.62.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"kernel-default-2.6.16.60-0.62.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"kernel-kdump-2.6.16.60-0.62.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"kernel-smp-2.6.16.60-0.62.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"kernel-source-2.6.16.60-0.62.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"kernel-syms-2.6.16.60-0.62.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"kernel-xen-2.6.16.60-0.62.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-06T15:15:15", "description": "Updated kernel packages that fix one security issue and add one enhancement are now available for Red Hat Enterprise Linux 4.7 Extended Update Support.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThis update fixes the following security issue :\n\n* a use-after-free flaw was found in the tcp_rcv_state_process() function in the Linux kernel TCP/IP protocol suite implementation. If a system using IPv6 had the IPV6_RECVPKTINFO option set on a listening socket, a remote attacker could send an IPv6 packet to that system, causing a kernel panic (denial of service). (CVE-2010-1188, Important)\n\nThis update also adds the following enhancement :\n\n* kernel support for the iptables connlimit module. This module can be used to help mitigate some types of denial of service attacks. Note:\nThis update alone does not address connlimit support. A future iptables package update will allow connlimit to work correctly.\n(BZ#563222)\n\nUsers should upgrade to these updated packages, which contain backported patches to correct this issue and add this enhancement. The system must be rebooted for this update to take effect.", "cvss3": {}, "published": "2013-01-24T00:00:00", "type": "nessus", "title": "RHEL 4 : kernel (RHSA-2010:0424)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-1188"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-hugemem", "p-cpe:/a:redhat:enterprise_linux:kernel-hugemem-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-largesmp", "p-cpe:/a:redhat:enterprise_linux:kernel-largesmp-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-smp", "p-cpe:/a:redhat:enterprise_linux:kernel-smp-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-xenu", "p-cpe:/a:redhat:enterprise_linux:kernel-xenu-devel", "cpe:/o:redhat:enterprise_linux:4.7"], "id": "REDHAT-RHSA-2010-0424.NASL", "href": "https://www.tenable.com/plugins/nessus/63933", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0424. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63933);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-1188\");\n script_bugtraq_id(39016);\n script_xref(name:\"RHSA\", value:\"2010:0424\");\n\n script_name(english:\"RHEL 4 : kernel (RHSA-2010:0424)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix one security issue and add one\nenhancement are now available for Red Hat Enterprise Linux 4.7\nExtended Update Support.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issue :\n\n* a use-after-free flaw was found in the tcp_rcv_state_process()\nfunction in the Linux kernel TCP/IP protocol suite implementation. If\na system using IPv6 had the IPV6_RECVPKTINFO option set on a listening\nsocket, a remote attacker could send an IPv6 packet to that system,\ncausing a kernel panic (denial of service). (CVE-2010-1188, Important)\n\nThis update also adds the following enhancement :\n\n* kernel support for the iptables connlimit module. This module can be\nused to help mitigate some types of denial of service attacks. Note:\nThis update alone does not address connlimit support. A future\niptables package update will allow connlimit to work correctly.\n(BZ#563222)\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct this issue and add this enhancement. The\nsystem must be rebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-1188.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2010-0424.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-hugemem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-hugemem-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-largesmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-largesmp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-smp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xenU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xenU-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"RHEL4\", sp:\"7\", reference:\"kernel-2.6.9-78.0.31.EL\")) flag++;\nif (rpm_check(release:\"RHEL4\", sp:\"7\", reference:\"kernel-devel-2.6.9-78.0.31.EL\")) flag++;\nif (rpm_check(release:\"RHEL4\", sp:\"7\", reference:\"kernel-doc-2.6.9-78.0.31.EL\")) flag++;\nif (rpm_check(release:\"RHEL4\", sp:\"7\", cpu:\"i686\", reference:\"kernel-hugemem-2.6.9-78.0.31.EL\")) flag++;\nif (rpm_check(release:\"RHEL4\", sp:\"7\", cpu:\"i686\", reference:\"kernel-hugemem-devel-2.6.9-78.0.31.EL\")) flag++;\nif (rpm_check(release:\"RHEL4\", sp:\"7\", cpu:\"x86_64\", reference:\"kernel-largesmp-2.6.9-78.0.31.EL\")) flag++;\nif (rpm_check(release:\"RHEL4\", sp:\"7\", cpu:\"x86_64\", reference:\"kernel-largesmp-devel-2.6.9-78.0.31.EL\")) flag++;\nif (rpm_check(release:\"RHEL4\", sp:\"7\", cpu:\"i686\", reference:\"kernel-smp-2.6.9-78.0.31.EL\")) flag++;\nif (rpm_check(release:\"RHEL4\", sp:\"7\", cpu:\"x86_64\", reference:\"kernel-smp-2.6.9-78.0.31.EL\")) flag++;\nif (rpm_check(release:\"RHEL4\", sp:\"7\", cpu:\"i686\", reference:\"kernel-smp-devel-2.6.9-78.0.31.EL\")) flag++;\nif (rpm_check(release:\"RHEL4\", sp:\"7\", cpu:\"x86_64\", reference:\"kernel-smp-devel-2.6.9-78.0.31.EL\")) flag++;\nif (rpm_check(release:\"RHEL4\", sp:\"7\", cpu:\"i686\", reference:\"kernel-xenU-2.6.9-78.0.31.EL\")) flag++;\nif (rpm_check(release:\"RHEL4\", sp:\"7\", cpu:\"x86_64\", reference:\"kernel-xenU-2.6.9-78.0.31.EL\")) flag++;\nif (rpm_check(release:\"RHEL4\", sp:\"7\", cpu:\"i686\", reference:\"kernel-xenU-devel-2.6.9-78.0.31.EL\")) flag++;\nif (rpm_check(release:\"RHEL4\", sp:\"7\", cpu:\"x86_64\", reference:\"kernel-xenU-devel-2.6.9-78.0.31.EL\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-06T15:15:56", "description": "Updated kernel packages that fix one security issue and two bugs are now available for Red Hat Enterprise Linux 5.3 Extended Update Support.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThis update fixes the following security issue :\n\n* a use-after-free flaw was found in the tcp_rcv_state_process() function in the Linux kernel TCP/IP protocol suite implementation. If a system using IPv6 had the IPV6_RECVPKTINFO option set on a listening socket, a remote attacker could send an IPv6 packet to that system, causing a kernel panic (denial of service). (CVE-2010-1188, Important)\n\nThis update also fixes the following bugs :\n\n* a memory leak occurred when reading files on an NFS file system that was mounted with the 'noac' option, causing memory to slowly be consumed. Unmounting the file system did not free the memory. With this update, the memory is correctly freed, which resolves this issue.\n(BZ#588221)\n\n* the RHSA-2009:0225 update fixed a bug where, in some cases, on systems with the kdump service enabled, pressing Alt+SysRq+C to trigger a crash resulted in a system hang; therefore, the system did not restart and boot the dump-capture kernel as expected; no vmcore file was logged; and the following message was displayed on the console :\n\nBUG: warning at arch/[arch]/kernel/crash.c:[xxx]/nmi_shootdown_cpus() (Not tainted)\n\nThe RHSA-2009:0225 update resolved this issue by not calling printk() during a crash. It was later discovered that this fix did not resolve the issue in all cases, since there was one condition where printk() was still being called: at a warning condition inside the mdelay() call.\n\nThis update replaces mdelay() calls with udelay(), where such a warning condition does not exist, which fully resolves this issue, allowing Alt+SysRq+C to work as expected. (BZ#588211)\n\nUsers should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.", "cvss3": {}, "published": "2013-01-24T00:00:00", "type": "nessus", "title": "RHEL 5 : kernel (RHSA-2010:0439)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-1188"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-pae", "p-cpe:/a:redhat:enterprise_linux:kernel-pae-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-xen", "p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel", "cpe:/o:redhat:enterprise_linux:5.3"], "id": "REDHAT-RHSA-2010-0439.NASL", "href": "https://www.tenable.com/plugins/nessus/63934", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0439. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63934);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-1188\");\n script_bugtraq_id(39016);\n script_xref(name:\"RHSA\", value:\"2010:0439\");\n\n script_name(english:\"RHEL 5 : kernel (RHSA-2010:0439)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix one security issue and two bugs are\nnow available for Red Hat Enterprise Linux 5.3 Extended Update\nSupport.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issue :\n\n* a use-after-free flaw was found in the tcp_rcv_state_process()\nfunction in the Linux kernel TCP/IP protocol suite implementation. If\na system using IPv6 had the IPV6_RECVPKTINFO option set on a listening\nsocket, a remote attacker could send an IPv6 packet to that system,\ncausing a kernel panic (denial of service). (CVE-2010-1188, Important)\n\nThis update also fixes the following bugs :\n\n* a memory leak occurred when reading files on an NFS file system that\nwas mounted with the 'noac' option, causing memory to slowly be\nconsumed. Unmounting the file system did not free the memory. With\nthis update, the memory is correctly freed, which resolves this issue.\n(BZ#588221)\n\n* the RHSA-2009:0225 update fixed a bug where, in some cases, on\nsystems with the kdump service enabled, pressing Alt+SysRq+C to\ntrigger a crash resulted in a system hang; therefore, the system did\nnot restart and boot the dump-capture kernel as expected; no vmcore\nfile was logged; and the following message was displayed on the\nconsole :\n\nBUG: warning at arch/[arch]/kernel/crash.c:[xxx]/nmi_shootdown_cpus()\n(Not tainted)\n\nThe RHSA-2009:0225 update resolved this issue by not calling printk()\nduring a crash. It was later discovered that this fix did not resolve\nthe issue in all cases, since there was one condition where printk()\nwas still being called: at a warning condition inside the mdelay()\ncall.\n\nThis update replaces mdelay() calls with udelay(), where such a\nwarning condition does not exist, which fully resolves this issue,\nallowing Alt+SysRq+C to work as expected. (BZ#588211)\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues. The system must be\nrebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-1188.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2010-0439.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-PAE-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/05/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"i686\", reference:\"kernel-2.6.18-128.17.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-2.6.18-128.17.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-2.6.18-128.17.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"i686\", reference:\"kernel-PAE-2.6.18-128.17.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"i686\", reference:\"kernel-PAE-devel-2.6.18-128.17.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"i686\", reference:\"kernel-debug-2.6.18-128.17.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-debug-2.6.18-128.17.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.18-128.17.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"i686\", reference:\"kernel-debug-devel-2.6.18-128.17.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-debug-devel-2.6.18-128.17.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.18-128.17.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"i686\", reference:\"kernel-devel-2.6.18-128.17.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-devel-2.6.18-128.17.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.18-128.17.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", reference:\"kernel-doc-2.6.18-128.17.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"i386\", reference:\"kernel-headers-2.6.18-128.17.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-headers-2.6.18-128.17.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.18-128.17.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-kdump-2.6.18-128.17.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-kdump-devel-2.6.18-128.17.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"i686\", reference:\"kernel-xen-2.6.18-128.17.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-xen-2.6.18-128.17.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"i686\", reference:\"kernel-xen-devel-2.6.18-128.17.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-xen-devel-2.6.18-128.17.1.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-06T16:19:42", "description": "CVE-2009-3889 CVE-2009-3939 kernel: megaraid_sas permissions in sysfs\n\nCVE-2009-3080 kernel: gdth: Prevent negative offsets in ioctl\n\nCVE-2009-4005 kernel: isdn: hfc_usb: fix read buffer overflow\n\nCVE-2009-4020 kernel: hfs buffer overflow\n\nThis update fixes the following security issues :\n\n - an array index error was found in the gdth driver in the Linux kernel. A local user could send a specially crafted IOCTL request that would cause a denial of service or, possibly, privilege escalation.\n (CVE-2009-3080, Important)\n\n - a flaw was found in the collect_rx_frame() function in the HiSax ISDN driver (hfc_usb) in the Linux kernel. An attacker could use this flaw to send a specially crafted HDLC packet that could trigger a buffer out of bounds, possibly resulting in a denial of service.\n (CVE-2009-4005, Important)\n\n - permission issues were found in the megaraid_sas driver (for SAS based RAID controllers) in the Linux kernel.\n The 'dbg_lvl' and 'poll_mode_io' files on the sysfs file system ('/sys/') had world-writable permissions. This could allow local, unprivileged users to change the behavior of the driver. (CVE-2009-3889, CVE-2009-3939, Moderate)\n\n - a buffer overflow flaw was found in the hfs_bnode_read() function in the HFS file system implementation in the Linux kernel. This could lead to a denial of service if a user browsed a specially crafted HFS file system, for example, by running 'ls'. (CVE-2009-4020, Low)\n\nThis update also fixes the following bugs :\n\n - if a process was using ptrace() to trace a multi-threaded process, and that multi-threaded process dumped its core, the process performing the trace could hang in wait4(). This issue could be triggered by running 'strace -f' on a multi-threaded process that was dumping its core, resulting in the strace command hanging. (BZ#555869)\n\n - a bug in the ptrace() implementation could have, in some cases, caused ptrace_detach() to create a zombie process if the process being traced was terminated with a SIGKILL signal. (BZ#555869)\n\n - the kernel-2.6.9-89.0.19.EL update resolved an issue (CVE-2009-4537) in the Realtek r8169 Ethernet driver.\n This update implements a better solution for that issue.\n Note: This is not a security regression. The original fix was complete. This update is adding the official upstream fix. (BZ#556406)\n\nThe system must be rebooted for this update to take effect.", "cvss3": {}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : kernel on SL4.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3080", "CVE-2009-3889", "CVE-2009-3939", "CVE-2009-4005", "CVE-2009-4020", "CVE-2009-4537"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20100202_KERNEL_ON_SL4_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60728", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60728);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-3080\", \"CVE-2009-3889\", \"CVE-2009-3939\", \"CVE-2009-4005\", \"CVE-2009-4020\", \"CVE-2009-4537\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL4.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2009-3889 CVE-2009-3939 kernel: megaraid_sas permissions in sysfs\n\nCVE-2009-3080 kernel: gdth: Prevent negative offsets in ioctl\n\nCVE-2009-4005 kernel: isdn: hfc_usb: fix read buffer overflow\n\nCVE-2009-4020 kernel: hfs buffer overflow\n\nThis update fixes the following security issues :\n\n - an array index error was found in the gdth driver in the\n Linux kernel. A local user could send a specially\n crafted IOCTL request that would cause a denial of\n service or, possibly, privilege escalation.\n (CVE-2009-3080, Important)\n\n - a flaw was found in the collect_rx_frame() function in\n the HiSax ISDN driver (hfc_usb) in the Linux kernel. An\n attacker could use this flaw to send a specially crafted\n HDLC packet that could trigger a buffer out of bounds,\n possibly resulting in a denial of service.\n (CVE-2009-4005, Important)\n\n - permission issues were found in the megaraid_sas driver\n (for SAS based RAID controllers) in the Linux kernel.\n The 'dbg_lvl' and 'poll_mode_io' files on the sysfs file\n system ('/sys/') had world-writable permissions. This\n could allow local, unprivileged users to change the\n behavior of the driver. (CVE-2009-3889, CVE-2009-3939,\n Moderate)\n\n - a buffer overflow flaw was found in the hfs_bnode_read()\n function in the HFS file system implementation in the\n Linux kernel. This could lead to a denial of service if\n a user browsed a specially crafted HFS file system, for\n example, by running 'ls'. (CVE-2009-4020, Low)\n\nThis update also fixes the following bugs :\n\n - if a process was using ptrace() to trace a\n multi-threaded process, and that multi-threaded process\n dumped its core, the process performing the trace could\n hang in wait4(). This issue could be triggered by\n running 'strace -f' on a multi-threaded process that was\n dumping its core, resulting in the strace command\n hanging. (BZ#555869)\n\n - a bug in the ptrace() implementation could have, in some\n cases, caused ptrace_detach() to create a zombie process\n if the process being traced was terminated with a\n SIGKILL signal. (BZ#555869)\n\n - the kernel-2.6.9-89.0.19.EL update resolved an issue\n (CVE-2009-4537) in the Realtek r8169 Ethernet driver.\n This update implements a better solution for that issue.\n Note: This is not a security regression. The original\n fix was complete. This update is adding the official\n upstream fix. (BZ#556406)\n\nThe system must be rebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=555869\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=556406\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1002&L=scientific-linux-errata&T=0&P=79\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?256ab77b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_cwe_id(20, 119, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", cpu:\"i386\", reference:\"ernel-smp-2.6.9-89.0.20.EL\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"kernel-2.6.9-89.0.20.EL\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"kernel-devel-2.6.9-89.0.20.EL\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"kernel-doc-2.6.9-89.0.20.EL\")) flag++;\nif (rpm_check(release:\"SL4\", cpu:\"i386\", reference:\"kernel-hugemem-2.6.9-89.0.20.EL\")) flag++;\nif (rpm_check(release:\"SL4\", cpu:\"i386\", reference:\"kernel-hugemem-devel-2.6.9-89.0.20.EL\")) flag++;\nif (rpm_check(release:\"SL4\", cpu:\"x86_64\", reference:\"kernel-largesmp-2.6.9-89.0.20.EL\")) flag++;\nif (rpm_check(release:\"SL4\", cpu:\"x86_64\", reference:\"kernel-largesmp-devel-2.6.9-89.0.20.EL\")) flag++;\nif (rpm_check(release:\"SL4\", cpu:\"x86_64\", reference:\"kernel-smp-2.6.9-89.0.20.EL\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"kernel-smp-devel-2.6.9-89.0.20.EL\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"kernel-xenU-2.6.9-89.0.20.EL\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"kernel-xenU-devel-2.6.9-89.0.20.EL\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-06T15:34:27", "description": "Updated kernel packages that fix multiple security issues and three bugs are now available for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThis update fixes the following security issues :\n\n* an array index error was found in the gdth driver in the Linux kernel. A local user could send a specially crafted IOCTL request that would cause a denial of service or, possibly, privilege escalation.\n(CVE-2009-3080, Important)\n\n* a flaw was found in the collect_rx_frame() function in the HiSax ISDN driver (hfc_usb) in the Linux kernel. An attacker could use this flaw to send a specially crafted HDLC packet that could trigger a buffer out of bounds, possibly resulting in a denial of service.\n(CVE-2009-4005, Important)\n\n* permission issues were found in the megaraid_sas driver (for SAS based RAID controllers) in the Linux kernel. The 'dbg_lvl' and 'poll_mode_io' files on the sysfs file system ('/sys/') had world-writable permissions. This could allow local, unprivileged users to change the behavior of the driver. (CVE-2009-3889, CVE-2009-3939, Moderate)\n\n* a buffer overflow flaw was found in the hfs_bnode_read() function in the HFS file system implementation in the Linux kernel. This could lead to a denial of service if a user browsed a specially crafted HFS file system, for example, by running 'ls'. (CVE-2009-4020, Low)\n\nThis update also fixes the following bugs :\n\n* if a process was using ptrace() to trace a multi-threaded process, and that multi-threaded process dumped its core, the process performing the trace could hang in wait4(). This issue could be triggered by running 'strace -f' on a multi-threaded process that was dumping its core, resulting in the strace command hanging. (BZ#555869)\n\n* a bug in the ptrace() implementation could have, in some cases, caused ptrace_detach() to create a zombie process if the process being traced was terminated with a SIGKILL signal. (BZ#555869)\n\n* the RHSA-2010:0020 update resolved an issue (CVE-2009-4537) in the Realtek r8169 Ethernet driver. This update implements a better solution for that issue. Note: This is not a security regression. The original fix was complete. This update is adding the official upstream fix. (BZ#556406)\n\nUsers should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.", "cvss3": {}, "published": "2010-02-03T00:00:00", "type": "nessus", "title": "RHEL 4 : kernel (RHSA-2010:0076)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3080", "CVE-2009-3889", "CVE-2009-3939", "CVE-2009-4005", "CVE-2009-4020", "CVE-2009-4537"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-hugemem", "p-cpe:/a:redhat:enterprise_linux:kernel-hugemem-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-largesmp", "p-cpe:/a:redhat:enterprise_linux:kernel-largesmp-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-smp", "p-cpe:/a:redhat:enterprise_linux:kernel-smp-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-xenu", "p-cpe:/a:redhat:enterprise_linux:kernel-xenu-devel", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:4.8"], "id": "REDHAT-RHSA-2010-0076.NASL", "href": "https://www.tenable.com/plugins/nessus/44386", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0076. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(44386);\n script_version(\"1.37\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-3080\", \"CVE-2009-3889\", \"CVE-2009-3939\", \"CVE-2009-4005\", \"CVE-2009-4020\");\n script_bugtraq_id(37019, 37036, 37068);\n script_xref(name:\"RHSA\", value:\"2010:0076\");\n\n script_name(english:\"RHEL 4 : kernel (RHSA-2010:0076)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix multiple security issues and three\nbugs are now available for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n* an array index error was found in the gdth driver in the Linux\nkernel. A local user could send a specially crafted IOCTL request that\nwould cause a denial of service or, possibly, privilege escalation.\n(CVE-2009-3080, Important)\n\n* a flaw was found in the collect_rx_frame() function in the HiSax\nISDN driver (hfc_usb) in the Linux kernel. An attacker could use this\nflaw to send a specially crafted HDLC packet that could trigger a\nbuffer out of bounds, possibly resulting in a denial of service.\n(CVE-2009-4005, Important)\n\n* permission issues were found in the megaraid_sas driver (for SAS\nbased RAID controllers) in the Linux kernel. The 'dbg_lvl' and\n'poll_mode_io' files on the sysfs file system ('/sys/') had\nworld-writable permissions. This could allow local, unprivileged users\nto change the behavior of the driver. (CVE-2009-3889, CVE-2009-3939,\nModerate)\n\n* a buffer overflow flaw was found in the hfs_bnode_read() function in\nthe HFS file system implementation in the Linux kernel. This could\nlead to a denial of service if a user browsed a specially crafted HFS\nfile system, for example, by running 'ls'. (CVE-2009-4020, Low)\n\nThis update also fixes the following bugs :\n\n* if a process was using ptrace() to trace a multi-threaded process,\nand that multi-threaded process dumped its core, the process\nperforming the trace could hang in wait4(). This issue could be\ntriggered by running 'strace -f' on a multi-threaded process that was\ndumping its core, resulting in the strace command hanging. (BZ#555869)\n\n* a bug in the ptrace() implementation could have, in some cases,\ncaused ptrace_detach() to create a zombie process if the process being\ntraced was terminated with a SIGKILL signal. (BZ#555869)\n\n* the RHSA-2010:0020 update resolved an issue (CVE-2009-4537) in the\nRealtek r8169 Ethernet driver. This update implements a better\nsolution for that issue. Note: This is not a security regression. The\noriginal fix was complete. This update is adding the official upstream\nfix. (BZ#556406)\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues. The system must be\nrebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3080\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3889\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3939\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-4005\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-4020\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2010:0076\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-hugemem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-hugemem-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-largesmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-largesmp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-smp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xenU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xenU-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.8\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/11/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/02/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2009-3080\", \"CVE-2009-3889\", \"CVE-2009-3939\", \"CVE-2009-4005\", \"CVE-2009-4020\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2010:0076\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2010:0076\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"kernel-2.6.9-89.0.20.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"kernel-devel-2.6.9-89.0.20.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"kernel-doc-2.6.9-89.0.20.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i686\", reference:\"kernel-hugemem-2.6.9-89.0.20.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i686\", reference:\"kernel-hugemem-devel-2.6.9-89.0.20.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"kernel-largesmp-2.6.9-89.0.20.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"kernel-largesmp-devel-2.6.9-89.0.20.