8.4 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.4 High
AI Score
Confidence
High
8.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:P/I:P/A:C
0.022 Low
EPSS
Percentile
89.4%
The remote host is missing an update for the
# Copyright (C) 2018 Greenbone Networks GmbH
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-or-later
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.852091");
script_version("2023-11-03T16:10:08+0000");
script_cve_id("CVE-2018-10902", "CVE-2018-10938", "CVE-2018-10940", "CVE-2018-1128", "CVE-2018-1129", "CVE-2018-12896", "CVE-2018-13093", "CVE-2018-13094", "CVE-2018-13095", "CVE-2018-14613", "CVE-2018-14617", "CVE-2018-14633", "CVE-2018-15572", "CVE-2018-16658", "CVE-2018-17182", "CVE-2018-6554", "CVE-2018-6555", "CVE-2018-9363");
script_tag(name:"cvss_base", value:"8.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:P/A:C");
script_tag(name:"last_modification", value:"2023-11-03 16:10:08 +0000 (Fri, 03 Nov 2023)");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2023-01-19 16:01:00 +0000 (Thu, 19 Jan 2023)");
script_tag(name:"creation_date", value:"2018-10-26 06:46:29 +0200 (Fri, 26 Oct 2018)");
script_name("openSUSE: Security Advisory for kernel (openSUSE-SU-2018:3071-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2018 Greenbone Networks GmbH");
script_family("SuSE Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/suse", "ssh/login/rpms", re:"ssh/login/release=openSUSELeap15\.0");
script_xref(name:"openSUSE-SU", value:"2018:3071-1");
script_xref(name:"URL", value:"https://lists.opensuse.org/opensuse-security-announce/2018-10/msg00020.html");
script_tag(name:"summary", value:"The remote host is missing an update for the 'kernel'
package(s) announced via the openSUSE-SU-2018:3071-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"The openSUSE Leap 15.0 kernel was updated
to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2018-14633: A security flaw was found in the
chap_server_compute_md5() function in the ISCSI target code in a way an
authentication request from an ISCSI initiator is processed. An
unauthenticated remote attacker can cause a stack buffer overflow and
smash up to 17 bytes of the stack. The attack requires the iSCSI target
to be enabled on the victim host. Depending on how the target's code was
built (i.e. depending on a compiler, compile flags and hardware
architecture) an attack may lead to a system crash and thus to a
denial-of-service or possibly to a non-authorized access to data
exported by an iSCSI target. Due to the nature of the flaw, privilege
escalation cannot be fully ruled out, although we believe it is highly
unlikely. Kernel versions 4.18.x, 4.14.x and 3.10.x are believed to be
vulnerable (bnc#1107829).
- CVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c
mishandled sequence number overflows. An attacker can trigger a
use-after-free (and possibly gain privileges) via certain thread
creation, map, unmap, invalidation, and dereference operations
(bnc#1108399).
- CVE-2018-14617: There is a NULL pointer dereference and panic in
hfsplus_lookup() in fs/hfsplus/dir.c when opening a file (that is
purportedly a hard link) in an hfs+ filesystem that has malformed
catalog data, and is mounted read-only without a metadata directory
(bnc#1102870).
- CVE-2018-14613: There is an invalid pointer dereference in
io_ctl_map_page() when mounting and operating a crafted btrfs image,
because of a lack of block group item validation in check_leaf_item in
fs/btrfs/tree-checker.c (bnc#1102896).
- CVE-2018-10940: The cdrom_ioctl_media_changed function in
drivers/cdrom/cdrom.c allowed local attackers to use an incorrect bounds
check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel
memory (bnc#1092903).
- CVE-2018-13093: There is a NULL pointer dereference and panic in
lookup_slow() on a NULL inode- i_ops pointer when doing pathwalks on a
corrupted xfs image. This occurs because of a lack of proper validation
that cached inodes are free during allocation (bnc#1100001).
- CVE-2018-13094: An OOPS may occur for a corrupted xfs image after
xfs_da_shrink_inode() is called with a NULL bp (bnc#1100000).
- CVE-2018-13095: A denial of service (memory corruption and BUG) can
occur for a corrupted xfs image upon encountering an inode that is in
extent format, but has more ...