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i686\", reference:\"kernel-smp-2.6.9-89.0.20.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"kernel-smp-2.6.9-89.0.20.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i686\", reference:\"kernel-smp-devel-2.6.9-89.0.20.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"kernel-smp-devel-2.6.9-89.0.20.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i686\", reference:\"kernel-xenU-2.6.9-89.0.20.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"kernel-xenU-2.6.9-89.0.20.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i686\", reference:\"kernel-xenU-devel-2.6.9-89.0.20.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"kernel-xenU-devel-2.6.9-89.0.20.EL\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-devel / kernel-doc / kernel-hugemem / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-06T15:22:30", "description": "From Red Hat Security Advisory 2010:0076 :\n\nUpdated kernel packages that fix multiple security issues and three bugs are now available for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThis update fixes the following security issues :\n\n* an array index error was found in the gdth driver in the Linux kernel. A local user could send a specially crafted IOCTL request that would cause a denial of service or, possibly, privilege escalation.\n(CVE-2009-3080, Important)\n\n* a flaw was found in the collect_rx_frame() function in the HiSax ISDN driver (hfc_usb) in the Linux kernel. An attacker could use this flaw to send a specially crafted HDLC packet that could trigger a buffer out of bounds, possibly resulting in a denial of service.\n(CVE-2009-4005, Important)\n\n* permission issues were found in the megaraid_sas driver (for SAS based RAID controllers) in the Linux kernel. The 'dbg_lvl' and 'poll_mode_io' files on the sysfs file system ('/sys/') had world-writable permissions. This could allow local, unprivileged users to change the behavior of the driver. (CVE-2009-3889, CVE-2009-3939, Moderate)\n\n* a buffer overflow flaw was found in the hfs_bnode_read() function in the HFS file system implementation in the Linux kernel. This could lead to a denial of service if a user browsed a specially crafted HFS file system, for example, by running 'ls'. (CVE-2009-4020, Low)\n\nThis update also fixes the following bugs :\n\n* if a process was using ptrace() to trace a multi-threaded process, and that multi-threaded process dumped its core, the process performing the trace could hang in wait4(). This issue could be triggered by running 'strace -f' on a multi-threaded process that was dumping its core, resulting in the strace command hanging. (BZ#555869)\n\n* a bug in the ptrace() implementation could have, in some cases, caused ptrace_detach() to create a zombie process if the process being traced was terminated with a SIGKILL signal. (BZ#555869)\n\n* the RHSA-2010:0020 update resolved an issue (CVE-2009-4537) in the Realtek r8169 Ethernet driver. This update implements a better solution for that issue. Note: This is not a security regression. The original fix was complete. This update is adding the official upstream fix. (BZ#556406)\n\nUsers should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.", "cvss3": {}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 4 : kernel (ELSA-2010-0076)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3080", "CVE-2009-3889", "CVE-2009-3939", "CVE-2009-4005", "CVE-2009-4020", "CVE-2009-4537"], "modified": "2021-08-24T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-doc", "p-cpe:/a:oracle:linux:kernel-hugemem", "p-cpe:/a:oracle:linux:kernel-hugemem-devel", "p-cpe:/a:oracle:linux:kernel-largesmp", "p-cpe:/a:oracle:linux:kernel-largesmp-devel", "p-cpe:/a:oracle:linux:kernel-smp", "p-cpe:/a:oracle:linux:kernel-smp-devel", "p-cpe:/a:oracle:linux:kernel-xenu", "p-cpe:/a:oracle:linux:kernel-xenu-devel", "cpe:/o:oracle:linux:4"], "id": "ORACLELINUX_ELSA-2010-0076.NASL", "href": "https://www.tenable.com/plugins/nessus/67992", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2010:0076 and \n# Oracle Linux Security Advisory ELSA-2010-0076 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67992);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/24\");\n\n script_cve_id(\"CVE-2009-3080\", \"CVE-2009-3889\", \"CVE-2009-3939\", \"CVE-2009-4005\", \"CVE-2009-4020\");\n script_bugtraq_id(37019, 37036, 37068);\n script_xref(name:\"RHSA\", value:\"2010:0076\");\n\n script_name(english:\"Oracle Linux 4 : kernel (ELSA-2010-0076)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2010:0076 :\n\nUpdated kernel packages that fix multiple security issues and three\nbugs are now available for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n* an array index error was found in the gdth driver in the Linux\nkernel. A local user could send a specially crafted IOCTL request that\nwould cause a denial of service or, possibly, privilege escalation.\n(CVE-2009-3080, Important)\n\n* a flaw was found in the collect_rx_frame() function in the HiSax\nISDN driver (hfc_usb) in the Linux kernel. An attacker could use this\nflaw to send a specially crafted HDLC packet that could trigger a\nbuffer out of bounds, possibly resulting in a denial of service.\n(CVE-2009-4005, Important)\n\n* permission issues were found in the megaraid_sas driver (for SAS\nbased RAID controllers) in the Linux kernel. The 'dbg_lvl' and\n'poll_mode_io' files on the sysfs file system ('/sys/') had\nworld-writable permissions. This could allow local, unprivileged users\nto change the behavior of the driver. (CVE-2009-3889, CVE-2009-3939,\nModerate)\n\n* a buffer overflow flaw was found in the hfs_bnode_read() function in\nthe HFS file system implementation in the Linux kernel. This could\nlead to a denial of service if a user browsed a specially crafted HFS\nfile system, for example, by running 'ls'. (CVE-2009-4020, Low)\n\nThis update also fixes the following bugs :\n\n* if a process was using ptrace() to trace a multi-threaded process,\nand that multi-threaded process dumped its core, the process\nperforming the trace could hang in wait4(). This issue could be\ntriggered by running 'strace -f' on a multi-threaded process that was\ndumping its core, resulting in the strace command hanging. (BZ#555869)\n\n* a bug in the ptrace() implementation could have, in some cases,\ncaused ptrace_detach() to create a zombie process if the process being\ntraced was terminated with a SIGKILL signal. (BZ#555869)\n\n* the RHSA-2010:0020 update resolved an issue (CVE-2009-4537) in the\nRealtek r8169 Ethernet driver. This update implements a better\nsolution for that issue. Note: This is not a security regression. The\noriginal fix was complete. This update is adding the official upstream\nfix. (BZ#556406)\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues. The system must be\nrebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2010-February/001347.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-hugemem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-hugemem-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-largesmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-largesmp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-smp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-xenU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-xenU-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/11/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n cve_list = make_list(\"CVE-2009-3080\", \"CVE-2009-3889\", \"CVE-2009-3939\", \"CVE-2009-4005\", \"CVE-2009-4020\"); \n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for ELSA-2010-0076\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item(\"Host/uname/major_minor\");\nif (empty_or_null(kernel_major_minor)) exit(1, \"Unable to determine kernel major-minor level.\");\nexpected_kernel_major_minor = \"2.6\";\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, \"running kernel level \" + expected_kernel_major_minor + \", it is running kernel level \" + kernel_major_minor);\n\nflag = 0;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-2.6.9\") && rpm_check(release:\"EL4\", reference:\"kernel-2.6.9-89.0.20.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-devel-2.6.9\") && rpm_check(release:\"EL4\", reference:\"kernel-devel-2.6.9-89.0.20.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-doc-2.6.9\") && rpm_check(release:\"EL4\", reference:\"kernel-doc-2.6.9-89.0.20.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-hugemem-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"kernel-hugemem-2.6.9-89.0.20.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-hugemem-devel-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"kernel-hugemem-devel-2.6.9-89.0.20.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-largesmp-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"ia64\", reference:\"kernel-largesmp-2.6.9-89.0.20.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-largesmp-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"kernel-largesmp-2.6.9-89.0.20.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-largesmp-devel-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"ia64\", reference:\"kernel-largesmp-devel-2.6.9-89.0.20.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-largesmp-devel-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"kernel-largesmp-devel-2.6.9-89.0.20.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-smp-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"kernel-smp-2.6.9-89.0.20.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-smp-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"kernel-smp-2.6.9-89.0.20.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-smp-devel-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"kernel-smp-devel-2.6.9-89.0.20.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-smp-devel-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"kernel-smp-devel-2.6.9-89.0.20.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-xenU-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"kernel-xenU-2.6.9-89.0.20.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-xenU-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"kernel-xenU-2.6.9-89.0.20.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-xenU-devel-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"kernel-xenU-devel-2.6.9-89.0.20.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-xenU-devel-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"kernel-xenU-devel-2.6.9-89.0.20.0.1.EL\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:33:00", "description": "USN-947-1 fixed vulnerabilities in the Linux kernel. Fixes for CVE-2010-0419 caused failures when using KVM in certain situations.\nThis update reverts that fix until a better solution can be found.\n\nWe apologize for the inconvenience.\n\nIt was discovered that the Linux kernel did not correctly handle memory protection of the Virtual Dynamic Shared Object page when running a 32-bit application on a 64-bit kernel. A local attacker could exploit this to cause a denial of service. (Only affected Ubuntu 6.06 LTS.) (CVE-2009-4271)\n\nIt was discovered that the r8169 network driver did not correctly check the size of Ethernet frames. A remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. (CVE-2009-4537)\n\nWei Yongjun discovered that SCTP did not correctly validate certain chunks. A remote attacker could send specially crafted traffic to monopolize CPU resources, leading to a denial of service. (Only affected Ubuntu 6.06 LTS.) (CVE-2010-0008)\n\nIt was discovered that KVM did not correctly limit certain privileged IO accesses on x86. Processes in the guest OS with access to IO regions could gain further privileges within the guest OS. (Did not affect Ubuntu 6.06 LTS.) (CVE-2010-0298, CVE-2010-0306, CVE-2010-0419)\n\nEvgeniy Polyakov discovered that IPv6 did not correctly handle certain TUN packets. A remote attacker could exploit this to crash the system, leading to a denial of service.\n(Only affected Ubuntu 8.04 LTS.) (CVE-2010-0437)\n\nSachin Prabhu discovered that GFS2 did not correctly handle certain locks. A local attacker with write access to a GFS2 filesystem could exploit this to crash the system, leading to a denial of service. (CVE-2010-0727)\n\nJamie Strandboge discovered that network virtio in KVM did not correctly handle certain high-traffic conditions. A remote attacker could exploit this by sending specially crafted traffic to a guest OS, causing the guest to crash, leading to a denial of service. (Only affected Ubuntu 8.04 LTS.) (CVE-2010-0741)\n\nMarcus Meissner discovered that the USB subsystem did not correctly handle certain error conditions. A local attacker with access to a USB device could exploit this to read recently used kernel memory, leading to a loss of privacy and potentially root privilege escalation. (CVE-2010-1083)\n\nNeil Brown discovered that the Bluetooth subsystem did not correctly handle large amounts of traffic. A physically proximate remote attacker could exploit this by sending specially crafted traffic that would consume all available system memory, leading to a denial of service. (Ubuntu 6.06 LTS and 10.04 LTS were not affected.) (CVE-2010-1084)\n\nJody Bruchon discovered that the sound driver for the AMD780V did not correctly handle certain conditions. A local attacker with access to this hardward could exploit the flaw to cause a system crash, leading to a denial of service.\n(CVE-2010-1085)\n\nAng Way Chuang discovered that the DVB driver did not correctly handle certain MPEG2-TS frames. An attacker could exploit this by delivering specially crafted frames to monopolize CPU resources, leading to a denial of service.\n(Ubuntu 10.04 LTS was not affected.) (CVE-2010-1086)\n\nTrond Myklebust discovered that NFS did not correctly handle truncation under certain conditions. A local attacker with write access to an NFS share could exploit this to crash the system, leading to a denial of service. (Ubuntu 10.04 LTS was not affected.) (CVE-2010-1087)\n\nAl Viro discovered that automount of NFS did not correctly handle symlinks under certain conditions. A local attacker could exploit this to crash the system, leading to a denial of service. (Ubuntu 6.06 LTS and Ubuntu 10.04 LTS were not affected.) (CVE-2010-1088)\n\nMatt McCutchen discovered that ReiserFS did not correctly protect xattr files in the .reiserfs_priv directory. A local attacker could exploit this to gain root privileges or crash the system, leading to a denial of service. (CVE-2010-1146)\n\nEugene Teo discovered that CIFS did not correctly validate arguments when creating new files. A local attacker could exploit this to crash the system, leading to a denial of service, or possibly gain root privileges if mmap_min_addr was not set. (CVE-2010-1148)\n\nCatalin Marinas and Tetsuo Handa discovered that the TTY layer did not correctly release process IDs. A local attacker could exploit this to consume kernel resources, leading to a denial of service. (CVE-2010-1162)\n\nNeil Horman discovered that TIPC did not correctly check its internal state. A local attacker could send specially crafted packets via AF_TIPC that would cause the system to crash, leading to a denial of service. (Ubuntu 6.06 LTS was not affected.) (CVE-2010-1187)\n\nMasayuki Nakagawa discovered that IPv6 did not correctly handle certain settings when listening. If a socket were listening with the IPV6_RECVPKTINFO flag, a remote attacker could send specially crafted traffic that would cause the system to crash, leading to a denial of service. (Only Ubuntu 6.06 LTS was affected.) (CVE-2010-1188)\n\nOleg Nesterov discovered that the Out-Of-Memory handler did not correctly handle certain arrangements of processes. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2010-1488).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2010-06-04T00:00:00", "type": "nessus", "title": "Ubuntu 10.04 LTS : linux regression (USN-947-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-4271", "CVE-2009-4537", "CVE-2010-0008", "CVE-2010-0298", "CVE-2010-0306", "CVE-2010-0419", "CVE-2010-0437", "CVE-2010-0727", "CVE-2010-0741", "CVE-2010-1083", "CVE-2010-1084", "CVE-2010-1085", "CVE-2010-1086", "CVE-2010-1087", "CVE-2010-1088", "CVE-2010-1146", "CVE-2010-1148", "CVE-2010-1162", "CVE-2010-1187", "CVE-2010-1188", "CVE-2010-1488"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-doc", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-386", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-generic-pae", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-preempt", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-server", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpia", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-preempt", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-libc-dev", "p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.32", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-2.6", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-common", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts"], "id": "UBUNTU_USN-947-2.NASL", "href": "https://www.tenable.com/plugins/nessus/46811", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-947-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(46811);\n script_version(\"1.19\");\n script_cvs_date(\"Date: 2019/09/19 12:54:26\");\n\n script_cve_id(\"CVE-2009-4271\", \"CVE-2009-4537\", \"CVE-2010-0008\", \"CVE-2010-0298\", \"CVE-2010-0306\", \"CVE-2010-0419\", \"CVE-2010-0437\", \"CVE-2010-0727\", \"CVE-2010-0741\", \"CVE-2010-1083\", \"CVE-2010-1084\", \"CVE-2010-1085\", \"CVE-2010-1086\", \"CVE-2010-1087\", \"CVE-2010-1088\", \"CVE-2010-1146\", \"CVE-2010-1148\", \"CVE-2010-1162\", \"CVE-2010-1187\", \"CVE-2010-1188\", \"CVE-2010-1488\");\n script_xref(name:\"USN\", value:\"947-2\");\n\n script_name(english:\"Ubuntu 10.04 LTS : linux regression (USN-947-2)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN-947-1 fixed vulnerabilities in the Linux kernel. Fixes for\nCVE-2010-0419 caused failures when using KVM in certain situations.\nThis update reverts that fix until a better solution can be found.\n\nWe apologize for the inconvenience.\n\nIt was discovered that the Linux kernel did not correctly handle\nmemory protection of the Virtual Dynamic Shared Object page when\nrunning a 32-bit application on a 64-bit kernel. A local attacker\ncould exploit this to cause a denial of service. (Only affected Ubuntu\n6.06 LTS.) (CVE-2009-4271)\n\nIt was discovered that the r8169 network driver did not\ncorrectly check the size of Ethernet frames. A remote\nattacker could send specially crafted traffic to crash the\nsystem, leading to a denial of service. (CVE-2009-4537)\n\nWei Yongjun discovered that SCTP did not correctly validate\ncertain chunks. A remote attacker could send specially\ncrafted traffic to monopolize CPU resources, leading to a\ndenial of service. (Only affected Ubuntu 6.06 LTS.)\n(CVE-2010-0008)\n\nIt was discovered that KVM did not correctly limit certain\nprivileged IO accesses on x86. Processes in the guest OS\nwith access to IO regions could gain further privileges\nwithin the guest OS. (Did not affect Ubuntu 6.06 LTS.)\n(CVE-2010-0298, CVE-2010-0306, CVE-2010-0419)\n\nEvgeniy Polyakov discovered that IPv6 did not correctly\nhandle certain TUN packets. A remote attacker could exploit\nthis to crash the system, leading to a denial of service.\n(Only affected Ubuntu 8.04 LTS.) (CVE-2010-0437)\n\nSachin Prabhu discovered that GFS2 did not correctly handle\ncertain locks. A local attacker with write access to a GFS2\nfilesystem could exploit this to crash the system, leading\nto a denial of service. (CVE-2010-0727)\n\nJamie Strandboge discovered that network virtio in KVM did\nnot correctly handle certain high-traffic conditions. A\nremote attacker could exploit this by sending specially\ncrafted traffic to a guest OS, causing the guest to crash,\nleading to a denial of service. (Only affected Ubuntu 8.04\nLTS.) (CVE-2010-0741)\n\nMarcus Meissner discovered that the USB subsystem did not\ncorrectly handle certain error conditions. A local attacker\nwith access to a USB device could exploit this to read\nrecently used kernel memory, leading to a loss of privacy\nand potentially root privilege escalation. (CVE-2010-1083)\n\nNeil Brown discovered that the Bluetooth subsystem did not\ncorrectly handle large amounts of traffic. A physically\nproximate remote attacker could exploit this by sending\nspecially crafted traffic that would consume all available\nsystem memory, leading to a denial of service. (Ubuntu 6.06\nLTS and 10.04 LTS were not affected.) (CVE-2010-1084)\n\nJody Bruchon discovered that the sound driver for the\nAMD780V did not correctly handle certain conditions. A local\nattacker with access to this hardward could exploit the flaw\nto cause a system crash, leading to a denial of service.\n(CVE-2010-1085)\n\nAng Way Chuang discovered that the DVB driver did not\ncorrectly handle certain MPEG2-TS frames. An attacker could\nexploit this by delivering specially crafted frames to\nmonopolize CPU resources, leading to a denial of service.\n(Ubuntu 10.04 LTS was not affected.) (CVE-2010-1086)\n\nTrond Myklebust discovered that NFS did not correctly handle\ntruncation under certain conditions. A local attacker with\nwrite access to an NFS share could exploit this to crash the\nsystem, leading to a denial of service. (Ubuntu 10.04 LTS\nwas not affected.) (CVE-2010-1087)\n\nAl Viro discovered that automount of NFS did not correctly\nhandle symlinks under certain conditions. A local attacker\ncould exploit this to crash the system, leading to a denial\nof service. (Ubuntu 6.06 LTS and Ubuntu 10.04 LTS were not\naffected.) (CVE-2010-1088)\n\nMatt McCutchen discovered that ReiserFS did not correctly\nprotect xattr files in the .reiserfs_priv directory. A local\nattacker could exploit this to gain root privileges or crash\nthe system, leading to a denial of service. (CVE-2010-1146)\n\nEugene Teo discovered that CIFS did not correctly validate\narguments when creating new files. A local attacker could\nexploit this to crash the system, leading to a denial of\nservice, or possibly gain root privileges if mmap_min_addr\nwas not set. (CVE-2010-1148)\n\nCatalin Marinas and Tetsuo Handa discovered that the TTY\nlayer did not correctly release process IDs. A local\nattacker could exploit this to consume kernel resources,\nleading to a denial of service. (CVE-2010-1162)\n\nNeil Horman discovered that TIPC did not correctly check its\ninternal state. A local attacker could send specially\ncrafted packets via AF_TIPC that would cause the system to\ncrash, leading to a denial of service. (Ubuntu 6.06 LTS was\nnot affected.) (CVE-2010-1187)\n\nMasayuki Nakagawa discovered that IPv6 did not correctly\nhandle certain settings when listening. If a socket were\nlistening with the IPV6_RECVPKTINFO flag, a remote attacker\ncould send specially crafted traffic that would cause the\nsystem to crash, leading to a denial of service. (Only\nUbuntu 6.06 LTS was affected.) (CVE-2010-1188)\n\nOleg Nesterov discovered that the Out-Of-Memory handler did\nnot correctly handle certain arrangements of processes. A\nlocal attacker could exploit this to crash the system,\nleading to a denial of service. (CVE-2010-1488).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/947-2/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_cwe_id(20, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpia\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-libc-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-2.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-common\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/01/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/06/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/06/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2009-4271\", \"CVE-2009-4537\", \"CVE-2010-0008\", \"CVE-2010-0298\", \"CVE-2010-0306\", \"CVE-2010-0419\", \"CVE-2010-0437\", \"CVE-2010-0727\", \"CVE-2010-0741\", \"CVE-2010-1083\", \"CVE-2010-1084\", \"CVE-2010-1085\", \"CVE-2010-1086\", \"CVE-2010-1087\", \"CVE-2010-1088\", \"CVE-2010-1146\", \"CVE-2010-1148\", \"CVE-2010-1162\", \"CVE-2010-1187\", \"CVE-2010-1188\", \"CVE-2010-1488\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-947-2\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-doc\", pkgver:\"2.6.32-22.36\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-headers-2.6.32-22\", pkgver:\"2.6.32-22.36\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-headers-2.6.32-22-386\", pkgver:\"2.6.32-22.36\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-headers-2.6.32-22-generic\", pkgver:\"2.6.32-22.36\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-headers-2.6.32-22-generic-pae\", pkgver:\"2.6.32-22.36\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-headers-2.6.32-22-preempt\", pkgver:\"2.6.32-22.36\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-headers-2.6.32-22-server\", pkgver:\"2.6.32-22.36\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-22-386\", pkgver:\"2.6.32-22.36\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-22-generic\", pkgver:\"2.6.32-22.36\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-22-generic-pae\", pkgver:\"2.6.32-22.36\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-22-lpia\", pkgver:\"2.6.32-22.36\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-22-preempt\", pkgver:\"2.6.32-22.36\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-22-server\", pkgver:\"2.6.32-22.36\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-22-virtual\", pkgver:\"2.6.32-22.36\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-libc-dev\", pkgver:\"2.6.32-22.36\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-source-2.6.32\", pkgver:\"2.6.32-22.36\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-tools-2.6.32-22\", pkgver:\"2.6.32-22.36\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-tools-common\", pkgver:\"2.6.32-22.36\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-doc / linux-headers-2.6 / linux-headers-2.6-386 / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-04T14:41:44", "description": "This kernel update fixes the following security problems :\n\n - CVE-2008-0600: A local privilege escalation was found in the vmsplice_pipe system call, which could be used by local attackers to gain root access.\n\n - CVE-2007-6206: Core dumps from root might be accessible to the wrong owner.\n\nAnd the following bugs (numbers are https://bugzilla.novell.com/ references) :\n\n - Update to minor kernel version 2.6.22.17\n\n - networking bugfixes\n\n - contains the following patches which were removed :\n\n - patches.arch/acpica-psd.patch\n\n - patches.fixes/invalid-semicolon\n\n - patches.fixes/nopage-range-fix.patch\n\n - patches.arch/acpi_thermal_blacklist_add_r50p.patch:\n Avoid critical temp shutdowns on specific Thinkpad R50p (https://bugzilla.novell.com/show_bug.cgi?id=333043).\n\n - Update config files. CONFIG_USB_DEBUG in debug kernel\n\n - patches.rt/megasas_IRQF_NODELAY.patch: Convert megaraid sas IRQ to non-threaded IRQ (337489).\n\n - patches.drivers/libata-implement-force-parameter added to series.conf.\n\n - patches.xen/xen3-fixup-arch-i386: xen3 i386 build fixes.\n\n - patches.xen/xenfb-module-param: Re: Patching Xen virtual framebuffer.", "cvss3": {}, "published": "2008-02-14T00:00:00", "type": "nessus", "title": "openSUSE 10 Security Update : kernel (kernel-4986)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-6206", "CVE-2008-0600"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-bigsmp", "p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-rt", "p-cpe:/a:novell:opensuse:kernel-rt_debug", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-xen", "p-cpe:/a:novell:opensuse:kernel-xenpae", "cpe:/o:novell:opensuse:10.3"], "id": "SUSE_KERNEL-4986.NASL", "href": "https://www.tenable.com/plugins/nessus/31089", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update kernel-4986.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31089);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-6206\", \"CVE-2008-0600\");\n\n script_name(english:\"openSUSE 10 Security Update : kernel (kernel-4986)\");\n script_summary(english:\"Check for the kernel-4986 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This kernel update fixes the following security problems :\n\n - CVE-2008-0600: A local privilege escalation was found in\n the vmsplice_pipe system call, which could be used by\n local attackers to gain root access.\n\n - CVE-2007-6206: Core dumps from root might be accessible\n to the wrong owner.\n\nAnd the following bugs (numbers are https://bugzilla.novell.com/\nreferences) :\n\n - Update to minor kernel version 2.6.22.17\n\n - networking bugfixes\n\n - contains the following patches which were removed :\n\n - patches.arch/acpica-psd.patch\n\n - patches.fixes/invalid-semicolon\n\n - patches.fixes/nopage-range-fix.patch\n\n - patches.arch/acpi_thermal_blacklist_add_r50p.patch:\n Avoid critical temp shutdowns on specific Thinkpad R50p\n (https://bugzilla.novell.com/show_bug.cgi?id=333043).\n\n - Update config files. CONFIG_USB_DEBUG in debug kernel\n\n - patches.rt/megasas_IRQF_NODELAY.patch: Convert megaraid\n sas IRQ to non-threaded IRQ (337489).\n\n - patches.drivers/libata-implement-force-parameter added\n to series.conf.\n\n - patches.xen/xen3-fixup-arch-i386: xen3 i386 build fixes.\n\n - patches.xen/xenfb-module-param: Re: Patching Xen virtual\n framebuffer.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=333043\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(16, 94);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-bigsmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-rt_debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xenpae\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/02/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.3\", reference:\"kernel-bigsmp-2.6.22.17-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"kernel-debug-2.6.22.17-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"kernel-default-2.6.22.17-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"kernel-rt-2.6.22.17-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"kernel-rt_debug-2.6.22.17-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"kernel-source-2.6.22.17-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"kernel-syms-2.6.22.17-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"kernel-xen-2.6.22.17-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"kernel-xenpae-2.6.22.17-0.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-bigsmp / kernel-debug / kernel-default / kernel-rt / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-06T15:44:55", "description": "It was discovered that the Linux kernel did not correctly handle memory protection of the Virtual Dynamic Shared Object page when running a 32-bit application on a 64-bit kernel. A local attacker could exploit this to cause a denial of service. (Only affected Ubuntu 6.06 LTS.) (CVE-2009-4271)\n\nIt was discovered that the r8169 network driver did not correctly check the size of Ethernet frames. A remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. (CVE-2009-4537)\n\nWei Yongjun discovered that SCTP did not correctly validate certain chunks. A remote attacker could send specially crafted traffic to monopolize CPU resources, leading to a denial of service. (Only affected Ubuntu 6.06 LTS.) (CVE-2010-0008)\n\nIt was discovered that KVM did not correctly limit certain privileged IO accesses on x86. Processes in the guest OS with access to IO regions could gain further privileges within the guest OS. (Did not affect Ubuntu 6.06 LTS.) (CVE-2010-0298, CVE-2010-0306, CVE-2010-0419)\n\nEvgeniy Polyakov discovered that IPv6 did not correctly handle certain TUN packets. A remote attacker could exploit this to crash the system, leading to a denial of service. (Only affected Ubuntu 8.04 LTS.) (CVE-2010-0437)\n\nSachin Prabhu discovered that GFS2 did not correctly handle certain locks. A local attacker with write access to a GFS2 filesystem could exploit this to crash the system, leading to a denial of service.\n(CVE-2010-0727)\n\nJamie Strandboge discovered that network virtio in KVM did not correctly handle certain high-traffic conditions. A remote attacker could exploit this by sending specially crafted traffic to a guest OS, causing the guest to crash, leading to a denial of service. (Only affected Ubuntu 8.04 LTS.) (CVE-2010-0741)\n\nMarcus Meissner discovered that the USB subsystem did not correctly handle certain error conditions. A local attacker with access to a USB device could exploit this to read recently used kernel memory, leading to a loss of privacy and potentially root privilege escalation.\n(CVE-2010-1083)\n\nNeil Brown discovered that the Bluetooth subsystem did not correctly handle large amounts of traffic. A physically proximate remote attacker could exploit this by sending specially crafted traffic that would consume all available system memory, leading to a denial of service. (Ubuntu 6.06 LTS and 10.04 LTS were not affected.) (CVE-2010-1084)\n\nJody Bruchon discovered that the sound driver for the AMD780V did not correctly handle certain conditions. A local attacker with access to this hardward could exploit the flaw to cause a system crash, leading to a denial of service. (CVE-2010-1085)\n\nAng Way Chuang discovered that the DVB driver did not correctly handle certain MPEG2-TS frames. An attacker could exploit this by delivering specially crafted frames to monopolize CPU resources, leading to a denial of service. (Ubuntu 10.04 LTS was not affected.) (CVE-2010-1086)\n\nTrond Myklebust discovered that NFS did not correctly handle truncation under certain conditions. A local attacker with write access to an NFS share could exploit this to crash the system, leading to a denial of service. (Ubuntu 10.04 LTS was not affected.) (CVE-2010-1087)\n\nAl Viro discovered that automount of NFS did not correctly handle symlinks under certain conditions. A local attacker could exploit this to crash the system, leading to a denial of service. (Ubuntu 6.06 LTS and Ubuntu 10.04 LTS were not affected.) (CVE-2010-1088)\n\nMatt McCutchen discovered that ReiserFS did not correctly protect xattr files in the .reiserfs_priv directory. A local attacker could exploit this to gain root privileges or crash the system, leading to a denial of service. (CVE-2010-1146)\n\nEugene Teo discovered that CIFS did not correctly validate arguments when creating new files. A local attacker could exploit this to crash the system, leading to a denial of service, or possibly gain root privileges if mmap_min_addr was not set. (CVE-2010-1148)\n\nCatalin Marinas and Tetsuo Handa discovered that the TTY layer did not correctly release process IDs. A local attacker could exploit this to consume kernel resources, leading to a denial of service.\n(CVE-2010-1162)\n\nNeil Horman discovered that TIPC did not correctly check its internal state. A local attacker could send specially crafted packets via AF_TIPC that would cause the system to crash, leading to a denial of service. (Ubuntu 6.06 LTS was not affected.) (CVE-2010-1187)\n\nMasayuki Nakagawa discovered that IPv6 did not correctly handle certain settings when listening. If a socket were listening with the IPV6_RECVPKTINFO flag, a remote attacker could send specially crafted traffic that would cause the system to crash, leading to a denial of service. (Only Ubuntu 6.06 LTS was affected.) (CVE-2010-1188)\n\nOleg Nesterov discovered that the Out-Of-Memory handler did not correctly handle certain arrangements of processes. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2010-1488).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2010-06-04T00:00:00", "type": "nessus", "title": "Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : linux, linux-source-2.6.15 vulnerabilities (USN-947-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-4271", "CVE-2009-4537", "CVE-2010-0008", "CVE-2010-0298", "CVE-2010-0306", "CVE-2010-0419", "CVE-2010-0437", "CVE-2010-0727", "CVE-2010-0741", "CVE-2010-1083", "CVE-2010-1084", "CVE-2010-1085", "CVE-2010-1086", "CVE-2010-1087", "CVE-2010-1088", "CVE-2010-1146", "CVE-2010-1148", "CVE-2010-1162", "CVE-2010-1187", "CVE-2010-1188", "CVE-2010-1488"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-doc", "p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.15", "p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.24", "p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.28", "p-cpe:/a:canonical:ubuntu_linux:linux-ec2-doc", "p-cpe:/a:canonical:ubuntu_linux:linux-ec2-source-2.6.31", "p-cpe:/a:canonical:ubuntu_linux:linux-ec2-source-2.6.32", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-386", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-686", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-k8", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-server", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-xeon", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-ec2", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-generic-pae", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-openvz", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-preempt", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-rt", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-server", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-xen", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386-dbgsym", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-686", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-k8", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-server", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-xeon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-dove", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-dove-z0", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-ec2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-dbgsym", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae-dbgsym", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpia", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpia-dbgsym", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpiacompat", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-openvz", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-preempt", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-preempt-dbgsym", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-rt", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server-dbgsym", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-st1-5", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-versatile", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-versatile-dbgsym", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-xen", "p-cpe:/a:canonical:ubuntu_linux:linux-image-debug-2.6-386", "p-cpe:/a:canonical:ubuntu_linux:linux-image-debug-2.6-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-debug-2.6-server", "p-cpe:/a:canonical:ubuntu_linux:linux-image-debug-2.6-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-kernel-devel", "p-cpe:/a:canonical:ubuntu_linux:linux-libc-dev", "p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.15", "p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.24", "p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.28", "p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.31", "p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.32", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-2.6", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-common", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts", "cpe:/o:canonical:ubuntu_linux:9.04", "cpe:/o:canonical:ubuntu_linux:9.10"], "id": "UBUNTU_USN-947-1.NASL", "href": "https://www.tenable.com/plugins/nessus/46810", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-947-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(46810);\n script_version(\"1.20\");\n script_cvs_date(\"Date: 2019/09/19 12:54:26\");\n\n script_cve_id(\"CVE-2009-4271\", \"CVE-2009-4537\", \"CVE-2010-0008\", \"CVE-2010-0298\", \"CVE-2010-0306\", \"CVE-2010-0419\", \"CVE-2010-0437\", \"CVE-2010-0727\", \"CVE-2010-0741\", \"CVE-2010-1083\", \"CVE-2010-1084\", \"CVE-2010-1085\", \"CVE-2010-1086\", \"CVE-2010-1087\", \"CVE-2010-1088\", \"CVE-2010-1146\", \"CVE-2010-1148\", \"CVE-2010-1162\", \"CVE-2010-1187\", \"CVE-2010-1188\", \"CVE-2010-1488\");\n script_bugtraq_id(37521, 38185, 38348, 38479, 38857, 38858, 38898, 39016, 39042, 39044, 39101, 39120, 39186, 39344, 39480, 39569);\n script_xref(name:\"USN\", value:\"947-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : linux, linux-source-2.6.15 vulnerabilities (USN-947-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the Linux kernel did not correctly handle\nmemory protection of the Virtual Dynamic Shared Object page when\nrunning a 32-bit application on a 64-bit kernel. A local attacker\ncould exploit this to cause a denial of service. (Only affected Ubuntu\n6.06 LTS.) (CVE-2009-4271)\n\nIt was discovered that the r8169 network driver did not correctly\ncheck the size of Ethernet frames. A remote attacker could send\nspecially crafted traffic to crash the system, leading to a denial of\nservice. (CVE-2009-4537)\n\nWei Yongjun discovered that SCTP did not correctly validate certain\nchunks. A remote attacker could send specially crafted traffic to\nmonopolize CPU resources, leading to a denial of service. (Only\naffected Ubuntu 6.06 LTS.) (CVE-2010-0008)\n\nIt was discovered that KVM did not correctly limit certain privileged\nIO accesses on x86. Processes in the guest OS with access to IO\nregions could gain further privileges within the guest OS. (Did not\naffect Ubuntu 6.06 LTS.) (CVE-2010-0298, CVE-2010-0306, CVE-2010-0419)\n\nEvgeniy Polyakov discovered that IPv6 did not correctly handle certain\nTUN packets. A remote attacker could exploit this to crash the system,\nleading to a denial of service. (Only affected Ubuntu 8.04 LTS.)\n(CVE-2010-0437)\n\nSachin Prabhu discovered that GFS2 did not correctly handle certain\nlocks. A local attacker with write access to a GFS2 filesystem could\nexploit this to crash the system, leading to a denial of service.\n(CVE-2010-0727)\n\nJamie Strandboge discovered that network virtio in KVM did not\ncorrectly handle certain high-traffic conditions. A remote attacker\ncould exploit this by sending specially crafted traffic to a guest OS,\ncausing the guest to crash, leading to a denial of service. (Only\naffected Ubuntu 8.04 LTS.) (CVE-2010-0741)\n\nMarcus Meissner discovered that the USB subsystem did not correctly\nhandle certain error conditions. A local attacker with access to a USB\ndevice could exploit this to read recently used kernel memory, leading\nto a loss of privacy and potentially root privilege escalation.\n(CVE-2010-1083)\n\nNeil Brown discovered that the Bluetooth subsystem did not correctly\nhandle large amounts of traffic. A physically proximate remote\nattacker could exploit this by sending specially crafted traffic that\nwould consume all available system memory, leading to a denial of\nservice. (Ubuntu 6.06 LTS and 10.04 LTS were not affected.)\n(CVE-2010-1084)\n\nJody Bruchon discovered that the sound driver for the AMD780V did not\ncorrectly handle certain conditions. A local attacker with access to\nthis hardward could exploit the flaw to cause a system crash, leading\nto a denial of service. (CVE-2010-1085)\n\nAng Way Chuang discovered that the DVB driver did not correctly handle\ncertain MPEG2-TS frames. An attacker could exploit this by delivering\nspecially crafted frames to monopolize CPU resources, leading to a\ndenial of service. (Ubuntu 10.04 LTS was not affected.)\n(CVE-2010-1086)\n\nTrond Myklebust discovered that NFS did not correctly handle\ntruncation under certain conditions. A local attacker with write\naccess to an NFS share could exploit this to crash the system, leading\nto a denial of service. (Ubuntu 10.04 LTS was not affected.)\n(CVE-2010-1087)\n\nAl Viro discovered that automount of NFS did not correctly handle\nsymlinks under certain conditions. A local attacker could exploit this\nto crash the system, leading to a denial of service. (Ubuntu 6.06 LTS\nand Ubuntu 10.04 LTS were not affected.) (CVE-2010-1088)\n\nMatt McCutchen discovered that ReiserFS did not correctly protect\nxattr files in the .reiserfs_priv directory. A local attacker could\nexploit this to gain root privileges or crash the system, leading to a\ndenial of service. (CVE-2010-1146)\n\nEugene Teo discovered that CIFS did not correctly validate arguments\nwhen creating new files. A local attacker could exploit this to crash\nthe system, leading to a denial of service, or possibly gain root\nprivileges if mmap_min_addr was not set. (CVE-2010-1148)\n\nCatalin Marinas and Tetsuo Handa discovered that the TTY layer did not\ncorrectly release process IDs. A local attacker could exploit this to\nconsume kernel resources, leading to a denial of service.\n(CVE-2010-1162)\n\nNeil Horman discovered that TIPC did not correctly check its internal\nstate. A local attacker could send specially crafted packets via\nAF_TIPC that would cause the system to crash, leading to a denial of\nservice. (Ubuntu 6.06 LTS was not affected.) (CVE-2010-1187)\n\nMasayuki Nakagawa discovered that IPv6 did not correctly handle\ncertain settings when listening. If a socket were listening with the\nIPV6_RECVPKTINFO flag, a remote attacker could send specially crafted\ntraffic that would cause the system to crash, leading to a denial of\nservice. (Only Ubuntu 6.06 LTS was affected.) (CVE-2010-1188)\n\nOleg Nesterov discovered that the Out-Of-Memory handler did not\ncorrectly handle certain arrangements of processes. A local attacker\ncould exploit this to crash the system, leading to a denial of\nservice. (CVE-2010-1488).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/947-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.15\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.24\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.28\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-ec2-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-ec2-source-2.6.31\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-ec2-source-2.6.32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-k8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-xeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-openvz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386-dbgsym\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-k8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-xeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-dove\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-dove-z0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-dbgsym\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae-dbgsym\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpia\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpia-dbgsym\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpiacompat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-openvz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-preempt-dbgsym\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server-dbgsym\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-st1-5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-versatile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-versatile-dbgsym\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-debug-2.6-386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-debug-2.6-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-debug-2.6-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-debug-2.6-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-libc-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.15\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.24\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.28\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.31\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-2.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-common\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/01/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/06/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/06/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(6\\.06|8\\.04|9\\.04|9\\.10|10\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 8.04 / 9.04 / 9.10 / 10.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2009-4271\", \"CVE-2009-4537\", \"CVE-2010-0008\", \"CVE-2010-0298\", \"CVE-2010-0306\", \"CVE-2010-0419\", \"CVE-2010-0437\", \"CVE-2010-0727\", \"CVE-2010-0741\", \"CVE-2010-1083\", \"CVE-2010-1084\", \"CVE-2010-1085\", \"CVE-2010-1086\", \"CVE-2010-1087\", \"CVE-2010-1088\", \"CVE-2010-1146\", \"CVE-2010-1148\", \"CVE-2010-1162\", \"CVE-2010-1187\", \"CVE-2010-1188\", \"CVE-2010-1488\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-947-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-doc-2.6.15\", pkgver:\"2.6.15-55.84\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-headers-2.6.15-55\", pkgver:\"2.6.15-55.84\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-headers-2.6.15-55-386\", pkgver:\"2.6.15-55.84\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-headers-2.6.15-55-686\", pkgver:\"2.6.15-55.84\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-headers-2.6.15-55-amd64-generic\", pkgver:\"2.6.15-55.84\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-headers-2.6.15-55-amd64-k8\", pkgver:\"2.6.15-55.84\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-headers-2.6.15-55-amd64-server\", pkgver:\"2.6.15-55.84\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-headers-2.6.15-55-amd64-xeon\", pkgver:\"2.6.15-55.84\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-headers-2.6.15-55-server\", pkgver:\"2.6.15-55.84\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-image-2.6.15-55-386\", pkgver:\"2.6.15-55.84\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-image-2.6.15-55-686\", pkgver:\"2.6.15-55.84\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-image-2.6.15-55-amd64-generic\", pkgver:\"2.6.15-55.84\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-image-2.6.15-55-amd64-k8\", pkgver:\"2.6.15-55.84\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-image-2.6.15-55-amd64-server\", pkgver:\"2.6.15-55.84\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-image-2.6.15-55-amd64-xeon\", pkgver:\"2.6.15-55.84\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-image-2.6.15-55-server\", pkgver:\"2.6.15-55.84\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-kernel-devel\", pkgver:\"2.6.15-55.84\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-source-2.6.15\", pkgver:\"2.6.15-55.84\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-doc-2.6.24\", pkgver:\"2.6.24-28.70\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-headers-2.6.24-28\", pkgver:\"2.6.24-28.70\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-headers-2.6.24-28-386\", pkgver:\"2.6.24-28.70\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-headers-2.6.24-28-generic\", pkgver:\"2.6.24-28.70\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-headers-2.6.24-28-openvz\", pkgver:\"2.6.24-28.70\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-headers-2.6.24-28-rt\", pkgver:\"2.6.24-28.70\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-headers-2.6.24-28-server\", pkgver:\"2.6.24-28.70\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-headers-2.6.24-28-virtual\", pkgver:\"2.6.24-28.70\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-headers-2.6.24-28-xen\", pkgver:\"2.6.24-28.70\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-28-386\", pkgver:\"2.6.24-28.70\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-28-generic\", pkgver:\"2.6.24-28.70\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-28-lpia\", pkgver:\"2.6.24-28.70\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-28-lpiacompat\", pkgver:\"2.6.24-28.70\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-28-openvz\", pkgver:\"2.6.24-28.70\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-28-rt\", pkgver:\"2.6.24-28.70\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-28-server\", pkgver:\"2.6.24-28.70\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-28-virtual\", pkgver:\"2.6.24-28.70\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-28-xen\", pkgver:\"2.6.24-28.70\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-debug-2.6.24-28-386\", pkgver:\"2.6.24-28.70\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-debug-2.6.24-28-generic\", pkgver:\"2.6.24-28.70\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-debug-2.6.24-28-server\", pkgver:\"2.6.24-28.70\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-debug-2.6.24-28-virtual\", pkgver:\"2.6.24-28.70\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-kernel-devel\", pkgver:\"2.6.24-28.70\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-libc-dev\", pkgver:\"2.6.24-28.70\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-source-2.6.24\", pkgver:\"2.6.24-28.70\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"linux-doc-2.6.28\", pkgver:\"2.6.28-19.61\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"linux-headers-2.6.28-19\", pkgver:\"2.6.28-19.61\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"linux-headers-2.6.28-19-generic\", pkgver:\"2.6.28-19.61\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"linux-headers-2.6.28-19-server\", pkgver:\"2.6.28-19.61\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"linux-image-2.6.28-19-generic\", pkgver:\"2.6.28-19.61\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"linux-image-2.6.28-19-lpia\", pkgver:\"2.6.28-19.61\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"linux-image-2.6.28-19-server\", pkgver:\"2.6.28-19.61\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"linux-image-2.6.28-19-versatile\", pkgver:\"2.6.28-19.61\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"linux-image-2.6.28-19-virtual\", pkgver:\"2.6.28-19.61\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"linux-libc-dev\", pkgver:\"2.6.28-19.61\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"linux-source-2.6.28\", pkgver:\"2.6.28-19.61\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"linux-doc\", pkgver:\"2.6.31-22.60\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"linux-ec2-doc\", pkgver:\"2.6.31-307.15\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"linux-ec2-source-2.6.31\", pkgver:\"2.6.31-307.15\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"linux-headers-2.6.31-22\", pkgver:\"2.6.31-22.60\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"linux-headers-2.6.31-22-386\", pkgver:\"2.6.31-22.60\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"linux-headers-2.6.31-22-generic\", pkgver:\"2.6.31-22.60\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"linux-headers-2.6.31-22-generic-pae\", pkgver:\"2.6.31-22.60\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"linux-headers-2.6.31-22-server\", pkgver:\"2.6.31-22.60\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"linux-headers-2.6.31-307\", pkgver:\"2.6.31-307.15\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"linux-headers-2.6.31-307-ec2\", pkgver:\"2.6.31-307.15\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"linux-image-2.6.31-214-dove\", pkgver:\"2.6.31-214.28\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"linux-image-2.6.31-214-dove-z0\", pkgver:\"2.6.31-214.28\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"linux-image-2.6.31-22-386\", pkgver:\"2.6.31-22.60\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"linux-image-2.6.31-22-generic\", pkgver:\"2.6.31-22.60\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"linux-image-2.6.31-22-generic-pae\", pkgver:\"2.6.31-22.60\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"linux-image-2.6.31-22-lpia\", pkgver:\"2.6.31-22.60\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"linux-image-2.6.31-22-server\", pkgver:\"2.6.31-22.60\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"linux-image-2.6.31-22-virtual\", pkgver:\"2.6.31-22.60\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"linux-image-2.6.31-307-ec2\", pkgver:\"2.6.31-307.15\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"linux-libc-dev\", pkgver:\"2.6.31-22.60\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"linux-source-2.6.31\", pkgver:\"2.6.31-22.60\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-doc\", pkgver:\"2.6.32-22.35\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-ec2-doc\", pkgver:\"2.6.32-306.11\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-ec2-source-2.6.32\", pkgver:\"2.6.32-306.11\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-headers-2.6.32-22\", pkgver:\"2.6.32-22.35\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-headers-2.6.32-22-386\", pkgver:\"2.6.32-22.35\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-headers-2.6.32-22-generic\", pkgver:\"2.6.32-22.35\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-headers-2.6.32-22-generic-pae\", pkgver:\"2.6.32-22.35\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-headers-2.6.32-22-preempt\", pkgver:\"2.6.32-22.35\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-headers-2.6.32-22-server\", pkgver:\"2.6.32-22.35\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-headers-2.6.32-306\", pkgver:\"2.6.32-306.11\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-headers-2.6.32-306-ec2\", pkgver:\"2.6.32-306.11\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.31-802-st1-5\", pkgver:\"2.6.31-802.4\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-205-dove\", pkgver:\"2.6.32-205.18\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-22-386\", pkgver:\"2.6.32-22.35\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-22-386-dbgsym\", pkgver:\"2.6.32-22.35\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-22-generic\", pkgver:\"2.6.32-22.35\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-22-generic-dbgsym\", pkgver:\"2.6.32-22.35\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-22-generic-pae\", pkgver:\"2.6.32-22.35\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-22-generic-pae-dbgsym\", pkgver:\"2.6.32-22.35\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-22-lpia\", pkgver:\"2.6.32-22.35\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-22-lpia-dbgsym\", pkgver:\"2.6.32-22.35\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-22-preempt\", pkgver:\"2.6.32-22.35\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-22-preempt-dbgsym\", pkgver:\"2.6.32-22.35\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-22-server\", pkgver:\"2.6.32-22.35\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-22-server-dbgsym\", pkgver:\"2.6.32-22.35\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-22-versatile\", pkgver:\"2.6.32-22.35\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-22-versatile-dbgsym\", pkgver:\"2.6.32-22.35\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-22-virtual\", pkgver:\"2.6.32-22.35\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-306-ec2\", pkgver:\"2.6.32-306.11\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-libc-dev\", pkgver:\"2.6.32-22.35\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-source-2.6.32\", pkgver:\"2.6.32-22.35\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-tools-2.6.32-22\", pkgver:\"2.6.32-22.35\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-tools-common\", pkgver:\"2.6.32-22.35\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-doc / linux-doc-2.6.15 / linux-doc-2.6.24 / linux-doc-2.6.28 / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-06T15:35:09", "description": "Updated kernel packages that fix multiple security issues and three bugs are now available for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThis update fixes the following security issues :\n\n* an array index error was found in the gdth driver in the Linux kernel. A local user could send a specially crafted IOCTL request that would cause a denial of service or, possibly, privilege escalation.\n(CVE-2009-3080, Important)\n\n* a flaw was found in the collect_rx_frame() function in the HiSax ISDN driver (hfc_usb) in the Linux kernel. An attacker could use this flaw to send a specially crafted HDLC packet that could trigger a buffer out of bounds, possibly resulting in a denial of service.\n(CVE-2009-4005, Important)\n\n* permission issues were found in the megaraid_sas driver (for SAS based RAID controllers) in the Linux kernel. The 'dbg_lvl' and 'poll_mode_io' files on the sysfs file system ('/sys/') had world-writable permissions. This could allow local, unprivileged users to change the behavior of the driver. (CVE-2009-3889, CVE-2009-3939, Moderate)\n\n* a buffer overflow flaw was found in the hfs_bnode_read() function in the HFS file system implementation in the Linux kernel. This could lead to a denial of service if a user browsed a specially crafted HFS file system, for example, by running 'ls'. (CVE-2009-4020, Low)\n\nThis update also fixes the following bugs :\n\n* if a process was using ptrace() to trace a multi-threaded process, and that multi-threaded process dumped its core, the process performing the trace could hang in wait4(). This issue could be triggered by running 'strace -f' on a multi-threaded process that was dumping its core, resulting in the strace command hanging. (BZ#555869)\n\n* a bug in the ptrace() implementation could have, in some cases, caused ptrace_detach() to create a zombie process if the process being traced was terminated with a SIGKILL signal. (BZ#555869)\n\n* the RHSA-2010:0020 update resolved an issue (CVE-2009-4537) in the Realtek r8169 Ethernet driver. This update implements a better solution for that issue. Note: This is not a security regression. The original fix was complete. This update is adding the official upstream fix. (BZ#556406)\n\nUsers should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.", "cvss3": {}, "published": "2010-02-05T00:00:00", "type": "nessus", "title": "CentOS 4 : kernel (CESA-2010:0076)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3080", "CVE-2009-3889", "CVE-2009-3939", "CVE-2009-4005", "CVE-2009-4020", "CVE-2009-4537"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel-doc", "p-cpe:/a:centos:centos:kernel-hugemem", "p-cpe:/a:centos:centos:kernel-hugemem-devel", "p-cpe:/a:centos:centos:kernel-largesmp", "p-cpe:/a:centos:centos:kernel-largesmp-devel", "p-cpe:/a:centos:centos:kernel-smp", "p-cpe:/a:centos:centos:kernel-smp-devel", "p-cpe:/a:centos:centos:kernel-xenu", "p-cpe:/a:centos:centos:kernel-xenu-devel", "cpe:/o:centos:centos:4"], "id": "CENTOS_RHSA-2010-0076.NASL", "href": "https://www.tenable.com/plugins/nessus/44395", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0076 and \n# CentOS Errata and Security Advisory 2010:0076 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(44395);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2009-3080\", \"CVE-2009-3889\", \"CVE-2009-3939\", \"CVE-2009-4005\", \"CVE-2009-4020\");\n script_bugtraq_id(37019, 37036, 37068);\n script_xref(name:\"RHSA\", value:\"2010:0076\");\n\n script_name(english:\"CentOS 4 : kernel (CESA-2010:0076)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix multiple security issues and three\nbugs are now available for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n* an array index error was found in the gdth driver in the Linux\nkernel. A local user could send a specially crafted IOCTL request that\nwould cause a denial of service or, possibly, privilege escalation.\n(CVE-2009-3080, Important)\n\n* a flaw was found in the collect_rx_frame() function in the HiSax\nISDN driver (hfc_usb) in the Linux kernel. An attacker could use this\nflaw to send a specially crafted HDLC packet that could trigger a\nbuffer out of bounds, possibly resulting in a denial of service.\n(CVE-2009-4005, Important)\n\n* permission issues were found in the megaraid_sas driver (for SAS\nbased RAID controllers) in the Linux kernel. The 'dbg_lvl' and\n'poll_mode_io' files on the sysfs file system ('/sys/') had\nworld-writable permissions. This could allow local, unprivileged users\nto change the behavior of the driver. (CVE-2009-3889, CVE-2009-3939,\nModerate)\n\n* a buffer overflow flaw was found in the hfs_bnode_read() function in\nthe HFS file system implementation in the Linux kernel. This could\nlead to a denial of service if a user browsed a specially crafted HFS\nfile system, for example, by running 'ls'. (CVE-2009-4020, Low)\n\nThis update also fixes the following bugs :\n\n* if a process was using ptrace() to trace a multi-threaded process,\nand that multi-threaded process dumped its core, the process\nperforming the trace could hang in wait4(). This issue could be\ntriggered by running 'strace -f' on a multi-threaded process that was\ndumping its core, resulting in the strace command hanging. (BZ#555869)\n\n* a bug in the ptrace() implementation could have, in some cases,\ncaused ptrace_detach() to create a zombie process if the process being\ntraced was terminated with a SIGKILL signal. (BZ#555869)\n\n* the RHSA-2010:0020 update resolved an issue (CVE-2009-4537) in the\nRealtek r8169 Ethernet driver. This update implements a better\nsolution for that issue. Note: This is not a security regression. The\noriginal fix was complete. This update is adding the official upstream\nfix. (BZ#556406)\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues. The system must be\nrebooted for this update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-February/016492.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?81ade6c7\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-February/016493.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?94785d9f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-hugemem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-hugemem-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-largesmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-largesmp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-smp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-xenU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-xenU-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/11/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/02/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"kernel-2.6.9-89.0.20.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"kernel-2.6.9-89.0.20.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"kernel-devel-2.6.9-89.0.20.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.9-89.0.20.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"kernel-doc-2.6.9-89.0.20.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"kernel-doc-2.6.9-89.0.20.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"kernel-hugemem-2.6.9-89.0.20.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"kernel-hugemem-devel-2.6.9-89.0.20.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"kernel-largesmp-2.6.9-89.0.20.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"kernel-largesmp-devel-2.6.9-89.0.20.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"kernel-smp-2.6.9-89.0.20.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"kernel-smp-2.6.9-89.0.20.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"kernel-smp-devel-2.6.9-89.0.20.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"kernel-smp-devel-2.6.9-89.0.20.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"kernel-xenU-2.6.9-89.0.20.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"kernel-xenU-2.6.9-89.0.20.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"kernel-xenU-devel-2.6.9-89.0.20.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"kernel-xenU-devel-2.6.9-89.0.20.EL\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-devel / kernel-doc / kernel-hugemem / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:21:01", "description": "From Red Hat Security Advisory 2008:0973 :\n\nUpdated kernel packages that resolve several security issues and fix various bugs are now available for Red Hat Enterprise Linux 3.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThis update addresses the following security issues :\n\n* Tavis Ormandy discovered a deficiency in the Linux kernel 32-bit and 64-bit emulation. This could allow a local, unprivileged user to prepare and run a specially crafted binary which would use this deficiency to leak uninitialized and potentially sensitive data.\n(CVE-2008-0598, Important)\n\n* a possible kernel memory leak was found in the Linux kernel Simple Internet Transition (SIT) INET6 implementation. This could allow a local, unprivileged user to cause a denial of service. (CVE-2008-2136, Important)\n\n* missing capability checks were found in the SBNI WAN driver which could allow a local user to bypass intended capability restrictions.\n(CVE-2008-3525, Important)\n\n* the do_truncate() and generic_file_splice_write() functions did not clear the setuid and setgid bits. This could allow a local, unprivileged user to obtain access to privileged information.\n(CVE-2008-4210, Important)\n\n* a buffer overflow flaw was found in Integrated Services Digital Network (ISDN) subsystem. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2007-6063, Moderate)\n\n* multiple NULL pointer dereferences were found in various Linux kernel network drivers. These drivers were missing checks for terminal validity, which could allow privilege escalation. (CVE-2008-2812, Moderate)\n\n* a deficiency was found in the Linux kernel virtual filesystem (VFS) implementation. This could allow a local, unprivileged user to attempt file creation within deleted directories, possibly causing a denial of service. (CVE-2008-3275, Moderate)\n\nThis update also fixes the following bugs :\n\n* the incorrect kunmap function was used in nfs_xdr_readlinkres.\nkunmap() was used where kunmap_atomic() should have been. As a consequence, if an NFSv2 or NFSv3 server exported a volume containing a symlink which included a path equal to or longer than the local system's PATH_MAX, accessing the link caused a kernel oops. This has been corrected in this update.\n\n* mptctl_gettargetinfo did not check if pIoc3 was NULL before using it as a pointer. This caused a kernel panic in mptctl_gettargetinfo in some circumstances. A check has been added which prevents this.\n\n* lost tick compensation code in the timer interrupt routine triggered without apparent cause. When running as a fully-virtualized client, this spurious triggering caused the 64-bit version of Red Hat Enterprise Linux 3 to present highly inaccurate times. With this update the lost tick compensation code is turned off when the operating system is running as a fully-virtualized client under Xen or VMware(r).\n\nAll Red Hat Enterprise Linux 3 users should install this updated kernel which addresses these vulnerabilities and fixes these bugs.", "cvss3": {}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 3 : kernel (ELSA-2008-0973)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-6063", "CVE-2008-0598", "CVE-2008-2136", "CVE-2008-2812", "CVE-2008-3275", "CVE-2008-3525", "CVE-2008-4210"], "modified": "2021-08-24T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-boot", "p-cpe:/a:oracle:linux:kernel-doc", "p-cpe:/a:oracle:linux:kernel-hugemem", "p-cpe:/a:oracle:linux:kernel-hugemem-unsupported", "p-cpe:/a:oracle:linux:kernel-smp", "p-cpe:/a:oracle:linux:kernel-smp-unsupported", "p-cpe:/a:oracle:linux:kernel-source", "p-cpe:/a:oracle:linux:kernel-unsupported", "cpe:/o:oracle:linux:3"], "id": "ORACLELINUX_ELSA-2008-0973.NASL", "href": "https://www.tenable.com/plugins/nessus/67763", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2008:0973 and \n# Oracle Linux Security Advisory ELSA-2008-0973 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67763);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/24\");\n\n script_cve_id(\"CVE-2007-6063\", \"CVE-2008-0598\", \"CVE-2008-2136\", \"CVE-2008-2812\", \"CVE-2008-3275\", \"CVE-2008-3525\", \"CVE-2008-4210\");\n script_bugtraq_id(26605, 29235, 29942, 30076, 30647, 31368);\n script_xref(name:\"RHSA\", value:\"2008:0973\");\n\n script_name(english:\"Oracle Linux 3 : kernel (ELSA-2008-0973)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2008:0973 :\n\nUpdated kernel packages that resolve several security issues and fix\nvarious bugs are now available for Red Hat Enterprise Linux 3.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update addresses the following security issues :\n\n* Tavis Ormandy discovered a deficiency in the Linux kernel 32-bit and\n64-bit emulation. This could allow a local, unprivileged user to\nprepare and run a specially crafted binary which would use this\ndeficiency to leak uninitialized and potentially sensitive data.\n(CVE-2008-0598, Important)\n\n* a possible kernel memory leak was found in the Linux kernel Simple\nInternet Transition (SIT) INET6 implementation. This could allow a\nlocal, unprivileged user to cause a denial of service. (CVE-2008-2136,\nImportant)\n\n* missing capability checks were found in the SBNI WAN driver which\ncould allow a local user to bypass intended capability restrictions.\n(CVE-2008-3525, Important)\n\n* the do_truncate() and generic_file_splice_write() functions did not\nclear the setuid and setgid bits. This could allow a local,\nunprivileged user to obtain access to privileged information.\n(CVE-2008-4210, Important)\n\n* a buffer overflow flaw was found in Integrated Services Digital\nNetwork (ISDN) subsystem. A local, unprivileged user could use this\nflaw to cause a denial of service. (CVE-2007-6063, Moderate)\n\n* multiple NULL pointer dereferences were found in various Linux\nkernel network drivers. These drivers were missing checks for terminal\nvalidity, which could allow privilege escalation. (CVE-2008-2812,\nModerate)\n\n* a deficiency was found in the Linux kernel virtual filesystem (VFS)\nimplementation. This could allow a local, unprivileged user to attempt\nfile creation within deleted directories, possibly causing a denial of\nservice. (CVE-2008-3275, Moderate)\n\nThis update also fixes the following bugs :\n\n* the incorrect kunmap function was used in nfs_xdr_readlinkres.\nkunmap() was used where kunmap_atomic() should have been. As a\nconsequence, if an NFSv2 or NFSv3 server exported a volume containing\na symlink which included a path equal to or longer than the local\nsystem's PATH_MAX, accessing the link caused a kernel oops. This has\nbeen corrected in this update.\n\n* mptctl_gettargetinfo did not check if pIoc3 was NULL before using it\nas a pointer. This caused a kernel panic in mptctl_gettargetinfo in\nsome circumstances. A check has been added which prevents this.\n\n* lost tick compensation code in the timer interrupt routine triggered\nwithout apparent cause. When running as a fully-virtualized client,\nthis spurious triggering caused the 64-bit version of Red Hat\nEnterprise Linux 3 to present highly inaccurate times. With this\nupdate the lost tick compensation code is turned off when the\noperating system is running as a fully-virtualized client under Xen or\nVMware(r).\n\nAll Red Hat Enterprise Linux 3 users should install this updated\nkernel which addresses these vulnerabilities and fixes these bugs.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2008-December/000840.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(20, 119, 200, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-BOOT\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-hugemem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-hugemem-unsupported\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-smp-unsupported\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-unsupported\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/11/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 3\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n cve_list = make_list(\"CVE-2007-6063\", \"CVE-2008-0598\", \"CVE-2008-2136\", \"CVE-2008-2812\", \"CVE-2008-3275\", \"CVE-2008-3525\", \"CVE-2008-4210\"); \n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for ELSA-2008-0973\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item(\"Host/uname/major_minor\");\nif (empty_or_null(kernel_major_minor)) exit(1, \"Unable to determine kernel major-minor level.\");\nexpected_kernel_major_minor = \"2.4\";\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, \"running kernel level \" + expected_kernel_major_minor + \", it is running kernel level \" + kernel_major_minor);\n\nflag = 0;\nif (rpm_exists(release:\"EL3\", rpm:\"kernel-2.4.21\") && rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"kernel-2.4.21-58.0.0.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL3\", rpm:\"kernel-2.4.21\") && rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"kernel-2.4.21-58.0.0.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL3\", rpm:\"kernel-BOOT-2.4.21\") && rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"kernel-BOOT-2.4.21-58.0.0.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL3\", rpm:\"kernel-doc-2.4.21\") && rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"kernel-doc-2.4.21-58.0.0.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL3\", rpm:\"kernel-doc-2.4.21\") && rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"kernel-doc-2.4.21-58.0.0.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL3\", rpm:\"kernel-hugemem-2.4.21\") && rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"kernel-hugemem-2.4.21-58.0.0.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL3\", rpm:\"kernel-hugemem-unsupported-2.4.21\") && rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"kernel-hugemem-unsupported-2.4.21-58.0.0.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL3\", rpm:\"kernel-smp-2.4.21\") && rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"kernel-smp-2.4.21-58.0.0.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL3\", rpm:\"kernel-smp-2.4.21\") && rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"kernel-smp-2.4.21-58.0.0.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL3\", rpm:\"kernel-smp-unsupported-2.4.21\") && rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"kernel-smp-unsupported-2.4.21-58.0.0.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL3\", rpm:\"kernel-smp-unsupported-2.4.21\") && rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"kernel-smp-unsupported-2.4.21-58.0.0.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL3\", rpm:\"kernel-source-2.4.21\") && rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"kernel-source-2.4.21-58.0.0.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL3\", rpm:\"kernel-source-2.4.21\") && rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"kernel-source-2.4.21-58.0.0.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL3\", rpm:\"kernel-unsupported-2.4.21\") && rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"kernel-unsupported-2.4.21-58.0.0.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL3\", rpm:\"kernel-unsupported-2.4.21\") && rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"kernel-unsupported-2.4.21-58.0.0.0.1.EL\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-04T14:46:14", "description": "This update of the SUSE Linux Enterprise 10 Service Pack 1 kernel contains lots of bugfixes and several security fixes :\n\n - Added missing capability checks in sbni_ioctl().\n (CVE-2008-3525)\n\n - On AMD64 some string operations could leak kernel information into userspace. (CVE-2008-0598)\n\n - Added range checking in ASN.1 handling for the CIFS and SNMP NAT netfilter modules. (CVE-2008-1673)\n\n - Fixed range checking in the snd_seq OSS ioctl, which could be used to leak information from the kernel.\n (CVE-2008-3272)\n\n - Fixed a memory leak when looking up deleted directories which could be used to run the system out of memory.\n (CVE-2008-3275)\n\n - The do_change_type function in fs/namespace.c did not verify that the caller has the CAP_SYS_ADMIN capability, which allows local users to gain privileges or cause a denial of service by modifying the properties of a mountpoint. (CVE-2008-2931)\n\n - Various NULL ptr checks have been added to tty op functions, which might have been used by local attackers to execute code. We think that this affects only devices openable by root, so the impact is limited.\n (CVE-2008-2812)", "cvss3": {}, "published": "2008-10-02T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : the Linux Kernel (x86) (ZYPP Patch Number 5566)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0598", "CVE-2008-1673", "CVE-2008-2812", "CVE-2008-2931", "CVE-2008-3272", "CVE-2008-3275", "CVE-2008-3525"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_KERNEL-5566.NASL", "href": "https://www.tenable.com/plugins/nessus/34331", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(34331);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-0598\", \"CVE-2008-1673\", \"CVE-2008-2812\", \"CVE-2008-2931\", \"CVE-2008-3272\", \"CVE-2008-3275\", \"CVE-2008-3525\");\n\n script_name(english:\"SuSE 10 Security Update : the Linux Kernel (x86) (ZYPP Patch Number 5566)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of the SUSE Linux Enterprise 10 Service Pack 1 kernel\ncontains lots of bugfixes and several security fixes :\n\n - Added missing capability checks in sbni_ioctl().\n (CVE-2008-3525)\n\n - On AMD64 some string operations could leak kernel\n information into userspace. (CVE-2008-0598)\n\n - Added range checking in ASN.1 handling for the CIFS and\n SNMP NAT netfilter modules. (CVE-2008-1673)\n\n - Fixed range checking in the snd_seq OSS ioctl, which\n could be used to leak information from the kernel.\n (CVE-2008-3272)\n\n - Fixed a memory leak when looking up deleted directories\n which could be used to run the system out of memory.\n (CVE-2008-3275)\n\n - The do_change_type function in fs/namespace.c did not\n verify that the caller has the CAP_SYS_ADMIN capability,\n which allows local users to gain privileges or cause a\n denial of service by modifying the properties of a\n mountpoint. (CVE-2008-2931)\n\n - Various NULL ptr checks have been added to tty op\n functions, which might have been used by local attackers\n to execute code. We think that this affects only devices\n openable by root, so the impact is limited.\n (CVE-2008-2812)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-0598.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-1673.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-2812.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-2931.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-3272.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-3275.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-3525.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 5566.