Description truncated, please see the referenced URL(s) for more information.");
script_tag(name:"affected", value:"the on openSUSE Leap 15.0.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "openSUSELeap15.0") {
if(!isnull(res = isrpmvuln(pkg:"kernel-debug", rpm:"kernel-debug~4.12.14~lp150.12.19.2", rls:"openSUSELeap15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-debug-base", rpm:"kernel-debug-base~4.12.14~lp150.12.19.2", rls:"openSUSELeap15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-debug-base-debuginfo", rpm:"kernel-debug-base-debuginfo~4.12.14~lp150.12.19.2", rls:"openSUSELeap15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-debug-debuginfo", rpm:"kernel-debug-debuginfo~4.12.14~lp150.12.19.2", rls:"openSUSELeap15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-debug-debugsource", rpm:"kernel-debug-debugsource~4.12.14~lp150.12.19.2", rls:"openSUSELeap15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-debug-devel", rpm:"kernel-debug-devel~4.12.14~lp150.12.19.2", rls:"openSUSELeap15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-debug-devel-debuginfo", rpm:"kernel-debug-devel-debuginfo~4.12.14~lp150.12.19.2", rls:"openSUSELeap15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-default", rpm:"kernel-default~4.12.14~lp150.12.19.2", rls:"openSUSELeap15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-default-base", rpm:"kernel-default-base~4.12.14~lp150.12.19.2", rls:"openSUSELeap15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-default-base-debuginfo", rpm:"kernel-default-base-debuginfo~4.12.14~lp150.12.19.2", rls:"openSUSELeap15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-default-debuginfo", rpm:"kernel-default-debuginfo~4.12.14~lp150.12.19.2", rls:"openSUSELeap15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-default-debugsource", rpm:"kernel-default-debugsource~4.12.14~lp150.12.19.2", rls:"openSUSELeap15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-default-devel", rpm:"kernel-default-devel~4.12.14~lp150.12.19.2", rls:"openSUSELeap15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-default-devel-debuginfo", rpm:"kernel-default-devel-debuginfo~4.12.14~lp150.12.19.2", rls:"openSUSELeap15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-kvmsmall", rpm:"kernel-kvmsmall~4.12.14~lp150.12.19.2", rls:"openSUSELeap15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-kvmsmall-base", rpm:"kernel-kvmsmall-base~4.12.14~lp150.12.19.2", rls:"openSUSELeap15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-kvmsmall-base-debuginfo", rpm:"kernel-kvmsmall-base-debuginfo~4.12.14~lp150.12.19.2", rls:"openSUSELeap15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-kvmsmall-debuginfo", rpm:"kernel-kvmsmall-debuginfo~4.12.14~lp150.12.19.2", rls:"openSUSELeap15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-kvmsmall-debugsource", rpm:"kernel-kvmsmall-debugsource~4.12.14~lp150.12.19.2", rls:"openSUSELeap15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-kvmsmall-devel", rpm:"kernel-kvmsmall-devel~4.12.14~lp150.12.19.2", rls:"openSUSELeap15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-kvmsmall-devel-debuginfo", rpm:"kernel-kvmsmall-devel-debuginfo~4.12.14~lp150.12.19.2", rls:"openSUSELeap15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-obs-build", rpm:"kernel-obs-build~4.12.14~lp150.12.19.2", rls:"openSUSELeap15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-obs-build-debugsource", rpm:"kernel-obs-build-debugsource~4.12.14~lp150.12.19.2", rls:"openSUSELeap15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-obs-qa", rpm:"kernel-obs-qa~4.12.14~lp150.12.19.2", rls:"openSUSELeap15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-syms", rpm:"kernel-syms~4.12.14~lp150.12.19.1", rls:"openSUSELeap15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-vanilla", rpm:"kernel-vanilla~4.12.14~lp150.12.19.2", rls:"openSUSELeap15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-vanilla-base", rpm:"kernel-vanilla-base~4.12.14~lp150.12.19.2", rls:"openSUSELeap15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-vanilla-base-debuginfo", rpm:"kernel-vanilla-base-debuginfo~4.12.14~lp150.12.19.2", rls:"openSUSELeap15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-vanilla-debuginfo", rpm:"kernel-vanilla-debuginfo~4.12.14~lp150.12.19.2", rls:"openSUSELeap15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-vanilla-debugsource", rpm:"kernel-vanilla-debugsource~4.12.14~lp150.12.19.2", rls:"openSUSELeap15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-vanilla-devel", rpm:"kernel-vanilla-devel~4.12.14~lp150.12.19.2", rls:"openSUSELeap15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-vanilla-devel-debuginfo", rpm:"kernel-vanilla-devel-debuginfo~4.12.14~lp150.12.19.2", rls:"openSUSELeap15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-devel", rpm:"kernel-devel~4.12.14~lp150.12.19.1", rls:"openSUSELeap15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-docs", rpm:"kernel-docs~4.12.14~lp150.12.19.3", rls:"openSUSELeap15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-docs-html", rpm:"kernel-docs-html~4.12.14~lp150.12.19.3", rls:"openSUSELeap15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-macros", rpm:"kernel-macros~4.12.14~lp150.12.19.1", rls:"openSUSELeap15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-source", rpm:"kernel-source~4.12.14~lp150.12.19.1", rls:"openSUSELeap15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-source-vanilla", rpm:"kernel-source-vanilla~4.12.14~lp150.12.19.1", rls:"openSUSELeap15.0"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
8.4 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.4 High
AI Score
Confidence
High
8.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:P/I:P/A:C
0.022 Low
EPSS
Percentile
89.4%