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20, 119, 189, 200, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/09/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/10/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:1, cpu:\"i586\", reference:\"kernel-bigsmp-2.6.16.54-0.2.10\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, cpu:\"i586\", reference:\"kernel-default-2.6.16.54-0.2.10\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, cpu:\"i586\", reference:\"kernel-smp-2.6.16.54-0.2.10\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, cpu:\"i586\", reference:\"kernel-source-2.6.16.54-0.2.10\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, cpu:\"i586\", reference:\"kernel-syms-2.6.16.54-0.2.10\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, cpu:\"i586\", reference:\"kernel-xen-2.6.16.54-0.2.10\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, cpu:\"i586\", reference:\"kernel-xenpae-2.6.16.54-0.2.10\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, cpu:\"i586\", reference:\"kernel-bigsmp-2.6.16.54-0.2.10\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, cpu:\"i586\", reference:\"kernel-debug-2.6.16.54-0.2.10\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, cpu:\"i586\", reference:\"kernel-default-2.6.16.54-0.2.10\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, cpu:\"i586\", reference:\"kernel-kdump-2.6.16.54-0.2.10\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, cpu:\"i586\", reference:\"kernel-smp-2.6.16.54-0.2.10\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, cpu:\"i586\", reference:\"kernel-source-2.6.16.54-0.2.10\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, cpu:\"i586\", reference:\"kernel-syms-2.6.16.54-0.2.10\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, cpu:\"i586\", reference:\"kernel-xen-2.6.16.54-0.2.10\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, cpu:\"i586\", reference:\"kernel-xenpae-2.6.16.54-0.2.10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T14:43:07", "description": "This update of the SUSE Linux Enterprise 10 Service Pack 1 kernel contains lots of bugfixes and several security fixes :\n\n - Added missing capability checks in sbni_ioctl().\n (CVE-2008-3525)\n\n - On AMD64 some string operations could leak kernel information into userspace. (CVE-2008-0598)\n\n - Added range checking in ASN.1 handling for the CIFS and SNMP NAT netfilter modules. (CVE-2008-1673)\n\n - Fixed range checking in the snd_seq OSS ioctl, which could be used to leak information from the kernel.\n (CVE-2008-3272)\n\n - Fixed a memory leak when looking up deleted directories which could be used to run the system out of memory.\n (CVE-2008-3275)\n\n - The do_change_type function in fs/namespace.c did not verify that the caller has the CAP_SYS_ADMIN capability, which allows local users to gain privileges or cause a denial of service by modifying the properties of a mountpoint. (CVE-2008-2931)\n\n - Various NULL ptr checks have been added to the tty ops functions, which might have been used by local attackers to execute code. We think that this affects only devices openable by root, so the impact is limited.\n (CVE-2008-2812)", "cvss3": {}, "published": "2012-05-17T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 5608)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0598", "CVE-2008-1673", "CVE-2008-2812", "CVE-2008-2931", "CVE-2008-3272", "CVE-2008-3275", "CVE-2008-3525"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_KERNEL-5608.NASL", "href": "https://www.tenable.com/plugins/nessus/59131", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59131);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-0598\", \"CVE-2008-1673\", \"CVE-2008-2812\", \"CVE-2008-2931\", \"CVE-2008-3272\", \"CVE-2008-3275\", \"CVE-2008-3525\");\n\n script_name(english:\"SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 5608)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of the SUSE Linux Enterprise 10 Service Pack 1 kernel\ncontains lots of bugfixes and several security fixes :\n\n - Added missing capability checks in sbni_ioctl().\n (CVE-2008-3525)\n\n - On AMD64 some string operations could leak kernel\n information into userspace. (CVE-2008-0598)\n\n - Added range checking in ASN.1 handling for the CIFS and\n SNMP NAT netfilter modules. (CVE-2008-1673)\n\n - Fixed range checking in the snd_seq OSS ioctl, which\n could be used to leak information from the kernel.\n (CVE-2008-3272)\n\n - Fixed a memory leak when looking up deleted directories\n which could be used to run the system out of memory.\n (CVE-2008-3275)\n\n - The do_change_type function in fs/namespace.c did not\n verify that the caller has the CAP_SYS_ADMIN capability,\n which allows local users to gain privileges or cause a\n denial of service by modifying the properties of a\n mountpoint. (CVE-2008-2931)\n\n - Various NULL ptr checks have been added to the tty ops\n functions, which might have been used by local attackers\n to execute code. We think that this affects only devices\n openable by root, so the impact is limited.\n (CVE-2008-2812)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-0598.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-1673.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-2812.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-2931.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-3272.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-3275.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-3525.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 5608.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20, 119, 189, 200, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/09/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/05/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:1, cpu:\"x86_64\", reference:\"kernel-default-2.6.16.54-0.2.11\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, cpu:\"x86_64\", reference:\"kernel-smp-2.6.16.54-0.2.11\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, cpu:\"x86_64\", reference:\"kernel-source-2.6.16.54-0.2.11\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, cpu:\"x86_64\", reference:\"kernel-syms-2.6.16.54-0.2.11\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, cpu:\"x86_64\", reference:\"kernel-xen-2.6.16.54-0.2.11\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, cpu:\"x86_64\", reference:\"kernel-debug-2.6.16.54-0.2.11\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, cpu:\"x86_64\", reference:\"kernel-default-2.6.16.54-0.2.11\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, cpu:\"x86_64\", reference:\"kernel-kdump-2.6.16.54-0.2.11\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, cpu:\"x86_64\", reference:\"kernel-smp-2.6.16.54-0.2.11\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, cpu:\"x86_64\", reference:\"kernel-source-2.6.16.54-0.2.11\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, cpu:\"x86_64\", reference:\"kernel-syms-2.6.16.54-0.2.11\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, cpu:\"x86_64\", reference:\"kernel-xen-2.6.16.54-0.2.11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-06T16:19:27", "description": "This update addresses the following security issues :\n\n - Tavis Ormandy discovered a deficiency in the Linux kernel 32-bit and 64-bit emulation. This could allow a local, unprivileged user to prepare and run a specially crafted binary which would use this deficiency to leak uninitialized and potentially sensitive data.\n (CVE-2008-0598, Important)\n\n - a possible kernel memory leak was found in the Linux kernel Simple Internet Transition (SIT) INET6 implementation. This could allow a local, unprivileged user to cause a denial of service. (CVE-2008-2136, Important)\n\n - missing capability checks were found in the SBNI WAN driver which could allow a local user to bypass intended capability restrictions. (CVE-2008-3525, Important)\n\n - the do_truncate() and generic_file_splice_write() functions did not clear the setuid and setgid bits. This could allow a local, unprivileged user to obtain access to privileged information. (CVE-2008-4210, Important)\n\n - a buffer overflow flaw was found in Integrated Services Digital Network (ISDN) subsystem. A local, unprivileged user could use this flaw to cause a denial of service.\n (CVE-2007-6063, Moderate)\n\n - multiple NULL pointer dereferences were found in various Linux kernel network drivers. These drivers were missing checks for terminal validity, which could allow privilege escalation. (CVE-2008-2812, Moderate)\n\n - a deficiency was found in the Linux kernel virtual filesystem (VFS) implementation. This could allow a local, unprivileged user to attempt file creation within deleted directories, possibly causing a denial of service. (CVE-2008-3275, Moderate)\n\nThis update also fixes the following bugs :\n\n - the incorrect kunmap function was used in nfs_xdr_readlinkres. kunmap() was used where kunmap_atomic() should have been. As a consequence, if an NFSv2 or NFSv3 server exported a volume containing a symlink which included a path equal to or longer than the local system's PATH_MAX, accessing the link caused a kernel oops. This has been corrected in this update.\n\n - mptctl_gettargetinfo did not check if pIoc3 was NULL before using it as a pointer. This caused a kernel panic in mptctl_gettargetinfo in some circumstances. A check has been added which prevents this.\n\n - lost tick compensation code in the timer interrupt routine triggered without apparent cause. When running as a fully-virtualized client, this spurious triggering caused the 64-bit version of Red Hat Enterprise Linux 3 to present highly inaccurate times. With this update the lost tick compensation code is turned off when the operating system is running as a fully-virtualized client under Xen or VMware&reg;.", "cvss3": {}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : kernel on SL3.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-6063", "CVE-2008-0598", "CVE-2008-2136", "CVE-2008-2812", "CVE-2008-3275", "CVE-2008-3525", "CVE-2008-4210"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20081216_KERNEL_ON_SL3_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60507", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60507);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-6063\", \"CVE-2008-0598\", \"CVE-2008-2136\", \"CVE-2008-2812\", \"CVE-2008-3275\", \"CVE-2008-3525\", \"CVE-2008-4210\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL3.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update addresses the following security issues :\n\n - Tavis Ormandy discovered a deficiency in the Linux\n kernel 32-bit and 64-bit emulation. This could allow a\n local, unprivileged user to prepare and run a specially\n crafted binary which would use this deficiency to leak\n uninitialized and potentially sensitive data.\n (CVE-2008-0598, Important)\n\n - a possible kernel memory leak was found in the Linux\n kernel Simple Internet Transition (SIT) INET6\n implementation. This could allow a local, unprivileged\n user to cause a denial of service. (CVE-2008-2136,\n Important)\n\n - missing capability checks were found in the SBNI WAN\n driver which could allow a local user to bypass intended\n capability restrictions. (CVE-2008-3525, Important)\n\n - the do_truncate() and generic_file_splice_write()\n functions did not clear the setuid and setgid bits. This\n could allow a local, unprivileged user to obtain access\n to privileged information. (CVE-2008-4210, Important)\n\n - a buffer overflow flaw was found in Integrated Services\n Digital Network (ISDN) subsystem. A local, unprivileged\n user could use this flaw to cause a denial of service.\n (CVE-2007-6063, Moderate)\n\n - multiple NULL pointer dereferences were found in various\n Linux kernel network drivers. These drivers were missing\n checks for terminal validity, which could allow\n privilege escalation. (CVE-2008-2812, Moderate)\n\n - a deficiency was found in the Linux kernel virtual\n filesystem (VFS) implementation. This could allow a\n local, unprivileged user to attempt file creation within\n deleted directories, possibly causing a denial of\n service. (CVE-2008-3275, Moderate)\n\nThis update also fixes the following bugs :\n\n - the incorrect kunmap function was used in\n nfs_xdr_readlinkres. kunmap() was used where\n kunmap_atomic() should have been. As a consequence, if\n an NFSv2 or NFSv3 server exported a volume containing a\n symlink which included a path equal to or longer than\n the local system's PATH_MAX, accessing the link caused a\n kernel oops. This has been corrected in this update.\n\n - mptctl_gettargetinfo did not check if pIoc3 was NULL\n before using it as a pointer. This caused a kernel panic\n in mptctl_gettargetinfo in some circumstances. A check\n has been added which prevents this.\n\n - lost tick compensation code in the timer interrupt\n routine triggered without apparent cause. When running\n as a fully-virtualized client, this spurious triggering\n caused the 64-bit version of Red Hat Enterprise Linux 3\n to present highly inaccurate times. With this update the\n lost tick compensation code is turned off when the\n operating system is running as a fully-virtualized\n client under Xen or VMware&reg;.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0812&L=scientific-linux-errata&T=0&P=1505\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f6f8ef2e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(20, 119, 200, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/11/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL3\", reference:\"kernel-2.4.21-58.EL\")) flag++;\nif (rpm_check(release:\"SL3\", cpu:\"i386\", reference:\"kernel-BOOT-2.4.21-58.EL\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"kernel-doc-2.4.21-58.EL\")) flag++;\nif (rpm_check(release:\"SL3\", cpu:\"i386\", reference:\"kernel-hugemem-2.4.21-58.EL\")) flag++;\nif (rpm_check(release:\"SL3\", cpu:\"i386\", reference:\"kernel-hugemem-unsupported-2.4.21-58.EL\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"kernel-smp-2.4.21-58.EL\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"kernel-smp-unsupported-2.4.21-58.EL\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"kernel-source-2.4.21-58.EL\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"kernel-unsupported-2.4.21-58.EL\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-03T14:39:08", "description": "Updated kernel packages that resolve several security issues and fix various bugs are now available for Red Hat Enterprise Linux 3.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThis update addresses the following security issues :\n\n* Tavis Ormandy discovered a deficiency in the Linux kernel 32-bit and 64-bit emulation. This could allow a local, unprivileged user to prepare and run a specially crafted binary which would use this deficiency to leak uninitialized and potentially sensitive data.\n(CVE-2008-0598, Important)\n\n* a possible kernel memory leak was found in the Linux kernel Simple Internet Transition (SIT) INET6 implementation. This could allow a local, unprivileged user to cause a denial of service. (CVE-2008-2136, Important)\n\n* missing capability checks were found in the SBNI WAN driver which could allow a local user to bypass intended capability restrictions.\n(CVE-2008-3525, Important)\n\n* the do_truncate() and generic_file_splice_write() functions did not clear the setuid and setgid bits. This could allow a local, unprivileged user to obtain access to privileged information.\n(CVE-2008-4210, Important)\n\n* a buffer overflow flaw was found in Integrated Services Digital Network (ISDN) subsystem. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2007-6063, Moderate)\n\n* multiple NULL pointer dereferences were found in various Linux kernel network drivers. These drivers were missing checks for terminal validity, which could allow privilege escalation. (CVE-2008-2812, Moderate)\n\n* a deficiency was found in the Linux kernel virtual filesystem (VFS) implementation. This could allow a local, unprivileged user to attempt file creation within deleted directories, possibly causing a denial of service. (CVE-2008-3275, Moderate)\n\nThis update also fixes the following bugs :\n\n* the incorrect kunmap function was used in nfs_xdr_readlinkres.\nkunmap() was used where kunmap_atomic() should have been. As a consequence, if an NFSv2 or NFSv3 server exported a volume containing a symlink which included a path equal to or longer than the local system's PATH_MAX, accessing the link caused a kernel oops. This has been corrected in this update.\n\n* mptctl_gettargetinfo did not check if pIoc3 was NULL before using it as a pointer. This caused a kernel panic in mptctl_gettargetinfo in some circumstances. A check has been added which prevents this.\n\n* lost tick compensation code in the timer interrupt routine triggered without apparent cause. When running as a fully-virtualized client, this spurious triggering caused the 64-bit version of Red Hat Enterprise Linux 3 to present highly inaccurate times. With this update the lost tick compensation code is turned off when the operating system is running as a fully-virtualized client under Xen or VMware(r).\n\nAll Red Hat Enterprise Linux 3 users should install this updated kernel which addresses these vulnerabilities and fixes these bugs.", "cvss3": {}, "published": "2008-12-17T00:00:00", "type": "nessus", "title": "CentOS 3 : kernel (CESA-2008:0973)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-6063", "CVE-2008-0598", "CVE-2008-2136", "CVE-2008-2812", "CVE-2008-3275", "CVE-2008-3525", "CVE-2008-4210"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:kernel-doc", "p-cpe:/a:centos:centos:kernel-hugemem", "p-cpe:/a:centos:centos:kernel-hugemem-unsupported", "p-cpe:/a:centos:centos:kernel-smp", "p-cpe:/a:centos:centos:kernel-smp-unsupported", "p-cpe:/a:centos:centos:kernel-source", "p-cpe:/a:centos:centos:kernel-unsupported", "cpe:/o:centos:centos:3", "p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-boot"], "id": "CENTOS_RHSA-2008-0973.NASL", "href": "https://www.tenable.com/plugins/nessus/35186", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0973 and \n# CentOS Errata and Security Advisory 2008:0973 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(35186);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2007-6063\", \"CVE-2008-0598\", \"CVE-2008-2136\", \"CVE-2008-2812\", \"CVE-2008-3275\", \"CVE-2008-3525\", \"CVE-2008-4210\");\n script_bugtraq_id(26605, 29235, 29942, 30076, 30647, 31368);\n script_xref(name:\"RHSA\", value:\"2008:0973\");\n\n script_name(english:\"CentOS 3 : kernel (CESA-2008:0973)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that resolve several security issues and fix\nvarious bugs are now available for Red Hat Enterprise Linux 3.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update addresses the following security issues :\n\n* Tavis Ormandy discovered a deficiency in the Linux kernel 32-bit and\n64-bit emulation. This could allow a local, unprivileged user to\nprepare and run a specially crafted binary which would use this\ndeficiency to leak uninitialized and potentially sensitive data.\n(CVE-2008-0598, Important)\n\n* a possible kernel memory leak was found in the Linux kernel Simple\nInternet Transition (SIT) INET6 implementation. This could allow a\nlocal, unprivileged user to cause a denial of service. (CVE-2008-2136,\nImportant)\n\n* missing capability checks were found in the SBNI WAN driver which\ncould allow a local user to bypass intended capability restrictions.\n(CVE-2008-3525, Important)\n\n* the do_truncate() and generic_file_splice_write() functions did not\nclear the setuid and setgid bits. This could allow a local,\nunprivileged user to obtain access to privileged information.\n(CVE-2008-4210, Important)\n\n* a buffer overflow flaw was found in Integrated Services Digital\nNetwork (ISDN) subsystem. A local, unprivileged user could use this\nflaw to cause a denial of service. (CVE-2007-6063, Moderate)\n\n* multiple NULL pointer dereferences were found in various Linux\nkernel network drivers. These drivers were missing checks for terminal\nvalidity, which could allow privilege escalation. (CVE-2008-2812,\nModerate)\n\n* a deficiency was found in the Linux kernel virtual filesystem (VFS)\nimplementation. This could allow a local, unprivileged user to attempt\nfile creation within deleted directories, possibly causing a denial of\nservice. (CVE-2008-3275, Moderate)\n\nThis update also fixes the following bugs :\n\n* the incorrect kunmap function was used in nfs_xdr_readlinkres.\nkunmap() was used where kunmap_atomic() should have been. As a\nconsequence, if an NFSv2 or NFSv3 server exported a volume containing\na symlink which included a path equal to or longer than the local\nsystem's PATH_MAX, accessing the link caused a kernel oops. This has\nbeen corrected in this update.\n\n* mptctl_gettargetinfo did not check if pIoc3 was NULL before using it\nas a pointer. This caused a kernel panic in mptctl_gettargetinfo in\nsome circumstances. A check has been added which prevents this.\n\n* lost tick compensation code in the timer interrupt routine triggered\nwithout apparent cause. When running as a fully-virtualized client,\nthis spurious triggering caused the 64-bit version of Red Hat\nEnterprise Linux 3 to present highly inaccurate times. With this\nupdate the lost tick compensation code is turned off when the\noperating system is running as a fully-virtualized client under Xen or\nVMware(r).\n\nAll Red Hat Enterprise Linux 3 users should install this updated\nkernel which addresses these vulnerabilities and fixes these bugs.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-December/015501.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6d254e94\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-December/015502.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7e5400ed\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-February/015578.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?20f73922\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(20, 119, 200, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-BOOT\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-hugemem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-hugemem-unsupported\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-smp-unsupported\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-unsupported\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/11/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/12/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 3.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-3\", reference:\"kernel-2.4.21-58.EL\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"kernel-BOOT-2.4.21-58.EL\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"kernel-doc-2.4.21-58.EL\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"kernel-hugemem-2.4.21-58.EL\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"kernel-hugemem-unsupported-2.4.21-58.EL\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"kernel-smp-2.4.21-58.EL\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"kernel-smp-2.4.21-58.EL\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"kernel-smp-unsupported-2.4.21-58.EL\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"kernel-smp-unsupported-2.4.21-58.EL\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"kernel-source-2.4.21-58.EL\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"kernel-unsupported-2.4.21-58.EL\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-BOOT / kernel-doc / kernel-hugemem / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-04T14:46:49", "description": "Updated kernel packages that resolve several security issues and fix various bugs are now available for Red Hat Enterprise Linux 3.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThis update addresses the following security issues :\n\n* Tavis Ormandy discovered a deficiency in the Linux kernel 32-bit and 64-bit emulation. This could allow a local, unprivileged user to prepare and run a specially crafted binary which would use this deficiency to leak uninitialized and potentially sensitive data.\n(CVE-2008-0598, Important)\n\n* a possible kernel memory leak was found in the Linux kernel Simple Internet Transition (SIT) INET6 implementation. This could allow a local, unprivileged user to cause a denial of service. (CVE-2008-2136, Important)\n\n* missing capability checks were found in the SBNI WAN driver which could allow a local user to bypass intended capability restrictions.\n(CVE-2008-3525, Important)\n\n* the do_truncate() and generic_file_splice_write() functions did not clear the setuid and setgid bits. This could allow a local, unprivileged user to obtain access to privileged information.\n(CVE-2008-4210, Important)\n\n* a buffer overflow flaw was found in Integrated Services Digital Network (ISDN) subsystem. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2007-6063, Moderate)\n\n* multiple NULL pointer dereferences were found in various Linux kernel network drivers. These drivers were missing checks for terminal validity, which could allow privilege escalation. (CVE-2008-2812, Moderate)\n\n* a deficiency was found in the Linux kernel virtual filesystem (VFS) implementation. This could allow a local, unprivileged user to attempt file creation within deleted directories, possibly causing a denial of service. (CVE-2008-3275, Moderate)\n\nThis update also fixes the following bugs :\n\n* the incorrect kunmap function was used in nfs_xdr_readlinkres.\nkunmap() was used where kunmap_atomic() should have been. As a consequence, if an NFSv2 or NFSv3 server exported a volume containing a symlink which included a path equal to or longer than the local system's PATH_MAX, accessing the link caused a kernel oops. This has been corrected in this update.\n\n* mptctl_gettargetinfo did not check if pIoc3 was NULL before using it as a pointer. This caused a kernel panic in mptctl_gettargetinfo in some circumstances. A check has been added which prevents this.\n\n* lost tick compensation code in the timer interrupt routine triggered without apparent cause. When running as a fully-virtualized client, this spurious triggering caused the 64-bit version of Red Hat Enterprise Linux 3 to present highly inaccurate times. With this update the lost tick compensation code is turned off when the operating system is running as a fully-virtualized client under Xen or VMware(r).\n\nAll Red Hat Enterprise Linux 3 users should install this updated kernel which addresses these vulnerabilities and fixes these bugs.", "cvss3": {}, "published": "2008-12-17T00:00:00", "type": "nessus", "title": "RHEL 3 : kernel (RHSA-2008:0973)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-6063", "CVE-2008-0598", "CVE-2008-2136", "CVE-2008-2812", "CVE-2008-3275", "CVE-2008-3525", "CVE-2008-4210"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-boot", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-hugemem", "p-cpe:/a:redhat:enterprise_linux:kernel-hugemem-unsupported", "p-cpe:/a:redhat:enterprise_linux:kernel-smp", "p-cpe:/a:redhat:enterprise_linux:kernel-smp-unsupported", "p-cpe:/a:redhat:enterprise_linux:kernel-source", "p-cpe:/a:redhat:enterprise_linux:kernel-unsupported", "cpe:/o:redhat:enterprise_linux:3"], "id": "REDHAT-RHSA-2008-0973.NASL", "href": "https://www.tenable.com/plugins/nessus/35190", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0973. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(35190);\n script_version(\"1.35\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-6063\", \"CVE-2008-0598\", \"CVE-2008-2136\", \"CVE-2008-2812\", \"CVE-2008-3275\", \"CVE-2008-3525\", \"CVE-2008-4210\");\n script_bugtraq_id(26605, 29235, 29942, 30076, 30647, 31368);\n script_xref(name:\"RHSA\", value:\"2008:0973\");\n\n script_name(english:\"RHEL 3 : kernel (RHSA-2008:0973)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that resolve several security issues and fix\nvarious bugs are now available for Red Hat Enterprise Linux 3.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update addresses the following security issues :\n\n* Tavis Ormandy discovered a deficiency in the Linux kernel 32-bit and\n64-bit emulation. This could allow a local, unprivileged user to\nprepare and run a specially crafted binary which would use this\ndeficiency to leak uninitialized and potentially sensitive data.\n(CVE-2008-0598, Important)\n\n* a possible kernel memory leak was found in the Linux kernel Simple\nInternet Transition (SIT) INET6 implementation. This could allow a\nlocal, unprivileged user to cause a denial of service. (CVE-2008-2136,\nImportant)\n\n* missing capability checks were found in the SBNI WAN driver which\ncould allow a local user to bypass intended capability restrictions.\n(CVE-2008-3525, Important)\n\n* the do_truncate() and generic_file_splice_write() functions did not\nclear the setuid and setgid bits. This could allow a local,\nunprivileged user to obtain access to privileged information.\n(CVE-2008-4210, Important)\n\n* a buffer overflow flaw was found in Integrated Services Digital\nNetwork (ISDN) subsystem. A local, unprivileged user could use this\nflaw to cause a denial of service. (CVE-2007-6063, Moderate)\n\n* multiple NULL pointer dereferences were found in various Linux\nkernel network drivers. These drivers were missing checks for terminal\nvalidity, which could allow privilege escalation. (CVE-2008-2812,\nModerate)\n\n* a deficiency was found in the Linux kernel virtual filesystem (VFS)\nimplementation. This could allow a local, unprivileged user to attempt\nfile creation within deleted directories, possibly causing a denial of\nservice. (CVE-2008-3275, Moderate)\n\nThis update also fixes the following bugs :\n\n* the incorrect kunmap function was used in nfs_xdr_readlinkres.\nkunmap() was used where kunmap_atomic() should have been. As a\nconsequence, if an NFSv2 or NFSv3 server exported a volume containing\na symlink which included a path equal to or longer than the local\nsystem's PATH_MAX, accessing the link caused a kernel oops. This has\nbeen corrected in this update.\n\n* mptctl_gettargetinfo did not check if pIoc3 was NULL before using it\nas a pointer. This caused a kernel panic in mptctl_gettargetinfo in\nsome circumstances. A check has been added which prevents this.\n\n* lost tick compensation code in the timer interrupt routine triggered\nwithout apparent cause. When running as a fully-virtualized client,\nthis spurious triggering caused the 64-bit version of Red Hat\nEnterprise Linux 3 to present highly inaccurate times. With this\nupdate the lost tick compensation code is turned off when the\noperating system is running as a fully-virtualized client under Xen or\nVMware(r).\n\nAll Red Hat Enterprise Linux 3 users should install this updated\nkernel which addresses these vulnerabilities and fixes these bugs.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-6063\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-0598\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-2136\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-2812\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-3275\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-3525\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-4210\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2008:0973\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(20, 119, 200, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-BOOT\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-hugemem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-hugemem-unsupported\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-smp-unsupported\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-unsupported\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/11/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/12/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2007-6063\", \"CVE-2008-0598\", \"CVE-2008-2136\", \"CVE-2008-2812\", \"CVE-2008-3275\", \"CVE-2008-3525\", \"CVE-2008-4210\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2008:0973\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2008:0973\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", reference:\"kernel-2.4.21-58.EL\")) flag++;\n if (rpm_check(release:\"RHEL3\", cpu:\"i386\", reference:\"kernel-BOOT-2.4.21-58.EL\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"kernel-doc-2.4.21-58.EL\")) flag++;\n if (rpm_check(release:\"RHEL3\", cpu:\"i686\", reference:\"kernel-hugemem-2.4.21-58.EL\")) flag++;\n if (rpm_check(release:\"RHEL3\", cpu:\"i686\", reference:\"kernel-hugemem-unsupported-2.4.21-58.EL\")) flag++;\n if (rpm_check(release:\"RHEL3\", cpu:\"i686\", reference:\"kernel-smp-2.4.21-58.EL\")) flag++;\n if (rpm_check(release:\"RHEL3\", cpu:\"x86_64\", reference:\"kernel-smp-2.4.21-58.EL\")) flag++;\n if (rpm_check(release:\"RHEL3\", cpu:\"i686\", reference:\"kernel-smp-unsupported-2.4.21-58.EL\")) flag++;\n if (rpm_check(release:\"RHEL3\", cpu:\"x86_64\", reference:\"kernel-smp-unsupported-2.4.21-58.EL\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"kernel-source-2.4.21-58.EL\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"kernel-unsupported-2.4.21-58.EL\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-BOOT / kernel-doc / kernel-hugemem / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-06T15:02:11", "description": "Update to kernel 2.6.29.5:\nhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.29.5 Includes DRM modesetting bug fixes. Adds driver for VIA SD/MMC controllers and full support for the Nano processor in 64-bit mode.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2009-06-25T00:00:00", "type": "nessus", "title": "Fedora 11 : kernel-2.6.29.5-191.fc11 (2009-6768)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1385", "CVE-2009-1389"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:11"], "id": "FEDORA_2009-6768.NASL", "href": "https://www.tenable.com/plugins/nessus/39506", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-6768.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(39506);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-1385\", \"CVE-2009-1389\");\n script_bugtraq_id(35185, 35281);\n script_xref(name:\"FEDORA\", value:\"2009-6768\");\n\n script_name(english:\"Fedora 11 : kernel-2.6.29.5-191.fc11 (2009-6768)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to kernel 2.6.29.5:\nhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.29.5\nIncludes DRM modesetting bug fixes. Adds driver for VIA SD/MMC\ncontrollers and full support for the Nano processor in 64-bit mode.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.29.5\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?42db42d7\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=502981\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=504726\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-June/025475.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7497f8ec\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/06/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/06/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^11([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 11.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC11\", reference:\"kernel-2.6.29.5-191.fc11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-04T14:38:20", "description": "Updated kernel packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThis update fixes the following security issues :\n\n* a flaw was found in the CIFSSMBWrite() function in the Linux kernel Common Internet File System (CIFS) implementation. A remote attacker could send a specially crafted SMB response packet to a target CIFS client, resulting in a kernel panic (denial of service).\n(CVE-2010-2248, Important)\n\n* buffer overflow flaws were found in the Linux kernel's implementation of the server-side External Data Representation (XDR) for the Network File System (NFS) version 4. An attacker on the local network could send a specially crafted large compound request to the NFSv4 server, which could possibly result in a kernel panic (denial of service) or, potentially, code execution. (CVE-2010-2521, Important)\n\nThis update also fixes the following bug :\n\n* the rpc_call_async() function in the SUN Remote Procedure Call (RPC) subsystem in the Linux kernel had a reference counting bug. In certain situations, some Network Lock Manager (NLM) messages may have triggered this bug on NFSv2 and NFSv3 servers, leading to a kernel panic (with 'kernel BUG at fs/lockd/host.c:[xxx]!' logged to '/var/log/messages'). (BZ#612962)\n\nUsers should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.", "cvss3": {}, "published": "2010-08-29T00:00:00", "type": "nessus", "title": "CentOS 4 : kernel (CESA-2010:0606)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2248", "CVE-2010-2521"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel-doc", "p-cpe:/a:centos:centos:kernel-hugemem", "p-cpe:/a:centos:centos:kernel-hugemem-devel", "p-cpe:/a:centos:centos:kernel-largesmp", "p-cpe:/a:centos:centos:kernel-largesmp-devel", "p-cpe:/a:centos:centos:kernel-smp", "p-cpe:/a:centos:centos:kernel-smp-devel", "p-cpe:/a:centos:centos:kernel-xenu", "p-cpe:/a:centos:centos:kernel-xenu-devel", "cpe:/o:centos:centos:4"], "id": "CENTOS_RHSA-2010-0606.NASL", "href": "https://www.tenable.com/plugins/nessus/48909", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0606 and \n# CentOS Errata and Security Advisory 2010:0606 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48909);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2010-2248\", \"CVE-2010-2521\");\n script_bugtraq_id(42242, 42249);\n script_xref(name:\"RHSA\", value:\"2010:0606\");\n\n script_name(english:\"CentOS 4 : kernel (CESA-2010:0606)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix multiple security issues and one bug\nare now available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n* a flaw was found in the CIFSSMBWrite() function in the Linux kernel\nCommon Internet File System (CIFS) implementation. A remote attacker\ncould send a specially crafted SMB response packet to a target CIFS\nclient, resulting in a kernel panic (denial of service).\n(CVE-2010-2248, Important)\n\n* buffer overflow flaws were found in the Linux kernel's\nimplementation of the server-side External Data Representation (XDR)\nfor the Network File System (NFS) version 4. An attacker on the local\nnetwork could send a specially crafted large compound request to the\nNFSv4 server, which could possibly result in a kernel panic (denial of\nservice) or, potentially, code execution. (CVE-2010-2521, Important)\n\nThis update also fixes the following bug :\n\n* the rpc_call_async() function in the SUN Remote Procedure Call (RPC)\nsubsystem in the Linux kernel had a reference counting bug. In certain\nsituations, some Network Lock Manager (NLM) messages may have\ntriggered this bug on NFSv2 and NFSv3 servers, leading to a kernel\npanic (with 'kernel BUG at fs/lockd/host.c:[xxx]!' logged to\n'/var/log/messages'). (BZ#612962)\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues. The system must be\nrebooted for this update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-August/016952.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6225dd7a\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-August/016953.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?42d2b795\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-hugemem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-hugemem-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-largesmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-largesmp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-smp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-xenU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-xenU-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/09/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"kernel-2.6.9-89.0.28.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"kernel-2.6.9-89.0.28.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"kernel-devel-2.6.9-89.0.28.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.9-89.0.28.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"kernel-doc-2.6.9-89.0.28.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"kernel-doc-2.6.9-89.0.28.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"kernel-hugemem-2.6.9-89.0.28.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"kernel-hugemem-devel-2.6.9-89.0.28.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"kernel-largesmp-2.6.9-89.0.28.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"kernel-largesmp-devel-2.6.9-89.0.28.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"kernel-smp-2.6.9-89.0.28.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"kernel-smp-2.6.9-89.0.28.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"kernel-smp-devel-2.6.9-89.0.28.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"kernel-smp-devel-2.6.9-89.0.28.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"kernel-xenU-2.6.9-89.0.28.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"kernel-xenU-2.6.9-89.0.28.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"kernel-xenU-devel-2.6.9-89.0.28.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"kernel-xenU-devel-2.6.9-89.0.28.EL\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-devel / kernel-doc / kernel-hugemem / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-06T15:24:07", "description": "From Red Hat Security Advisory 2010:0606 :\n\nUpdated kernel packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThis update fixes the following security issues :\n\n* a flaw was found in the CIFSSMBWrite() function in the Linux kernel Common Internet File System (CIFS) implementation. A remote attacker could send a specially crafted SMB response packet to a target CIFS client, resulting in a kernel panic (denial of service).\n(CVE-2010-2248, Important)\n\n* buffer overflow flaws were found in the Linux kernel's implementation of the server-side External Data Representation (XDR) for the Network File System (NFS) version 4. An attacker on the local network could send a specially crafted large compound request to the NFSv4 server, which could possibly result in a kernel panic (denial of service) or, potentially, code execution. (CVE-2010-2521, Important)\n\nThis update also fixes the following bug :\n\n* the rpc_call_async() function in the SUN Remote Procedure Call (RPC) subsystem in the Linux kernel had a reference counting bug. In certain situations, some Network Lock Manager (NLM) messages may have triggered this bug on NFSv2 and NFSv3 servers, leading to a kernel panic (with 'kernel BUG at fs/lockd/host.c:[xxx]!' logged to '/var/log/messages'). (BZ#612962)\n\nUsers should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.", "cvss3": {}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 4 : kernel (ELSA-2010-0606)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2248", "CVE-2010-2521"], "modified": "2021-08-24T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-doc", "p-cpe:/a:oracle:linux:kernel-hugemem", "p-cpe:/a:oracle:linux:kernel-hugemem-devel", "p-cpe:/a:oracle:linux:kernel-largesmp", "p-cpe:/a:oracle:linux:kernel-largesmp-devel", "p-cpe:/a:oracle:linux:kernel-smp", "p-cpe:/a:oracle:linux:kernel-smp-devel", "p-cpe:/a:oracle:linux:kernel-xenu", "p-cpe:/a:oracle:linux:kernel-xenu-devel", "cpe:/o:oracle:linux:4"], "id": "ORACLELINUX_ELSA-2010-0606.NASL", "href": "https://www.tenable.com/plugins/nessus/68079", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2010:0606 and \n# Oracle Linux Security Advisory ELSA-2010-0606 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68079);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/24\");\n\n script_cve_id(\"CVE-2010-2248\", \"CVE-2010-2521\");\n script_bugtraq_id(42242, 42249);\n script_xref(name:\"RHSA\", value:\"2010:0606\");\n\n script_name(english:\"Oracle Linux 4 : kernel (ELSA-2010-0606)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2010:0606 :\n\nUpdated kernel packages that fix multiple security issues and one bug\nare now available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n* a flaw was found in the CIFSSMBWrite() function in the Linux kernel\nCommon Internet File System (CIFS) implementation. A remote attacker\ncould send a specially crafted SMB response packet to a target CIFS\nclient, resulting in a kernel panic (denial of service).\n(CVE-2010-2248, Important)\n\n* buffer overflow flaws were found in the Linux kernel's\nimplementation of the server-side External Data Representation (XDR)\nfor the Network File System (NFS) version 4. An attacker on the local\nnetwork could send a specially crafted large compound request to the\nNFSv4 server, which could possibly result in a kernel panic (denial of\nservice) or, potentially, code execution. (CVE-2010-2521, Important)\n\nThis update also fixes the following bug :\n\n* the rpc_call_async() function in the SUN Remote Procedure Call (RPC)\nsubsystem in the Linux kernel had a reference counting bug. In certain\nsituations, some Network Lock Manager (NLM) messages may have\ntriggered this bug on NFSv2 and NFSv3 servers, leading to a kernel\npanic (with 'kernel BUG at fs/lockd/host.c:[xxx]!' logged to\n'/var/log/messages'). (BZ#612962)\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues. The system must be\nrebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2010-August/001586.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-hugemem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-hugemem-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-largesmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-largesmp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-smp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-xenU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-xenU-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/09/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n cve_list = make_list(\"CVE-2010-2248\", \"CVE-2010-2521\"); \n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for ELSA-2010-0606\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item(\"Host/uname/major_minor\");\nif (empty_or_null(kernel_major_minor)) exit(1, \"Unable to determine kernel major-minor level.\");\nexpected_kernel_major_minor = \"2.6\";\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, \"running kernel level \" + expected_kernel_major_minor + \", it is running kernel level \" + kernel_major_minor);\n\nflag = 0;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-2.6.9\") && rpm_check(release:\"EL4\", reference:\"kernel-2.6.9-89.0.28.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-devel-2.6.9\") && rpm_check(release:\"EL4\", reference:\"kernel-devel-2.6.9-89.0.28.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-doc-2.6.9\") && rpm_check(release:\"EL4\", reference:\"kernel-doc-2.6.9-89.0.28.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-hugemem-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"kernel-hugemem-2.6.9-89.0.28.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-hugemem-devel-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"kernel-hugemem-devel-2.6.9-89.0.28.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-largesmp-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"ia64\", reference:\"kernel-largesmp-2.6.9-89.0.28.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-largesmp-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"kernel-largesmp-2.6.9-89.0.28.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-largesmp-devel-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"ia64\", reference:\"kernel-largesmp-devel-2.6.9-89.0.28.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-largesmp-devel-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"kernel-largesmp-devel-2.6.9-89.0.28.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-smp-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"kernel-smp-2.6.9-89.0.28.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-smp-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"kernel-smp-2.6.9-89.0.28.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-smp-devel-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"kernel-smp-devel-2.6.9-89.0.28.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-smp-devel-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"kernel-smp-devel-2.6.9-89.0.28.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-xenU-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"kernel-xenU-2.6.9-89.0.28.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-xenU-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"kernel-xenU-2.6.9-89.0.28.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-xenU-devel-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"kernel-xenU-devel-2.6.9-89.0.28.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL4\", rpm:\"kernel-xenU-devel-2.6.9\") && rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"kernel-xenU-devel-2.6.9-89.0.28.0.1.EL\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T14:43:24", "description": "This SUSE Linux Enterprise 10 SP3 kernel update contains several bug fixes and fixes for the following security issues :\n\n - the stack of a process could grow into other mapped areas, therefore overwriting memory instead of terminating the process. (CVE-2010-2240)\n\n - specially crafted requests could crash an NFSv4 server.\n (CVE-2010-2521)", "cvss3": {}, "published": "2012-05-17T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : the Linux kernel (ZYPP Patch Number 7137)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2240", "CVE-2010-2521"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_KERNEL-7137.NASL", "href": "https://www.tenable.com/plugins/nessus/59151", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59151);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-2240\", \"CVE-2010-2521\");\n\n script_name(english:\"SuSE 10 Security Update : the Linux kernel (ZYPP Patch Number 7137)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This SUSE Linux Enterprise 10 SP3 kernel update contains several bug\nfixes and fixes for the following security issues :\n\n - the stack of a process could grow into other mapped\n areas, therefore overwriting memory instead of\n terminating the process. (CVE-2010-2240)\n\n - specially crafted requests could crash an NFSv4 server.\n (CVE-2010-2521)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2240.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2521.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7137.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/05/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"x86_64\", reference:\"kernel-default-2.6.16.60-0.68.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"x86_64\", reference:\"kernel-smp-2.6.16.60-0.68.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"x86_64\", reference:\"kernel-source-2.6.16.60-0.68.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"x86_64\", reference:\"kernel-syms-2.6.16.60-0.68.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"x86_64\", reference:\"kernel-xen-2.6.16.60-0.68.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"kernel-debug-2.6.16.60-0.68.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"kernel-default-2.6.16.60-0.68.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"kernel-kdump-2.6.16.60-0.68.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"kernel-smp-2.6.16.60-0.68.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"kernel-source-2.6.16.60-0.68.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"kernel-syms-2.6.16.60-0.68.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"kernel-xen-2.6.16.60-0.68.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:37:44", "description": "This SUSE Linux Enterprise 10 SP3 kernel update contains several bug fixes and fixes for the following security issues :\n\n - the stack of a process could grow into other mapped areas, therefore overwriting memory instead of terminating the process. (CVE-2010-2240)\n\n - specially crafted requests could crash an NFSv4 server.\n (CVE-2010-2521)", "cvss3": {}, "published": "2010-10-11T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : the Linux kernel (ZYPP Patch Number 7133)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2240", "CVE-2010-2521"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_KERNEL-7133.NASL", "href": "https://www.tenable.com/plugins/nessus/49873", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(49873);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-2240\", \"CVE-2010-2521\");\n\n script_name(english:\"SuSE 10 Security Update : the Linux kernel (ZYPP Patch Number 7133)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This SUSE Linux Enterprise 10 SP3 kernel update contains several bug\nfixes and fixes for the following security issues :\n\n - the stack of a process could grow into other mapped\n areas, therefore overwriting memory instead of\n terminating the process. (CVE-2010-2240)\n\n - specially crafted requests could crash an NFSv4 server.\n (CVE-2010-2521)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2240.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2521.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7133.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"i586\", reference:\"kernel-bigsmp-2.6.16.60-0.68.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"i586\", reference:\"kernel-default-2.6.16.60-0.68.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"i586\", reference:\"kernel-smp-2.6.16.60-0.68.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"i586\", reference:\"kernel-source-2.6.16.60-0.68.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"i586\", reference:\"kernel-syms-2.6.16.60-0.68.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"i586\", reference:\"kernel-xen-2.6.16.60-0.68.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"i586\", reference:\"kernel-xenpae-2.6.16.60-0.68.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"i586\", reference:\"kernel-bigsmp-2.6.16.60-0.68.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"i586\", reference:\"kernel-debug-2.6.16.60-0.68.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"i586\", reference:\"kernel-default-2.6.16.60-0.68.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"i586\", reference:\"kernel-kdump-2.6.16.60-0.68.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"i586\", reference:\"kernel-kdumppae-2.6.16.60-0.68.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"i586\", reference:\"kernel-smp-2.6.16.60-0.68.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"i586\", reference:\"kernel-source-2.6.16.60-0.68.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"i586\", reference:\"kernel-syms-2.6.16.60-0.68.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"i586\", reference:\"kernel-vmi-2.6.16.60-0.68.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"i586\", reference:\"kernel-vmipae-2.6.16.60-0.68.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"i586\", reference:\"kernel-xen-2.6.16.60-0.68.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"i586\", reference:\"kernel-xenpae-2.6.16.60-0.68.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-06T15:49:39", "description": "Updated kernel packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThis update fixes the following security issues :\n\n* a flaw was found in the CIFSSMBWrite() function in the Linux kernel Common Internet File System (CIFS) implementation. A remote attacker could send a specially crafted SMB response packet to a target CIFS client, resulting in a kernel panic (denial of service).\n(CVE-2010-2248, Important)\n\n* buffer overflow flaws were found in the Linux kernel's implementation of the server-side External Data Representation (XDR) for the Network File System (NFS) version 4. An attacker on the local network could send a specially crafted large compound request to the NFSv4 server, which could possibly result in a kernel panic (denial of service) or, potentially, code execution. (CVE-2010-2521, Important)\n\nThis update also fixes the following bug :\n\n* the rpc_call_async() function in the SUN Remote Procedure Call (RPC) subsystem in the Linux kernel had a reference counting bug. In certain situations, some Network Lock Manager (NLM) messages may have triggered this bug on NFSv2 and NFSv3 servers, leading to a kernel panic (with 'kernel BUG at fs/lockd/host.c:[xxx]!' logged to '/var/log/messages'). (BZ#612962)\n\nUsers should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.", "cvss3": {}, "published": "2010-08-06T00:00:00", "type": "nessus", "title": "RHEL 4 : kernel (RHSA-2010:0606)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2248", "CVE-2010-2521"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-hugemem", "p-cpe:/a:redhat:enterprise_linux:kernel-hugemem-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-largesmp", "p-cpe:/a:redhat:enterprise_linux:kernel-largesmp-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-smp", "p-cpe:/a:redhat:enterprise_linux:kernel-smp-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-xenu", "p-cpe:/a:redhat:enterprise_linux:kernel-xenu-devel", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:4.8"], "id": "REDHAT-RHSA-2010-0606.NASL", "href": "https://www.tenable.com/plugins/nessus/48257", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0606. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48257);\n script_version(\"1.25\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-2248\", \"CVE-2010-2521\");\n script_bugtraq_id(42242, 42249);\n script_xref(name:\"RHSA\", value:\"2010:0606\");\n\n script_name(english:\"RHEL 4 : kernel (RHSA-2010:0606)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix multiple security issues and one bug\nare now available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n* a flaw was found in the CIFSSMBWrite() function in the Linux kernel\nCommon Internet File System (CIFS) implementation. A remote attacker\ncould send a specially crafted SMB response packet to a target CIFS\nclient, resulting in a kernel panic (denial of service).\n(CVE-2010-2248, Important)\n\n* buffer overflow flaws were found in the Linux kernel's\nimplementation of the server-side External Data Representation (XDR)\nfor the Network File System (NFS) version 4. An attacker on the local\nnetwork could send a specially crafted large compound request to the\nNFSv4 server, which could possibly result in a kernel panic (denial of\nservice) or, potentially, code execution. (CVE-2010-2521, Important)\n\nThis update also fixes the following bug :\n\n* the rpc_call_async() function in the SUN Remote Procedure Call (RPC)\nsubsystem in the Linux kernel had a reference counting bug. In certain\nsituations, some Network Lock Manager (NLM) messages may have\ntriggered this bug on NFSv2 and NFSv3 servers, leading to a kernel\npanic (with 'kernel BUG at fs/lockd/host.c:[xxx]!' logged to\n'/var/log/messages'). (BZ#612962)\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues. The system must be\nrebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2248\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2521\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2010:0606\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-hugemem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-hugemem-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-largesmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-largesmp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-smp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xenU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xenU-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.8\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/09/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2010-2248\", \"CVE-2010-2521\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2010:0606\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2010:0606\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"kernel-2.6.9-89.0.28.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"kernel-devel-2.6.9-89.0.28.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"kernel-doc-2.6.9-89.0.28.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i686\", reference:\"kernel-hugemem-2.6.9-89.0.28.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i686\", reference:\"kernel-hugemem-devel-2.6.9-89.0.28.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"kernel-largesmp-2.6.9-89.0.28.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"kernel-largesmp-devel-2.6.9-89.0.28.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i686\", reference:\"kernel-smp-2.6.9-89.0.28.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"kernel-smp-2.6.9-89.0.28.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i686\", reference:\"kernel-smp-devel-2.6.9-89.0.28.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"kernel-smp-devel-2.6.9-89.0.28.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i686\", reference:\"kernel-xenU-2.6.9-89.0.28.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"kernel-xenU-2.6.9-89.0.28.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i686\", reference:\"kernel-xenU-devel-2.6.9-89.0.28.EL\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"kernel-xenU-devel-2.6.9-89.0.28.EL\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-devel / kernel-doc / kernel-hugemem / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-06T16:20:09", "description": "This update fixes the following security issues :\n\n - a flaw was found in the CIFSSMBWrite() function in the Linux kernel Common Internet File System (CIFS) implementation. A remote attacker could send a specially crafted SMB response packet to a target CIFS client, resulting in a kernel panic (denial of service).\n (CVE-2010-2248, Important)\n\n - buffer overflow flaws were found in the Linux kernel's implementation of the server-side External Data Representation (XDR) for the Network File System (NFS) version 4. An attacker on the local network could send a specially crafted large compound request to the NFSv4 server, which could possibly result in a kernel panic (denial of service) or, potentially, code execution.\n (CVE-2010-2521, Important)\n\nThis update also fixes the following bug :\n\n - the rpc_call_async() function in the SUN Remote Procedure Call (RPC) subsystem in the Linux kernel had a reference counting bug. In certain situations, some Network Lock Manager (NLM) messages may have triggered this bug on NFSv2 and NFSv3 servers, leading to a kernel panic (with 'kernel BUG at fs/lockd/host.c:[xxx]!' logged to '/var/log/messages'). (BZ#612962)\n\nThe system must be rebooted for this update to take effect.", "cvss3": {}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : kernel on SL4.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2248", "CVE-2010-2521"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20100805_KERNEL_ON_SL4_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60831", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60831);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-2248\", \"CVE-2010-2521\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL4.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes the following security issues :\n\n - a flaw was found in the CIFSSMBWrite() function in the\n Linux kernel Common Internet File System (CIFS)\n implementation. A remote attacker could send a specially\n crafted SMB response packet to a target CIFS client,\n resulting in a kernel panic (denial of service).\n (CVE-2010-2248, Important)\n\n - buffer overflow flaws were found in the Linux kernel's\n implementation of the server-side External Data\n Representation (XDR) for the Network File System (NFS)\n version 4. An attacker on the local network could send a\n specially crafted large compound request to the NFSv4\n server, which could possibly result in a kernel panic\n (denial of service) or, potentially, code execution.\n (CVE-2010-2521, Important)\n\nThis update also fixes the following bug :\n\n - the rpc_call_async() function in the SUN Remote\n Procedure Call (RPC) subsystem in the Linux kernel had a\n reference counting bug. In certain situations, some\n Network Lock Manager (NLM) messages may have triggered\n this bug on NFSv2 and NFSv3 servers, leading to a kernel\n panic (with 'kernel BUG at fs/lockd/host.c:[xxx]!'\n logged to '/var/log/messages'). (BZ#612962)\n\nThe system must be rebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=612962\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1008&L=scientific-linux-errata&T=0&P=794\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?73caa5af\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"kernel-2.6.9-89.0.28.EL\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"kernel-devel-2.6.9-89.0.28.EL\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"kernel-doc-2.6.9-89.0.28.EL\")) flag++;\nif (rpm_check(release:\"SL4\", cpu:\"i386\", reference:\"kernel-hugemem-2.6.9-89.0.28.EL\")) flag++;\nif (rpm_check(release:\"SL4\", cpu:\"i386\", reference:\"kernel-hugemem-devel-2.6.9-89.0.28.EL\")) flag++;\nif (rpm_check(release:\"SL4\", cpu:\"x86_64\", reference:\"kernel-largesmp-2.6.9-89.0.28.EL\")) flag++;\nif (rpm_check(release:\"SL4\", cpu:\"x86_64\", reference:\"kernel-largesmp-devel-2.6.9-89.0.28.EL\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"kernel-smp-2.6.9-89.0.28.EL\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"kernel-smp-devel-2.6.9-89.0.28.EL\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"kernel-xenU-2.6.9-89.0.28.EL\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"kernel-xenU-devel-2.6.9-89.0.28.EL\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T14:49:16", "description": "Update to linux kernel 2.6.27.25:\nhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.25\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2009-06-25T00:00:00", "type": "nessus", "title": "Fedora 10 : kernel-2.6.27.25-170.2.72.fc10 (2009-6883)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1385", "CVE-2009-1389"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:10"], "id": "FEDORA_2009-6883.NASL", "href": "https://www.tenable.com/plugins/nessus/39511", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-6883.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(39511);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-1385\", \"CVE-2009-1389\");\n script_bugtraq_id(32676, 33113, 35185, 35281);\n script_xref(name:\"FEDORA\", value:\"2009-6883\");\n\n script_name(english:\"Fedora 10 : kernel-2.6.27.25-170.2.72.fc10 (2009-6883)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to linux kernel 2.6.27.25:\nhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.25\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.25\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e4784762\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=502981\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=504726\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-June/025429.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4eba0bdc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/06/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/06/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^10([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 10.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC10\", reference:\"kernel-2.6.27.25-170.2.72.fc10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-06T15:02:11", "description": "Update to linux kernel 2.6.27.25:\nhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.25\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2009-06-25T00:00:00", "type": "nessus", "title": "Fedora 9 : kernel-2.6.27.25-78.2.56.fc9 (2009-6846)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1385", "CVE-2009-1389"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:9"], "id": "FEDORA_2009-6846.NASL", "href": "https://www.tenable.com/plugins/nessus/39510", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-6846.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(39510);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-1385\", \"CVE-2009-1389\");\n script_bugtraq_id(29747, 31792, 32676, 33113, 35185, 35281);\n script_xref(name:\"FEDORA\", value:\"2009-6846\");\n\n script_name(english:\"Fedora 9 : kernel-2.6.27.25-78.2.56.fc9 (2009-6846)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to linux kernel 2.6.27.25:\nhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.25\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.25\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e4784762\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=502981\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=504726\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-June/025574.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?37147158\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:9\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/06/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/06/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 9.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC9\", reference:\"kernel-2.6.27.25-78.2.56.fc9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-04T14:45:38", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or arbitrary code execution. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2007-6282 Dirk Nehring discovered a vulnerability in the IPsec code that allows remote users to cause a denial of service by sending a specially crafted ESP packet.\n\n - CVE-2008-0598 Tavis Ormandy discovered a vulnerability that allows local users to access uninitialized kernel memory, possibly leaking sensitive data. This issue is specific to the amd64-flavour kernel images.\n\n - CVE-2008-2729 Andi Kleen discovered an issue where uninitialized kernel memory was being leaked to userspace during an exception. This issue may allow local users to gain access to sensitive data. Only the amd64-flavour Debian kernel images are affected.\n\n - CVE-2008-2812 Alan Cox discovered an issue in multiple tty drivers that allows local users to trigger a denial of service (NULL pointer dereference) and possibly obtain elevated privileges.\n\n - CVE-2008-2826 Gabriel Campana discovered an integer overflow in the sctp code that can be exploited by local users to cause a denial of service.\n\n - CVE-2008-2931 Miklos Szeredi reported a missing privilege check in the do_change_type() function. This allows local, unprivileged users to change the properties of mount points.\n\n - CVE-2008-3272 Tobias Klein reported a locally exploitable data leak in the snd_seq_oss_synth_make_info() function. This may allow local users to gain access to sensitive information.\n\n - CVE-2008-3275 Zoltan Sogor discovered a coding error in the VFS that allows local users to exploit a kernel memory leak resulting in a denial of service.", "cvss3": {}, "published": "2008-08-24T00:00:00", "type": "nessus", "title": "Debian DSA-1630-1 : linux-2.6 - denial of service/information leak", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-6282", "CVE-2008-0598", "CVE-2008-2729", "CVE-2008-2812", "CVE-2008-2826", "CVE-2008-2931", "CVE-2008-3272", "CVE-2008-3275"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:linux-2.6", "cpe:/o:debian:debian_linux:4.0"], "id": "DEBIAN_DSA-1630.NASL", "href": "https://www.tenable.com/plugins/nessus/34032", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1630. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(34032);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2007-6282\", \"CVE-2008-0598\", \"CVE-2008-2729\", \"CVE-2008-2812\", \"CVE-2008-2826\", \"CVE-2008-2931\", \"CVE-2008-3272\", \"CVE-2008-3275\");\n script_bugtraq_id(29081, 29942, 30076, 30126, 30559, 30647);\n script_xref(name:\"DSA\", value:\"1630\");\n\n script_name(english:\"Debian DSA-1630-1 : linux-2.6 - denial of service/information leak\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service or arbitrary code execution. The\nCommon Vulnerabilities and Exposures project identifies the following\nproblems :\n\n - CVE-2007-6282\n Dirk Nehring discovered a vulnerability in the IPsec\n code that allows remote users to cause a denial of\n service by sending a specially crafted ESP packet.\n\n - CVE-2008-0598\n Tavis Ormandy discovered a vulnerability that allows\n local users to access uninitialized kernel memory,\n possibly leaking sensitive data. This issue is specific\n to the amd64-flavour kernel images.\n\n - CVE-2008-2729\n Andi Kleen discovered an issue where uninitialized\n kernel memory was being leaked to userspace during an\n exception. This issue may allow local users to gain\n access to sensitive data. Only the amd64-flavour Debian\n kernel images are affected.\n\n - CVE-2008-2812\n Alan Cox discovered an issue in multiple tty drivers\n that allows local users to trigger a denial of service\n (NULL pointer dereference) and possibly obtain elevated\n privileges.\n\n - CVE-2008-2826\n Gabriel Campana discovered an integer overflow in the\n sctp code that can be exploited by local users to cause\n a denial of service.\n\n - CVE-2008-2931\n Miklos Szeredi reported a missing privilege check in the\n do_change_type() function. This allows local,\n unprivileged users to change the properties of mount\n points.\n\n - CVE-2008-3272\n Tobias Klein reported a locally exploitable data leak in\n the snd_seq_oss_synth_make_info() function. This may\n allow local users to gain access to sensitive\n information.\n\n - CVE-2008-3275\n Zoltan Sogor discovered a coding error in the VFS that\n allows local users to exploit a kernel memory leak\n resulting in a denial of service.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-6282\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-0598\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-2729\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-2812\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-2826\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-2931\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-3272\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-3275\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2008/dsa-1630\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the linux-2.6, fai-kernels, and user-mode-linux packages.\n\nFor the stable distribution (etch), this problem has been fixed in\nversion 2.6.18.dfsg.1-22etch2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(16, 20, 189, 200, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-2.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/08/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/08/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"fai-kernels\", reference:\"1.17+etch.22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-doc-2.6.18\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-486\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-686\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-686-bigmem\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-all\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-all-alpha\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-all-amd64\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-all-arm\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-all-hppa\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-all-i386\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-all-ia64\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-all-mips\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-all-mipsel\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-all-powerpc\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-all-s390\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-all-sparc\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-alpha-generic\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-alpha-legacy\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-alpha-smp\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-amd64\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-footbridge\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-iop32x\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-itanium\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-ixp4xx\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-k7\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-mckinley\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-parisc\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-parisc-smp\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-parisc64\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-parisc64-smp\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-powerpc\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-powerpc-miboot\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-powerpc-smp\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-powerpc64\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-prep\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-qemu\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-r3k-kn02\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-r4k-ip22\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-r4k-kn04\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-r5k-cobalt\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-r5k-ip32\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-rpc\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-s390\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-s390x\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-s3c2410\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-sb1-bcm91250a\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-sb1a-bcm91480b\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-sparc32\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-sparc64\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-sparc64-smp\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-vserver\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-vserver-686\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-vserver-alpha\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-vserver-amd64\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-vserver-k7\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-vserver-powerpc\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-vserver-powerpc64\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-vserver-s390x\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-vserver-sparc64\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-xen\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-xen-686\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-xen-amd64\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-xen-vserver\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-xen-vserver-686\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-xen-vserver-amd64\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-486\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-686\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-686-bigmem\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-alpha-generic\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-alpha-legacy\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-alpha-smp\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-amd64\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-footbridge\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-iop32x\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-itanium\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-ixp4xx\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-k7\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-mckinley\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-parisc\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-parisc-smp\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-parisc64\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-parisc64-smp\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-powerpc\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-powerpc-miboot\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-powerpc-smp\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-powerpc64\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-prep\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-qemu\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-r3k-kn02\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-r4k-ip22\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-r4k-kn04\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-r5k-cobalt\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-r5k-ip32\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-rpc\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-s390\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-s390-tape\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-s390x\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-s3c2410\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-sb1-bcm91250a\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-sb1a-bcm91480b\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-sparc32\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-sparc64\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-sparc64-smp\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-vserver-686\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-vserver-amd64\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-vserver-k7\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-vserver-powerpc\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-vserver-powerpc64\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-vserver-s390x\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-vserver-sparc64\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-xen-686\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-xen-amd64\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-xen-vserver-686\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-xen-vserver-amd64\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-manual-2.6.18\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-modules-2.6.18-6-xen-686\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-modules-2.6.18-6-xen-amd64\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-modules-2.6.18-6-xen-vserver-686\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-modules-2.6.18-6-xen-vserver-amd64\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-patch-debian-2.6.18\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-source-2.6.18\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-support-2.6.18-6\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-tree-2.6.18\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"user-mode-linux\", reference:\"2.6.18-1um-2etch.22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"xen-linux-system-2.6.18-6-xen-686\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"xen-linux-system-2.6.18-6-xen-amd64\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"xen-linux-system-2.6.18-6-xen-vserver-686\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"xen-linux-system-2.6.18-6-xen-vserver-amd64\", reference:\"2.6.18.dfsg.1-22etch2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-06T15:57:37", "description": "The SUSE Linux Enterprise 11 kernel was updated to 2.6.27.48, fixing various bugs and security issues :\n\n - The do_gfs2_set_flags() function in fs/gfs2/file.c of the Linux kernel does not verify the ownership of a file, which allows local users to bypass intended access restrictions via a SETFLAGS ioctl request.\n (CVE-2010-1641)\n\n - The nfs_wait_on_request() function in fs/nfs/pagelist.c of the Linux kernel allows attackers to cause a denial of service (Oops) via unknown vectors related to truncating a file and an operation that is not interruptible. (CVE-2010-1087)\n\n - When strict overcommit is enabled, mm/shmem.c does not properly handle the export of shmemfs objects by knfsd, which allows attackers to cause a denial of service (NULL pointer dereference and knfsd crash) or possibly have unspecified other impact via unknown vectors.\n (CVE-2010-1643)\n\n - A race condition in the find_keyring_by_name() function in security/keys/keyring.c of the Linux kernel allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via keyctl session commands that trigger access to a dead keyring that is undergoing deletion by the key_cleanup() function. (CVE-2010-1437)\n\n - arch/1/mm/fsl_booke_mmu.c in KGDB in the Linux kernel, when running on PowerPC, does not properly perform a security check for access to a kernel page, which allows local users to overwrite arbitrary kernel memory.\n (CVE-2010-1446)\n\n - The release_one_tty() function in drivers/char/tty_io.c of the Linux kernel omits certain required calls to the put_pid() function, which has an unspecified impact and local attack vectors. (CVE-2010-1162)\n\n - The r8169 driver of the Linux kernel does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to cause a denial of service (temporary network outage) via a packet with a crafted size, in conjunction with certain packets containing A characters and certain packets containing E characters; or cause a denial of service (system crash) via a packet with a crafted size, in conjunction with certain packets containing '0' characters, related to the value of the status register and erroneous behavior associated with the RxMaxSize register. This vulnerability exists due to an incorrect fix for CVE-2009-1389. (CVE-2009-4537)\n\nFor a list of non-security related fixes please refer to the kernel RPM changelog.", "cvss3": {}, "published": "2010-12-02T00:00:00", "type": "nessus", "title": "SuSE 11 Security Update : Linux kernel (SAT Patch Numbers 2682 / 2687 / 2689)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1389", "CVE-2009-4537", "CVE-2010-1087", "CVE-2010-1162", "CVE-2010-1437", "CVE-2010-1446", "CVE-2010-1641", "CVE-2010-1643"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-default", "p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-pae", "p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-vmi", "p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-xen", "p-cpe:/a:novell:suse_linux:11:kernel-default", "p-cpe:/a:novell:suse_linux:11:kernel-default-base", "p-cpe:/a:novell:suse_linux:11:kernel-default-extra", "p-cpe:/a:novell:suse_linux:11:kernel-default-man", "p-cpe:/a:novell:suse_linux:11:kernel-pae", "p-cpe:/a:novell:suse_linux:11:kernel-pae-base", "p-cpe:/a:novell:suse_linux:11:kernel-pae-extra", "p-cpe:/a:novell:suse_linux:11:kernel-source", "p-cpe:/a:novell:suse_linux:11:kernel-syms", "p-cpe:/a:novell:suse_linux:11:kernel-vmi", "p-cpe:/a:novell:suse_linux:11:kernel-vmi-base", "p-cpe:/a:novell:suse_linux:11:kernel-xen", "p-cpe:/a:novell:suse_linux:11:kernel-xen-base", "p-cpe:/a:novell:suse_linux:11:kernel-xen-extra", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_KERNEL-100709.NASL", "href": "https://www.tenable.com/plugins/nessus/50922", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50922);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1389\", \"CVE-2009-4537\", \"CVE-2010-1087\", \"CVE-2010-1162\", \"CVE-2010-1437\", \"CVE-2010-1446\", \"CVE-2010-1641\", \"CVE-2010-1643\");\n\n script_name(english:\"SuSE 11 Security Update : Linux kernel (SAT Patch Numbers 2682 / 2687 / 2689)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 11 kernel was updated to 2.6.27.48, fixing\nvarious bugs and security issues :\n\n - The do_gfs2_set_flags() function in fs/gfs2/file.c of\n the Linux kernel does not verify the ownership of a\n file, which allows local users to bypass intended access\n restrictions via a SETFLAGS ioctl request.\n (CVE-2010-1641)\n\n - The nfs_wait_on_request() function in fs/nfs/pagelist.c\n of the Linux kernel allows attackers to cause a denial\n of service (Oops) via unknown vectors related to\n truncating a file and an operation that is not\n interruptible. (CVE-2010-1087)\n\n - When strict overcommit is enabled, mm/shmem.c does not\n properly handle the export of shmemfs objects by knfsd,\n which allows attackers to cause a denial of service\n (NULL pointer dereference and knfsd crash) or possibly\n have unspecified other impact via unknown vectors.\n (CVE-2010-1643)\n\n - A race condition in the find_keyring_by_name() function\n in security/keys/keyring.c of the Linux kernel allows\n local users to cause a denial of service (memory\n corruption and system crash) or possibly have\n unspecified other impact via keyctl session commands\n that trigger access to a dead keyring that is undergoing\n deletion by the key_cleanup() function. (CVE-2010-1437)\n\n - arch/1/mm/fsl_booke_mmu.c in KGDB in the Linux kernel,\n when running on PowerPC, does not properly perform a\n security check for access to a kernel page, which allows\n local users to overwrite arbitrary kernel memory.\n (CVE-2010-1446)\n\n - The release_one_tty() function in drivers/char/tty_io.c\n of the Linux kernel omits certain required calls to the\n put_pid() function, which has an unspecified impact and\n local attack vectors. (CVE-2010-1162)\n\n - The r8169 driver of the Linux kernel does not properly\n check the size of an Ethernet frame that exceeds the\n MTU, which allows remote attackers to cause a denial of\n service (temporary network outage) via a packet with a\n crafted size, in conjunction with certain packets\n containing A characters and certain packets containing E\n characters; or cause a denial of service (system crash)\n via a packet with a crafted size, in conjunction with\n certain packets containing '0' characters, related to\n the value of the status register and erroneous behavior\n associated with the RxMaxSize register. This\n vulnerability exists due to an incorrect fix for\n CVE-2009-1389. (CVE-2009-4537)\n\nFor a list of non-security related fixes please refer to the kernel\nRPM changelog.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=465707\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=543480\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=557710\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=559111\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=567376\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=569916\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=574006\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=577967\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=583677\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=584216\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=590415\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=591371\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=591556\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=593881\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=596113\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=596462\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=597337\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=599213\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=599955\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=600774\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=601283\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=602969\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=604183\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=608366\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=608576\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=608933\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=609134\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=610296\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=612213\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1389.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-4537.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-1087.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-1162.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-1437.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-1446.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-1641.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-1643.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Apply SAT patch number 2682 / 2687 / 2689 as appropriate.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(20, 119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-vmi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-pae-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-vmi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-vmi-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-xen-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/12/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (pl) audit(AUDIT_OS_NOT, \"SuSE 11.0\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"kernel-default-2.6.27.48-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"kernel-default-base-2.6.27.48-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"kernel-default-extra-2.6.27.48-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"kernel-pae-2.6.27.48-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"kernel-pae-base-2.6.27.48-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"kernel-pae-extra-2.6.27.48-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"kernel-source-2.6.27.48-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"kernel-syms-2.6.27.48-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"kernel-xen-2.6.27.48-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"kernel-xen-base-2.6.27.48-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"kernel-xen-extra-2.6.27.48-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"kernel-default-2.6.27.48-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"kernel-default-base-2.6.27.48-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"kernel-default-extra-2.6.27.48-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"kernel-source-2.6.27.48-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"kernel-syms-2.6.27.48-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"kernel-xen-2.6.27.48-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"kernel-xen-base-2.6.27.48-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"kernel-xen-extra-2.6.27.48-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"ext4dev-kmp-default-0_2.6.27.48_0.1-7.1.33\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"kernel-default-2.6.27.48-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"kernel-default-base-2.6.27.48-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"kernel-source-2.6.27.48-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"kernel-syms-2.6.27.48-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"i586\", reference:\"ext4dev-kmp-pae-0_2.6.27.48_0.1-7.1.33\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"i586\", reference:\"ext4dev-kmp-vmi-0_2.6.27.48_0.1-7.1.33\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"i586\", reference:\"ext4dev-kmp-xen-0_2.6.27.48_0.1-7.1.33\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"i586\", reference:\"kernel-pae-2.6.27.48-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"i586\", reference:\"kernel-pae-base-2.6.27.48-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"i586\", reference:\"kernel-vmi-2.6.27.48-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"i586\", reference:\"kernel-vmi-base-2.6.27.48-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"i586\", reference:\"kernel-xen-2.6.27.48-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"i586\", reference:\"kernel-xen-base-2.6.27.48-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"s390x\", reference:\"kernel-default-man-2.6.27.48-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"x86_64\", reference:\"ext4dev-kmp-xen-0_2.6.27.48_0.1-7.1.33\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"x86_64\", reference:\"kernel-xen-2.6.27.48-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"x86_64\", reference:\"kernel-xen-base-2.6.27.48-0.1.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "suse": [{"lastseen": "2016-09-04T12:03:38", "description": "This update fixes various security issues and some bugs in the SUSE Linux Enterprise 9 kernel. Following security issues were fixed: CVE-2010-2521: A crafted NFS write request might have caused a buffer overwrite, potentially causing a kernel crash. CVE-2008-0598: The x86_64 copy_to_user implementation might have leaked kernel memory depending on specific user buffer setups. CVE-2009-4537: drivers/net/r8169.c in the r8169 driver in the Linux kernel did not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to (1) cause a denial of service (temporary network outage) via a packet with a crafted size, in conjunction with certain packets containing A characters and certain packets containing E characters; or (2) cause a denial of service (system crash) via a packet with a crafted size, in conjunction with certain packets containing '\\0' characters, related to the value of the status register and erroneous behavior associated with the RxMaxSize register. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1389. CVE-2010-1188: Use-after-free vulnerability in net/ipv4/tcp_input.c in the Linux kernel 2.6 when IPV6_RECVPKTINFO is set on a listening socket, allowed remote attackers to cause a denial of service (kernel panic) via a SYN packet while the socket is in a listening (TCP_LISTEN) state, which is not properly handled causes the skb structure to be freed. CVE-2008-3275: The (1) real_lookup and (2) __lookup_hash functions in fs/namei.c in the vfs implementation in the Linux kernel did not prevent creation of a child dentry for a deleted (aka S_DEAD) directory, which allowed local users to cause a denial of service (\"overflow\" of the UBIFS orphan area) via a series of attempted file creations within deleted directories. CVE-2007-6733: The nfs_lock function in fs/nfs/file.c in the Linux kernel did not properly remove POSIX locks on files that are setgid without group-execute permission, which allows local users to cause a denial of service (BUG and system crash) by locking a file on an NFS filesystem and then changing this files permissions, a related issue to CVE-2010-0727. CVE-2007-6206: The do_coredump function in fs/exec.c in Linux kernel did not change the UID of a core dump file if it exists before a root process creates a core dump in the same location, which might have allowed local users to obtain sensitive information. CVE-2010-1088: fs/namei.c in the Linux kernel did not always follow NFS automount \"symlinks,\" which allowed attackers to have an unknown impact, related to LOOKUP_FOLLOW. CVE-2009-4020: Stack-based buffer overflow in the hfs subsystem in the Linux kernel allowed remote attackers to have an unspecified impact via a crafted Hierarchical File System (HFS) filesystem, related to the hfs_readdir function in fs/hfs/dir.c. CVE-2010-1083: The processcompl_compat function in drivers/usb/core/devio.c in Linux kernel did not clear the transfer buffer before returning to userspace when a USB command fails, which might have made it easier for physically proximate attackers to obtain sensitive information (kernel memory).\n#### Solution\nThere is no known workaround, please install the update packages.", "cvss3": {}, "published": "2010-09-01T13:59:34", "type": "suse", "title": "remote denial of service in kernel", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2009-4537", "CVE-2010-2521", "CVE-2008-0598", "CVE-2010-0727", "CVE-2007-6733", "CVE-2009-4020", "CVE-2010-1083", "CVE-2007-6206", "CVE-2010-1188", "CVE-2009-1389", "CVE-2008-3275", "CVE-2010-1088"], "modified": "2010-09-01T13:59:34", "id": "SUSE-SA:2010:036", "href": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00001.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:40:04", "description": "This update fixes several security issues and various bugs in the SUSE Linux Enterprise 10 SP 2 kernel. The bugs fixed include a serious data corruption regression in NFSv4 introduced by the previous update.\n#### Solution\nThere is no known workaround, please install the update packages.", "cvss3": {}, "published": "2010-05-06T16:28:01", "type": "suse", "title": "remote denial of service in kernel", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2009-4537", "CVE-2010-0410", "CVE-2009-4020", "CVE-2010-1083", "CVE-2010-1086", "CVE-2010-1088"], "modified": "2010-05-06T16:28:01", "id": "SUSE-SA:2010:023", "href": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00000.html", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:35:14", "description": "This update fixes lots of bugs and some security issues in the SUSE Linux Enterprise 10 SP 3 kernel.\n#### Solution\nThere is no known workaround, please install the update packages.", "cvss3": {}, "published": "2010-03-30T11:45:05", "type": "suse", "title": "remote denial of service in kernel", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2009-3556", "CVE-2010-0410", "CVE-2009-4020", "CVE-2010-1083", "CVE-2010-1086", "CVE-2010-1088"], "modified": "2010-03-30T11:45:05", "id": "SUSE-SA:2010:019", "href": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00007.html", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:06:22", "description": "This kernel security update for SUSE Linux Enterprise 10 Service Pack 2 fixes lots of bugs and some security issues:\n#### Solution\nThere is no known workaround, please install the update packages.", "cvss3": {}, "published": "2008-10-01T17:25:47", "type": "suse", "title": "remote denial of service in kernel", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2008-3272", "CVE-2008-0598", "CVE-2008-3275", "CVE-2008-1673"], "modified": "2008-10-01T17:25:47", "id": "SUSE-SA:2008:048", "href": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00001.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:19:06", "description": "The SUSE Linux Enterprise 10 Service Pack 1 kernel was updated to fix lots of bugs and also contains several security fixes: CVE-2008-3525: Added missing capability checks in sbni_ioctl(). CVE-2008-0598: On AMD64 some string operations could leak kernel information into userspace. CVE-2008-1673: Added range checking in ASN.1 handling for the CIFS and SNMP NAT netfilter modules. CVE-2008-3272: Fixed range checking in the snd_seq OSS ioctl, which could be used to leak information from the kernel. CVE-2008-3275: Fixed a memory leak when looking up deleted directories which could be used to run the system out of memory. CVE-2008-2931: The do_change_type function in fs/namespace.c did not verify that the caller has the CAP_SYS_ADMIN capability, which allows local users to gain privileges or cause a denial of service by modifying the properties of a mountpoint. CVE-2008-2812: Various NULL ptr checks have been added to tty op functions, which might have been used by local attackers to execute code. We think that this affects only devices openable by root, so the impact is limited. For more information consult the RPM changelog. 2) Solution or Work-Around\n#### Solution\nThere is no known workaround, please install the update packages.", "cvss3": {}, "published": "2008-10-02T11:55:46", "type": "suse", "title": "remote denial of service in kernel", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2008-3272", "CVE-2008-0598", "CVE-2008-3525", "CVE-2008-2931", "CVE-2008-3275", "CVE-2008-2812", "CVE-2008-1673"], "modified": "2008-10-02T11:55:46", "id": "SUSE-SA:2008:049", "href": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00003.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:46:26", "description": "This SUSE Linux Enterprise 10 SP3 kernel update contains several bug fixes and fixes for the following security issues: CVE-2010-2240: the stack of a process could grow into other mapped areas, therefore overwriting memory instead of terminating the process. CVE-2010-2521: specially crafted requests could crash an NFSv4 server\n#### Solution\nThere is no known workaround, please install the update packages.", "cvss3": {}, "published": "2010-09-03T15:00:05", "type": "suse", "title": "local privilege escalation in kernel", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2010-2521", "CVE-2010-2240"], "modified": "2010-09-03T15:00:05", "id": "SUSE-SA:2010:038", "href": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00002.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:07:54", "description": "This kernel update fixes the following critical security problem:\n#### Solution\nThere is no known workaround, please install the update packages.", "cvss3": {}, "published": "2008-02-12T13:43:48", "type": "suse", "title": "local privilege escalation in kernel", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2007-6151", "CVE-2007-6206", "CVE-2008-0600"], "modified": "2008-02-12T13:43:48", "id": "SUSE-SA:2008:007", "href": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00005.html", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2017-12-20T13:18:36", "description": "Check for the Version of kernel", "cvss3": {}, "published": "2010-09-10T00:00:00", "type": "openvas", "title": "SuSE Update for kernel SUSE-SA:2010:036", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-4537", "CVE-2010-2521", "CVE-2008-0598", "CVE-2010-0727", "CVE-2007-6733", "CVE-2009-4020", "CVE-2010-1083", "CVE-2007-6206", "CVE-2010-1188", "CVE-2009-1389", "CVE-2008-3275", "CVE-2010-1088"], "modified": "2017-12-19T00:00:00", "id": "OPENVAS:850140", "href": "http://plugins.openvas.org/nasl.php?oid=850140", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# SuSE Update for kernel SUSE-SA:2010:036\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"This update fixes various security issues and some bugs in the SUSE Linux\n Enterprise 9 kernel.\n\n Following security issues were fixed:\n CVE-2010-2521: A crafted NFS write request might have caused a buffer overwrite,\n potentially causing a kernel crash.\n\n CVE-2008-0598: The x86_64 copy_to_user implementation might have leaked kernel\n memory depending on specific user buffer setups.\n\n CVE-2009-4537: drivers/net/r8169.c in the r8169 driver in the Linux kernel\n did not properly check the size of an Ethernet frame that exceeds the MTU,\n which allows remote attackers to (1) cause a denial of service (temporary\n network outage) via a packet with a crafted size, in conjunction with\n certain packets containing A characters and certain packets containing E\n characters; or (2) cause a denial of service (system crash) via a packet\n with a crafted size, in conjunction with certain packets containing '\\0'\n characters, related to the value of the status register and erroneous\n behavior associated with the RxMaxSize register. NOTE: this vulnerability\n exists because of an incorrect fix for CVE-2009-1389.\n\n CVE-2010-1188: Use-after-free vulnerability in net/ipv4/tcp_input.c in\n the Linux kernel 2.6 when IPV6_RECVPKTINFO is set on a listening socket,\n allowed remote attackers to cause a denial of service (kernel panic)\n via a SYN packet while the socket is in a listening (TCP_LISTEN) state,\n which is not properly handled causes the skb structure to be freed.\n\n CVE-2008-3275: The (1) real_lookup and (2) __lookup_hash functions\n in fs/namei.c in the vfs implementation in the Linux kernel did not\n prevent creation of a child dentry for a deleted (aka S_DEAD) directory,\n which allowed local users to cause a denial of service (&quot;overflow&quot; of\n the UBIFS orphan area) via a series of attempted file creations within\n deleted directories.\n\n CVE-2007-6733: The nfs_lock function in fs/nfs/file.c in the Linux kernel\n did not properly remove POSIX locks on files that are setgid without\n group-execute permission, which allows local users to cause a denial of\n service (BUG and system crash) by locking a file on an NFS filesystem and\n then changing this files permissions, a related issue to CVE-2010-0727.\n\n CVE-2007-6206: The do_coredump function in fs/exec.c in Linux kernel\n did not change the UID of a core dump file if it exists before a root\n process creates a core dump in the same location, which might have allowed\n local users to obtain sensitive information.\n\n CVE-2010-1088: fs/namei.c in the Linux kernel did not always follow NFS\n automount &quot;sy ...\n\n Description truncated, for more information please check the Reference URL\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_impact = \"remote denial of service\";\ntag_affected = \"kernel on SUSE SLES 9\";\n\n\nif(description)\n{\n script_id(850140);\n script_version(\"$Revision: 8164 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-19 07:30:41 +0100 (Tue, 19 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-09-10 14:21:00 +0200 (Fri, 10 Sep 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUSE-SA\", value: \"2010-036\");\n script_cve_id(\"CVE-2007-6206\", \"CVE-2007-6733\", \"CVE-2008-0598\", \"CVE-2008-3275\", \"CVE-2009-1389\", \"CVE-2009-4020\", \"CVE-2009-4537\", \"CVE-2010-0727\", \"CVE-2010-1083\", \"CVE-2010-1088\", \"CVE-2010-1188\", \"CVE-2010-2521\");\n script_name(\"SuSE Update for kernel SUSE-SA:2010:036\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"SLES9.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~2.6.5~7.323\", rls:\"SLES9.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-smp\", rpm:\"kernel-smp~2.6.5~7.323\", rls:\"SLES9.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~2.6.5~7.323\", rls:\"SLES9.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~2.6.5~7.323\", rls:\"SLES9.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.5~7.323\", rls:\"SLES9.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xen-kmp\", rpm:\"xen-kmp~3.0.4_2.6.5_7.323~0.2\", rls:\"SLES9.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:38:39", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n kernel-bigsmp\n kernel-debug\n kernel-default\n kernel-kdump\n kernel-smp\n kernel-source\n kernel-syms\n kernel-vmi\n kernel-vmipae\n kernel-xen\n kernel-xenpae\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-13T00:00:00", "type": "openvas", "title": "SLES10: Security update for Linux Kernel (x86)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3272", "CVE-2008-0598", "CVE-2008-3275", "CVE-2008-1673"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231065920", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065920", "sourceData": "#\n#VID slesp2-kernel-5565\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for Linux Kernel (x86)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n kernel-bigsmp\n kernel-debug\n kernel-default\n kernel-kdump\n kernel-smp\n kernel-source\n kernel-syms\n kernel-vmi\n kernel-vmipae\n kernel-xen\n kernel-xenpae\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65920\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2008-0598\", \"CVE-2008-1673\", \"CVE-2008-3272\", \"CVE-2008-3275\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES10: Security update for Linux Kernel (x86)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"kernel-bigsmp\", rpm:\"kernel-bigsmp~2.6.16.60~0.29\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif