DATABASE RESOURCES PRICING ABOUT US

{"id": "OPENVAS:1361412562310870454", "type": "openvas", "bulletinFamily": "scanner", "title": "RedHat Update for Red Hat Enterprise Linux 5.7 kernel RHSA-2011:1065-01", "description": "The remote host is missing an update for the ", "published": "2011-07-22T00:00:00", "modified": "2018-11-16T00:00:00", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870454", "reporter": "Copyright (c) 2011 Greenbone Networks GmbH", "references": ["https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/5.7_Technical_Notes/kernel.html#RHSA-2011-1065", "2011:1065-01", "https://www.redhat.com/archives/rhsa-announce/2011-July/msg00025.html"], "cvelist": ["CVE-2011-1780", "CVE-2011-2689", "CVE-2011-2525"], "lastseen": "2019-05-29T18:40:02", "viewCount": 17, "enchantments": {"dependencies": {"references": [{"type": "centos", "idList": ["CESA-2011:1065"]}, {"type": "cve", "idList": ["CVE-2011-1780", "CVE-2011-2525", "CVE-2011-2689"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2303-1:FAE10", "DEBIAN:DSA-2303-2:A9DDE", "DEBIAN:DSA-2310-1:3E5BE"]}, {"type": "nessus", "idList": ["CENTOS_RHSA-2011-1065.NASL", "DEBIAN_DSA-2303.NASL", "DEBIAN_DSA-2310.NASL", "ORACLELINUX_ELSA-2011-1189.NASL", "ORACLELINUX_ELSA-2011-2037.NASL", "ORACLEVM_OVMSA-2013-0039.NASL", "REDHAT-RHSA-2011-1065.NASL", "REDHAT-RHSA-2011-1090.NASL", "REDHAT-RHSA-2011-1163.NASL", "REDHAT-RHSA-2011-1189.NASL", "SL_20110823_KERNEL_ON_SL6_X.NASL", "SUSE_11_3_KERNEL-120104.NASL", "SUSE_KERNEL-7915.NASL", "SUSE_KERNEL-7918.NASL", "SUSE_SU-2013-1832-1.NASL", "UBUNTU_USN-1211-1.NASL", "UBUNTU_USN-1212-1.NASL", "UBUNTU_USN-1241-1.NASL", "UBUNTU_USN-1256-1.NASL", "UBUNTU_USN-1268-1.NASL", "UBUNTU_USN-1269-1.NASL", "UBUNTU_USN-1274-1.NASL", "UBUNTU_USN-1286-1.NASL", "VMWARE_VMSA-2012-0001.NASL", "VMWARE_VMSA-2012-0001_REMOTE.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:103448", "OPENVAS:1361412562310103448", "OPENVAS:1361412562310122029", "OPENVAS:1361412562310122103", "OPENVAS:1361412562310122122", "OPENVAS:1361412562310840748", "OPENVAS:1361412562310840749", "OPENVAS:1361412562310840790", "OPENVAS:1361412562310840802", "OPENVAS:1361412562310840811", "OPENVAS:1361412562310840816", "OPENVAS:1361412562310840823", "OPENVAS:1361412562310840828", "OPENVAS:1361412562310850253", "OPENVAS:1361412562310870470", "OPENVAS:1361412562310870646", "OPENVAS:1361412562310880988", "OPENVAS:1361412562310881313", "OPENVAS:840748", "OPENVAS:840749", "OPENVAS:840790", "OPENVAS:840802", "OPENVAS:840811", "OPENVAS:840816", "OPENVAS:840823", "OPENVAS:840828", "OPENVAS:850253", "OPENVAS:870454", "OPENVAS:870470", "OPENVAS:870646", "OPENVAS:880988", "OPENVAS:881313"]}, {"type": "oraclelinux", "idList": ["ELSA-2011-0927", "ELSA-2011-1065", "ELSA-2011-1189", "ELSA-2011-2037"]}, {"type": "osv", "idList": ["OSV:DSA-2303-1", "OSV:DSA-2310-1"]}, {"type": "redhat", "idList": ["RHSA-2011:1065", "RHSA-2011:1090", "RHSA-2011:1163", "RHSA-2011:1189"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:27006", "SECURITYVULNS:DOC:27054", "SECURITYVULNS:DOC:27375", "SECURITYVULNS:DOC:30403", "SECURITYVULNS:VULN:11922", "SECURITYVULNS:VULN:12057", "SECURITYVULNS:VULN:13641"]}, {"type": "seebug", "idList": ["SSV:20738", "SSV:20865"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2012:0206-1"]}, {"type": "ubuntu", "idList": ["USN-1211-1", "USN-1212-1", "USN-1241-1", "USN-1256-1", "USN-1268-1", "USN-1269-1", "USN-1274-1", "USN-1286-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2011-1780", "UB:CVE-2011-2525", "UB:CVE-2011-2689"]}, {"type": "veracode", "idList": ["VERACODE:24694", "VERACODE:24695", "VERACODE:24797"]}, {"type": "vmware", "idList": ["VMSA-2012-0001", "VMSA-2012-0001.2"]}]}, "score": {"value": 0.7, "vector": "NONE"}, "backreferences": {"references": [{"type": "centos", "idList": ["CESA-2011:1065"]}, {"type": "cve", "idList": ["CVE-2011-1780", "CVE-2011-2525", "CVE-2011-2689"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2310-1:3E5BE"]}, {"type": "nessus", "idList": ["ORACLEVM_OVMSA-2013-0039.NASL", "UBUNTU_USN-1269-1.NASL", "UBUNTU_USN-1286-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310870470", "OPENVAS:840811"]}, {"type": "oraclelinux", "idList": ["ELSA-2011-0927", "ELSA-2011-1065", "ELSA-2011-1189", "ELSA-2011-2037"]}, {"type": "redhat", "idList": ["RHSA-2011:1065", "RHSA-2011:1163", "RHSA-2011:1189"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:27375"]}, {"type": "seebug", "idList": ["SSV:20865"]}, {"type": "ubuntu", "idList": ["USN-1241-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2011-1780"]}, {"type": "vmware", "idList": ["VMSA-2012-0001"]}]}, "exploitation": null, "vulnersScore": 0.7}, "pluginID": "1361412562310870454", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for Red Hat Enterprise Linux 5.7 kernel RHSA-2011:1065-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2011-July/msg00025.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870454\");\n script_version(\"$Revision: 12382 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:51:56 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-07-22 14:44:51 +0200 (Fri, 22 Jul 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"RHSA\", value:\"2011:1065-01\");\n script_cve_id(\"CVE-2011-1780\", \"CVE-2011-2525\", \"CVE-2011-2689\");\n script_name(\"RedHat Update for Red Hat Enterprise Linux 5.7 kernel RHSA-2011:1065-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'Red Hat Enterprise Linux 5.7 kernel'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_5\");\n script_tag(name:\"affected\", value:\"Red Hat Enterprise Linux 5.7 kernel on Red Hat Enterprise Linux (v. 5 server)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n This update fixes the following security issues:\n\n * A flaw was found in the way the Xen hypervisor implementation handled\n instruction emulation during virtual machine exits. A malicious user-space\n process running in an SMP guest could trick the emulator into reading a\n different instruction than the one that caused the virtual machine to exit.\n An unprivileged guest user could trigger this flaw to crash the host. This\n only affects systems with both an AMD x86 processor and the AMD\n Virtualization (AMD-V) extensions enabled. (CVE-2011-1780, Important)\n\n * A flaw allowed the tc_fill_qdisc() function in the Linux kernel's packet\n scheduler API implementation to be called on built-in qdisc structures. A\n local, unprivileged user could use this flaw to trigger a NULL pointer\n dereference, resulting in a denial of service. (CVE-2011-2525, Moderate)\n\n * A flaw was found in the way space was allocated in the Linux kernel's\n Global File System 2 (GFS2) implementation. If the file system was almost\n full, and a local, unprivileged user made an fallocate() request, it could\n result in a denial of service. Note: Setting quotas to prevent users from\n using all available disk space would prevent exploitation of this flaw.\n (CVE-2011-2689, Moderate)\n\n These updated kernel packages include a number of bug fixes and\n enhancements. Space precludes documenting all of these changes in this\n advisory. Refer to the Red Hat Enterprise Linux 5.7 Technical Notes for\n information about the most significant bug fixes and enhancements included\n in this update.\n\n All Red Hat Enterprise Linux 5 users are advised to install these updated\n packages, which correct these issues. The system must be rebooted for this\n update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/5.7_Technical_Notes/kernel.html#RHSA-2011-1065\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.18~274.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.18~274.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE-debuginfo\", rpm:\"kernel-PAE-debuginfo~2.6.18~274.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.18~274.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.18~274.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.18~274.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.18~274.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.18~274.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common\", rpm:\"kernel-debuginfo-common~2.6.18~274.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.18~274.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.18~274.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.18~274.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-debuginfo\", rpm:\"kernel-xen-debuginfo~2.6.18~274.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.18~274.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.18~274.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "naslFamily": "Red Hat Local Security Checks", "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1660012827, "score": 1659850087}, "_internal": {"score_hash": "183f3c6a22ff69a6d741e0e6d3cdc869"}}

{"nessus": [{"lastseen": "2023-01-11T14:34:03", "description": "Updated kernel packages that fix multiple security issues, address several hundred bugs, and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 5. This is the seventh regular update.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThis update fixes the following security issues :\n\n* A flaw was found in the way the Xen hypervisor implementation handled instruction emulation during virtual machine exits. A malicious user-space process running in an SMP guest could trick the emulator into reading a different instruction than the one that caused the virtual machine to exit. An unprivileged guest user could trigger this flaw to crash the host. This only affects systems with both an AMD x86 processor and the AMD Virtualization (AMD-V) extensions enabled. (CVE-2011-1780, Important)\n\n* A flaw allowed the tc_fill_qdisc() function in the Linux kernel's packet scheduler API implementation to be called on built-in qdisc structures. A local, unprivileged user could use this flaw to trigger a NULL pointer dereference, resulting in a denial of service.\n(CVE-2011-2525, Moderate)\n\n* A flaw was found in the way space was allocated in the Linux kernel's Global File System 2 (GFS2) implementation. If the file system was almost full, and a local, unprivileged user made an fallocate() request, it could result in a denial of service. Note:\nSetting quotas to prevent users from using all available disk space would prevent exploitation of this flaw. (CVE-2011-2689, Moderate)\n\nThese updated kernel packages include a number of bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Refer to the Red Hat Enterprise Linux 5.7 Technical Notes for information about the most significant bug fixes and enhancements included in this update :\n\nhttps://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/ 5.7_Technical_Notes/kernel.html#RHSA-2011-1065\n\nAll Red Hat Enterprise Linux 5 users are advised to install these updated packages, which correct these issues. The system must be rebooted for this update to take effect.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2011-07-22T00:00:00", "type": "nessus", "title": "RHEL 5 : kernel (RHSA-2011:1065)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1780", "CVE-2011-2525", "CVE-2011-2689"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-PAE", "p-cpe:/a:redhat:enterprise_linux:kernel-PAE-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-xen", "p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel", "cpe:/o:redhat:enterprise_linux:5"], "id": "REDHAT-RHSA-2011-1065.NASL", "href": "https://www.tenable.com/plugins/nessus/55645", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1065. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55645);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-1780\", \"CVE-2011-2525\", \"CVE-2011-2689\");\n script_bugtraq_id(48610, 48641, 48677);\n script_xref(name:\"RHSA\", value:\"2011:1065\");\n\n script_name(english:\"RHEL 5 : kernel (RHSA-2011:1065)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix multiple security issues, address\nseveral hundred bugs, and add numerous enhancements are now available\nas part of the ongoing support and maintenance of Red Hat Enterprise\nLinux version 5. This is the seventh regular update.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n* A flaw was found in the way the Xen hypervisor implementation\nhandled instruction emulation during virtual machine exits. A\nmalicious user-space process running in an SMP guest could trick the\nemulator into reading a different instruction than the one that caused\nthe virtual machine to exit. An unprivileged guest user could trigger\nthis flaw to crash the host. This only affects systems with both an\nAMD x86 processor and the AMD Virtualization (AMD-V) extensions\nenabled. (CVE-2011-1780, Important)\n\n* A flaw allowed the tc_fill_qdisc() function in the Linux kernel's\npacket scheduler API implementation to be called on built-in qdisc\nstructures. A local, unprivileged user could use this flaw to trigger\na NULL pointer dereference, resulting in a denial of service.\n(CVE-2011-2525, Moderate)\n\n* A flaw was found in the way space was allocated in the Linux\nkernel's Global File System 2 (GFS2) implementation. If the file\nsystem was almost full, and a local, unprivileged user made an\nfallocate() request, it could result in a denial of service. Note:\nSetting quotas to prevent users from using all available disk space\nwould prevent exploitation of this flaw. (CVE-2011-2689, Moderate)\n\nThese updated kernel packages include a number of bug fixes and\nenhancements. Space precludes documenting all of these changes in this\nadvisory. Refer to the Red Hat Enterprise Linux 5.7 Technical Notes\nfor information about the most significant bug fixes and enhancements\nincluded in this update :\n\nhttps://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/\n5.7_Technical_Notes/kernel.html#RHSA-2011-1065\n\nAll Red Hat Enterprise Linux 5 users are advised to install these\nupdated packages, which correct these issues. The system must be\nrebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1780\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2525\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2689\"\n );\n # https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?056c0c27\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:1065\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-PAE-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/07/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/07/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2011-1780\", \"CVE-2011-2525\", \"CVE-2011-2689\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2011:1065\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:1065\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-2.6.18-274.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-2.6.18-274.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-2.6.18-274.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-PAE-2.6.18-274.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-PAE-devel-2.6.18-274.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-debug-2.6.18-274.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-debug-2.6.18-274.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.18-274.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-debug-devel-2.6.18-274.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-debug-devel-2.6.18-274.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.18-274.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-devel-2.6.18-274.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-devel-2.6.18-274.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.18-274.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"kernel-doc-2.6.18-274.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"kernel-headers-2.6.18-274.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-headers-2.6.18-274.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.18-274.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-kdump-2.6.18-274.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-kdump-devel-2.6.18-274.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-xen-2.6.18-274.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-xen-2.6.18-274.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-xen-devel-2.6.18-274.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-xen-devel-2.6.18-274.el5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-PAE / kernel-PAE-devel / kernel-debug / etc\");\n }\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:35:57", "description": "Updated kernel packages that fix multiple security issues, address several hundred bugs, and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 5. This is the seventh regular update.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThis update fixes the following security issues :\n\n* A flaw was found in the way the Xen hypervisor implementation handled instruction emulation during virtual machine exits. A malicious user-space process running in an SMP guest could trick the emulator into reading a different instruction than the one that caused the virtual machine to exit. An unprivileged guest user could trigger this flaw to crash the host. This only affects systems with both an AMD x86 processor and the AMD Virtualization (AMD-V) extensions enabled. (CVE-2011-1780, Important)\n\n* A flaw allowed the tc_fill_qdisc() function in the Linux kernel's packet scheduler API implementation to be called on built-in qdisc structures. A local, unprivileged user could use this flaw to trigger a NULL pointer dereference, resulting in a denial of service.\n(CVE-2011-2525, Moderate)\n\n* A flaw was found in the way space was allocated in the Linux kernel's Global File System 2 (GFS2) implementation. If the file system was almost full, and a local, unprivileged user made an fallocate() request, it could result in a denial of service. Note:\nSetting quotas to prevent users from using all available disk space would prevent exploitation of this flaw. (CVE-2011-2689, Moderate)\n\nThese updated kernel packages include a number of bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Refer to the Red Hat Enterprise Linux 5.7 Technical Notes for information about the most significant bug fixes and enhancements included in this update :\n\nhttps://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/ 5.7_Technical_Notes/kernel.html#RHSA-2011-1065\n\nAll Red Hat Enterprise Linux 5 users are advised to install these updated packages, which correct these issues. The system must be rebooted for this update to take effect.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2011-09-23T00:00:00", "type": "nessus", "title": "CentOS 5 : kernel (CESA-2011:1065)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1780", "CVE-2011-2525", "CVE-2011-2689"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-PAE", "p-cpe:/a:centos:centos:kernel-PAE-devel", "p-cpe:/a:centos:centos:kernel-debug", "p-cpe:/a:centos:centos:kernel-debug-devel", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel-doc", "p-cpe:/a:centos:centos:kernel-headers", "p-cpe:/a:centos:centos:kernel-xen", "p-cpe:/a:centos:centos:kernel-xen-devel", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2011-1065.NASL", "href": "https://www.tenable.com/plugins/nessus/56265", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1065 and \n# CentOS Errata and Security Advisory 2011:1065 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56265);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2011-1780\", \"CVE-2011-2525\", \"CVE-2011-2689\");\n script_bugtraq_id(48610, 48641, 48677);\n script_xref(name:\"RHSA\", value:\"2011:1065\");\n\n script_name(english:\"CentOS 5 : kernel (CESA-2011:1065)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix multiple security issues, address\nseveral hundred bugs, and add numerous enhancements are now available\nas part of the ongoing support and maintenance of Red Hat Enterprise\nLinux version 5. This is the seventh regular update.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n* A flaw was found in the way the Xen hypervisor implementation\nhandled instruction emulation during virtual machine exits. A\nmalicious user-space process running in an SMP guest could trick the\nemulator into reading a different instruction than the one that caused\nthe virtual machine to exit. An unprivileged guest user could trigger\nthis flaw to crash the host. This only affects systems with both an\nAMD x86 processor and the AMD Virtualization (AMD-V) extensions\nenabled. (CVE-2011-1780, Important)\n\n* A flaw allowed the tc_fill_qdisc() function in the Linux kernel's\npacket scheduler API implementation to be called on built-in qdisc\nstructures. A local, unprivileged user could use this flaw to trigger\na NULL pointer dereference, resulting in a denial of service.\n(CVE-2011-2525, Moderate)\n\n* A flaw was found in the way space was allocated in the Linux\nkernel's Global File System 2 (GFS2) implementation. If the file\nsystem was almost full, and a local, unprivileged user made an\nfallocate() request, it could result in a denial of service. Note:\nSetting quotas to prevent users from using all available disk space\nwould prevent exploitation of this flaw. (CVE-2011-2689, Moderate)\n\nThese updated kernel packages include a number of bug fixes and\nenhancements. Space precludes documenting all of these changes in this\nadvisory. Refer to the Red Hat Enterprise Linux 5.7 Technical Notes\nfor information about the most significant bug fixes and enhancements\nincluded in this update :\n\nhttps://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/\n5.7_Technical_Notes/kernel.html#RHSA-2011-1065\n\nAll Red Hat Enterprise Linux 5 users are advised to install these\nupdated packages, which correct these issues. The system must be\nrebooted for this update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-September/017864.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?45fb7621\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-September/017865.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ce55b577\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2011-September/000066.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f0ccef8a\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2011-September/000067.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?80df715a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-PAE-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/07/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/09/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-2.6.18-274.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", cpu:\"i386\", reference:\"kernel-PAE-2.6.18-274.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", cpu:\"i386\", reference:\"kernel-PAE-devel-2.6.18-274.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-debug-2.6.18-274.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-debug-devel-2.6.18-274.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-devel-2.6.18-274.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-doc-2.6.18-274.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-headers-2.6.18-274.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-xen-2.6.18-274.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-xen-devel-2.6.18-274.el5\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-PAE / kernel-PAE-devel / kernel-debug / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:41:08", "description": "Updated kernel packages that fix two security issues and three bugs are now available for Red Hat Enterprise Linux 5.6 Extended Update Support.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThis update includes backported fixes for two security issues. These issues only affected users of Red Hat Enterprise Linux 5.6 Extended Update Support, as they have already been addressed for users of Red Hat Enterprise Linux 5 in the 5.7 update, RHSA-2011:1065.\n\nThis update fixes the following security issues :\n\n* A flaw was found in the way the Xen hypervisor implementation handled instruction emulation during virtual machine exits. A malicious user-space process running in an SMP guest could trick the emulator into reading a different instruction than the one that caused the virtual machine to exit. An unprivileged guest user could trigger this flaw to crash the host. This only affects systems with both an AMD x86 processor and the AMD Virtualization (AMD-V) extensions enabled. (CVE-2011-1780, Important)\n\n* A flaw allowed the tc_fill_qdisc() function in the Linux kernel's packet scheduler API implementation to be called on built-in qdisc structures. A local, unprivileged user could use this flaw to trigger a NULL pointer dereference, resulting in a denial of service.\n(CVE-2011-2525, Moderate)\n\nThis update also fixes the following bugs :\n\n* A bug was found in the way the x86_emulate() function handled the IMUL instruction in the Xen hypervisor. On systems without support for hardware assisted paging (HAP), such as those running CPUs that do not have support for (or those that have it disabled) Intel Extended Page Tables (EPT) or AMD Virtualization (AMD-V) Rapid Virtualization Indexing (RVI), this bug could cause fully-virtualized guests to crash or lead to silent memory corruption. In reported cases, this issue occurred when booting fully-virtualized Red Hat Enterprise Linux 6.1 guests with memory cgroups enabled. (BZ#712884)\n\n* A bug in the way the ibmvscsi driver handled interrupts may have prevented automatic path recovery for multipath devices. This bug only affected 64-bit PowerPC systems. (BZ#720929)\n\n* The RHSA-2009:1243 update introduced a regression in the way file locking on NFS (Network File System) was handled. This caused applications to hang if they made a lock request on a file on an NFS version 2 or 3 file system that was mounted with the 'sec=krb5' option. With this update, the original behavior of using mixed RPC authentication flavors for NFS and locking requests has been restored.\n(BZ#722854)\n\nUsers should upgrade to these updated packages, which contain backported patches to resolve these issues. The system must be rebooted for this update to take effect.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2013-01-24T00:00:00", "type": "nessus", "title": "RHEL 5 : kernel (RHSA-2011:1163)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1780", "CVE-2011-2525"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-PAE", "p-cpe:/a:redhat:enterprise_linux:kernel-PAE-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-xen", "p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel", "cpe:/o:redhat:enterprise_linux:5.6"], "id": "REDHAT-RHSA-2011-1163.NASL", "href": "https://www.tenable.com/plugins/nessus/63996", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1163. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63996);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-1780\", \"CVE-2011-2525\");\n script_bugtraq_id(48610, 48641);\n script_xref(name:\"RHSA\", value:\"2011:1163\");\n\n script_name(english:\"RHEL 5 : kernel (RHSA-2011:1163)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix two security issues and three bugs\nare now available for Red Hat Enterprise Linux 5.6 Extended Update\nSupport.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update includes backported fixes for two security issues. These\nissues only affected users of Red Hat Enterprise Linux 5.6 Extended\nUpdate Support, as they have already been addressed for users of Red\nHat Enterprise Linux 5 in the 5.7 update, RHSA-2011:1065.\n\nThis update fixes the following security issues :\n\n* A flaw was found in the way the Xen hypervisor implementation\nhandled instruction emulation during virtual machine exits. A\nmalicious user-space process running in an SMP guest could trick the\nemulator into reading a different instruction than the one that caused\nthe virtual machine to exit. An unprivileged guest user could trigger\nthis flaw to crash the host. This only affects systems with both an\nAMD x86 processor and the AMD Virtualization (AMD-V) extensions\nenabled. (CVE-2011-1780, Important)\n\n* A flaw allowed the tc_fill_qdisc() function in the Linux kernel's\npacket scheduler API implementation to be called on built-in qdisc\nstructures. A local, unprivileged user could use this flaw to trigger\na NULL pointer dereference, resulting in a denial of service.\n(CVE-2011-2525, Moderate)\n\nThis update also fixes the following bugs :\n\n* A bug was found in the way the x86_emulate() function handled the\nIMUL instruction in the Xen hypervisor. On systems without support for\nhardware assisted paging (HAP), such as those running CPUs that do not\nhave support for (or those that have it disabled) Intel Extended Page\nTables (EPT) or AMD Virtualization (AMD-V) Rapid Virtualization\nIndexing (RVI), this bug could cause fully-virtualized guests to crash\nor lead to silent memory corruption. In reported cases, this issue\noccurred when booting fully-virtualized Red Hat Enterprise Linux 6.1\nguests with memory cgroups enabled. (BZ#712884)\n\n* A bug in the way the ibmvscsi driver handled interrupts may have\nprevented automatic path recovery for multipath devices. This bug only\naffected 64-bit PowerPC systems. (BZ#720929)\n\n* The RHSA-2009:1243 update introduced a regression in the way file\nlocking on NFS (Network File System) was handled. This caused\napplications to hang if they made a lock request on a file on an NFS\nversion 2 or 3 file system that was mounted with the 'sec=krb5'\noption. With this update, the original behavior of using mixed RPC\nauthentication flavors for NFS and locking requests has been restored.\n(BZ#722854)\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. The system must be\nrebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2011-1780.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2011-2525.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://rhn.redhat.com/errata/RHSA-2011-1065.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://rhn.redhat.com/errata/RHSA-2009-1243.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2011-1163.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-PAE-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i686\", reference:\"kernel-2.6.18-238.21.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"s390x\", reference:\"kernel-2.6.18-238.21.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-2.6.18-238.21.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i686\", reference:\"kernel-PAE-2.6.18-238.21.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i686\", reference:\"kernel-PAE-devel-2.6.18-238.21.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i686\", reference:\"kernel-debug-2.6.18-238.21.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"s390x\", reference:\"kernel-debug-2.6.18-238.21.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.18-238.21.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i686\", reference:\"kernel-debug-devel-2.6.18-238.21.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"s390x\", reference:\"kernel-debug-devel-2.6.18-238.21.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.18-238.21.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i686\", reference:\"kernel-devel-2.6.18-238.21.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"s390x\", reference:\"kernel-devel-2.6.18-238.21.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.18-238.21.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", reference:\"kernel-doc-2.6.18-238.21.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"kernel-headers-2.6.18-238.21.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"s390x\", reference:\"kernel-headers-2.6.18-238.21.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.18-238.21.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"s390x\", reference:\"kernel-kdump-2.6.18-238.21.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"s390x\", reference:\"kernel-kdump-devel-2.6.18-238.21.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i686\", reference:\"kernel-xen-2.6.18-238.21.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-xen-2.6.18-238.21.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i686\", reference:\"kernel-xen-devel-2.6.18-238.21.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-xen-devel-2.6.18-238.21.1.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:38:33", "description": "Vasily Averin discovered that the NFS Lock Manager (NLM) incorrectly handled unlock requests. A local attacker could exploit this to cause a denial of service. (CVE-2011-2491)\n\nRobert Swiecki discovered that mapping extensions were incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2496)\n\nIt was discovered that the wireless stack incorrectly verified SSID lengths. A local attacker could exploit this to cause a denial of service or gain root privileges. (CVE-2011-2517)\n\nBen Pfaff discovered that Classless Queuing Disciplines (qdiscs) were being incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2525).", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2011-11-22T00:00:00", "type": "nessus", "title": "Ubuntu 10.10 : linux-mvl-dove vulnerabilities (USN-1274-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2491", "CVE-2011-2496", "CVE-2011-2517", "CVE-2011-2525"], "modified": "2014-01-27T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:10.10"], "id": "UBUNTU_USN-1274-1.NASL", "href": "https://www.tenable.com/plugins/nessus/56916", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1274-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56916);\n script_version(\"$Revision: 1.6 $\");\n script_cvs_date(\"$Date: 2014/01/27 00:51:26 $\");\n\n script_cve_id(\"CVE-2011-2491\", \"CVE-2011-2496\", \"CVE-2011-2517\", \"CVE-2011-2525\");\n script_bugtraq_id(48538, 48641);\n script_xref(name:\"USN\", value:\"1274-1\");\n\n script_name(english:\"Ubuntu 10.10 : linux-mvl-dove vulnerabilities (USN-1274-1)\");\n script_summary(english:\"Checks dpkg output for updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Vasily Averin discovered that the NFS Lock Manager (NLM) incorrectly\nhandled unlock requests. A local attacker could exploit this to cause\na denial of service. (CVE-2011-2491)\n\nRobert Swiecki discovered that mapping extensions were incorrectly\nhandled. A local attacker could exploit this to crash the system,\nleading to a denial of service. (CVE-2011-2496)\n\nIt was discovered that the wireless stack incorrectly verified SSID\nlengths. A local attacker could exploit this to cause a denial of\nservice or gain root privileges. (CVE-2011-2517)\n\nBen Pfaff discovered that Classless Queuing Disciplines (qdiscs) were\nbeing incorrectly handled. A local attacker could exploit this to\ncrash the system, leading to a denial of service. (CVE-2011-2525).\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected linux-image-2.6.32-420-dove package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2013 Canonical, Inc. / NASL script (C) 2011-2014 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif ( ! get_kb_item(\"Host/Ubuntu/release\") ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.10\", pkgname:\"linux-image-2.6.32-420-dove\", pkgver:\"2.6.32-420.38\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:ubuntu_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:38:11", "description": "Vasily Averin discovered that the NFS Lock Manager (NLM) incorrectly handled unlock requests. A local attacker could exploit this to cause a denial of service. (CVE-2011-2491)\n\nRobert Swiecki discovered that mapping extensions were incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2496)\n\nIt was discovered that the wireless stack incorrectly verified SSID lengths. A local attacker could exploit this to cause a denial of service or gain root privileges. (CVE-2011-2517)\n\nBen Pfaff discovered that Classless Queuing Disciplines (qdiscs) were being incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2525).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2011-11-26T00:00:00", "type": "nessus", "title": "Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-1269-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2491", "CVE-2011-2496", "CVE-2011-2517", "CVE-2011-2525"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-ec2", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts"], "id": "UBUNTU_USN-1269-1.NASL", "href": "https://www.tenable.com/plugins/nessus/56943", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1269-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56943);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2011-2491\", \"CVE-2011-2496\", \"CVE-2011-2517\", \"CVE-2011-2525\");\n script_bugtraq_id(48641);\n script_xref(name:\"USN\", value:\"1269-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-1269-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Vasily Averin discovered that the NFS Lock Manager (NLM) incorrectly\nhandled unlock requests. A local attacker could exploit this to cause\na denial of service. (CVE-2011-2491)\n\nRobert Swiecki discovered that mapping extensions were incorrectly\nhandled. A local attacker could exploit this to crash the system,\nleading to a denial of service. (CVE-2011-2496)\n\nIt was discovered that the wireless stack incorrectly verified SSID\nlengths. A local attacker could exploit this to cause a denial of\nservice or gain root privileges. (CVE-2011-2517)\n\nBen Pfaff discovered that Classless Queuing Disciplines (qdiscs) were\nbeing incorrectly handled. A local attacker could exploit this to\ncrash the system, leading to a denial of service. (CVE-2011-2525).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1269-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected linux-image-2.6-ec2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/02/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2011-2491\", \"CVE-2011-2496\", \"CVE-2011-2517\", \"CVE-2011-2525\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-1269-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-340-ec2\", pkgver:\"2.6.32-340.40\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-2.6-ec2\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-18T14:40:15", "description": "An updated rhev-hypervisor package that fixes one security issue and several bugs is now available.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe rhev-hypervisor package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions.\n\nA flaw was found that allowed napi_reuse_skb() to be called on VLAN (virtual LAN) packets. An attacker on the local network could trigger this flaw by sending specially crafted packets to a target system, possibly causing a denial of service. (CVE-2011-1576)\n\nRed Hat would like to thank Ryan Sweat for reporting CVE-2011-1576.\n\nThis updated package provides updated components that include fixes for security issues; however, these issues have no security impact for Red Hat Enterprise Virtualization Hypervisor. These fixes are for bash issue CVE-2008-5374; curl issue CVE-2011-2192; kernel issues CVE-2010-4649, CVE-2011-0695, CVE-2011-0711, CVE-2011-1044, CVE-2011-1182, CVE-2011-1573, CVE-2011-1593, CVE-2011-1745, CVE-2011-1746, CVE-2011-1776, CVE-2011-1780, CVE-2011-1936, CVE-2011-2022, CVE-2011-2213, CVE-2011-2492, CVE-2011-2525, and CVE-2011-2689; libvirt issue CVE-2011-2511; and rsync issue CVE-2007-6200.\n\nThis update also fixes several bugs. Documentation for these bug fixes will be available shortly from the Technical Notes document linked to in the References section.\n\nAs Red Hat Enterprise Virtualization Hypervisor is based on KVM, the bug fixes from the KVM update RHBA-2011:1068 have been included in this update :\n\nhttps://rhn.redhat.com/errata/RHBA-2011-1068.html\n\nUsers of Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package, which resolves this issue and fixes the bugs noted in the Technical Notes.", "cvss3": {}, "published": "2014-11-17T00:00:00", "type": "nessus", "title": "RHEL 5 : rhev-hypervisor (RHSA-2011:1090)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 5.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 5.7, "vectorString": "AV:A/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6200", "CVE-2008-5374", "CVE-2010-4649", "CVE-2011-0695", "CVE-2011-0711", "CVE-2011-1044", "CVE-2011-1182", "CVE-2011-1573", "CVE-2011-1576", "CVE-2011-1593", "CVE-2011-1745", "CVE-2011-1746", "CVE-2011-1776", "CVE-2011-1780", "CVE-2011-1936", "CVE-2011-2022", "CVE-2011-2192", "CVE-2011-2213", "CVE-2011-2492", "CVE-2011-2511", "CVE-2011-2525", "CVE-2011-2689"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor", "cpe:/o:redhat:enterprise_linux:5"], "id": "REDHAT-RHSA-2011-1090.NASL", "href": "https://www.tenable.com/plugins/nessus/79279", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1090. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79279);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-1576\");\n script_xref(name:\"RHSA\", value:\"2011:1090\");\n\n script_name(english:\"RHEL 5 : rhev-hypervisor (RHSA-2011:1090)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated rhev-hypervisor package that fixes one security issue and\nseveral bugs is now available.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe rhev-hypervisor package provides a Red Hat Enterprise\nVirtualization Hypervisor ISO disk image. The Red Hat Enterprise\nVirtualization Hypervisor is a dedicated Kernel-based Virtual Machine\n(KVM) hypervisor. It includes everything necessary to run and manage\nvirtual machines: A subset of the Red Hat Enterprise Linux operating\nenvironment and the Red Hat Enterprise Virtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available\nfor the Intel 64 and AMD64 architectures with virtualization\nextensions.\n\nA flaw was found that allowed napi_reuse_skb() to be called on VLAN\n(virtual LAN) packets. An attacker on the local network could trigger\nthis flaw by sending specially crafted packets to a target system,\npossibly causing a denial of service. (CVE-2011-1576)\n\nRed Hat would like to thank Ryan Sweat for reporting CVE-2011-1576.\n\nThis updated package provides updated components that include fixes\nfor security issues; however, these issues have no security impact for\nRed Hat Enterprise Virtualization Hypervisor. These fixes are for bash\nissue CVE-2008-5374; curl issue CVE-2011-2192; kernel issues\nCVE-2010-4649, CVE-2011-0695, CVE-2011-0711, CVE-2011-1044,\nCVE-2011-1182, CVE-2011-1573, CVE-2011-1593, CVE-2011-1745,\nCVE-2011-1746, CVE-2011-1776, CVE-2011-1780, CVE-2011-1936,\nCVE-2011-2022, CVE-2011-2213, CVE-2011-2492, CVE-2011-2525, and\nCVE-2011-2689; libvirt issue CVE-2011-2511; and rsync issue\nCVE-2007-6200.\n\nThis update also fixes several bugs. Documentation for these bug fixes\nwill be available shortly from the Technical Notes document linked to\nin the References section.\n\nAs Red Hat Enterprise Virtualization Hypervisor is based on KVM, the\nbug fixes from the KVM update RHBA-2011:1068 have been included in\nthis update :\n\nhttps://rhn.redhat.com/errata/RHBA-2011-1068.html\n\nUsers of Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to this updated package, which resolves this issue and fixes\nthe bugs noted in the Technical Notes.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1576\"\n );\n # https://docs.redhat.com/docs/en-US/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/documentation/en-US/\"\n );\n # https://rhn.redhat.com/errata/RHBA-2011-1068.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHBA-2011:1068\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:1090\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected rhev-hypervisor package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/08/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:1090\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"rhev-hypervisor-5.7-20110725.1.el5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rhev-hypervisor\");\n }\n}\n", "cvss": {"score": 5.7, "vector": "AV:A/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-11T14:38:23", "description": "It was discovered that CIFS incorrectly handled authentication. When a user had a CIFS share mounted that required authentication, a local user could mount the same share without knowing the correct password.\n(CVE-2011-1585)\n\nIt was discovered that the GRE protocol incorrectly handled netns initialization. A remote attacker could send a packet while the ip_gre module was loading, and crash the system, leading to a denial of service. (CVE-2011-1767)\n\nIt was discovered that the IP/IP protocol incorrectly handled netns initialization. A remote attacker could send a packet while the ipip module was loading, and crash the system, leading to a denial of service. (CVE-2011-1768)\n\nVasily Averin discovered that the NFS Lock Manager (NLM) incorrectly handled unlock requests. A local attacker could exploit this to cause a denial of service. (CVE-2011-2491)\n\nRobert Swiecki discovered that mapping extensions were incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2496)\n\nBen Pfaff discovered that Classless Queuing Disciplines (qdiscs) were being incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2525)\n\nYasuaki Ishimatsu discovered a flaw in the kernel's clock implementation. A local unprivileged attacker could exploit this causing a denial of service. (CVE-2011-3209).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2011-11-22T00:00:00", "type": "nessus", "title": "Ubuntu 8.04 LTS : linux vulnerabilities (USN-1268-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1585", "CVE-2011-1767", "CVE-2011-1768", "CVE-2011-2491", "CVE-2011-2496", "CVE-2011-2525", "CVE-2011-3209"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpia", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpiacompat", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-openvz", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-rt", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-xen", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts"], "id": "UBUNTU_USN-1268-1.NASL", "href": "https://www.tenable.com/plugins/nessus/56911", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1268-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56911);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2011-1585\", \"CVE-2011-1767\", \"CVE-2011-1768\", \"CVE-2011-2491\", \"CVE-2011-2496\", \"CVE-2011-2525\", \"CVE-2011-3209\");\n script_bugtraq_id(47852, 47853, 48641, 50311);\n script_xref(name:\"USN\", value:\"1268-1\");\n\n script_name(english:\"Ubuntu 8.04 LTS : linux vulnerabilities (USN-1268-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that CIFS incorrectly handled authentication. When a\nuser had a CIFS share mounted that required authentication, a local\nuser could mount the same share without knowing the correct password.\n(CVE-2011-1585)\n\nIt was discovered that the GRE protocol incorrectly handled netns\ninitialization. A remote attacker could send a packet while the ip_gre\nmodule was loading, and crash the system, leading to a denial of\nservice. (CVE-2011-1767)\n\nIt was discovered that the IP/IP protocol incorrectly handled netns\ninitialization. A remote attacker could send a packet while the ipip\nmodule was loading, and crash the system, leading to a denial of\nservice. (CVE-2011-1768)\n\nVasily Averin discovered that the NFS Lock Manager (NLM) incorrectly\nhandled unlock requests. A local attacker could exploit this to cause\na denial of service. (CVE-2011-2491)\n\nRobert Swiecki discovered that mapping extensions were incorrectly\nhandled. A local attacker could exploit this to crash the system,\nleading to a denial of service. (CVE-2011-2496)\n\nBen Pfaff discovered that Classless Queuing Disciplines (qdiscs) were\nbeing incorrectly handled. A local attacker could exploit this to\ncrash the system, leading to a denial of service. (CVE-2011-2525)\n\nYasuaki Ishimatsu discovered a flaw in the kernel's clock\nimplementation. A local unprivileged attacker could exploit this\ncausing a denial of service. (CVE-2011-3209).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1268-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpia\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpiacompat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-openvz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/02/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(8\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2011-1585\", \"CVE-2011-1767\", \"CVE-2011-1768\", \"CVE-2011-2491\", \"CVE-2011-2496\", \"CVE-2011-2525\", \"CVE-2011-3209\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-1268-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-30-386\", pkgver:\"2.6.24-30.96\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-30-generic\", pkgver:\"2.6.24-30.96\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-30-lpia\", pkgver:\"2.6.24-30.96\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-30-lpiacompat\", pkgver:\"2.6.24-30.96\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-30-openvz\", pkgver:\"2.6.24-30.96\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-30-rt\", pkgver:\"2.6.24-30.96\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-30-server\", pkgver:\"2.6.24-30.96\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-30-virtual\", pkgver:\"2.6.24-30.96\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-30-xen\", pkgver:\"2.6.24-30.96\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-2.6-386 / linux-image-2.6-generic / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:35:39", "description": "It was discovered that the /proc filesystem did not correctly handle permission changes when programs executed. A local attacker could hold open files to examine details about programs running with higher privileges, potentially increasing the chances of exploiting additional vulnerabilities. (CVE-2011-1020)\n\nDan Rosenberg discovered that the X.25 Rose network stack did not correctly handle certain fields. If a system was running with Rose enabled, a remote attacker could send specially crafted traffic to gain root privileges. (CVE-2011-1493)\n\nVasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not correctly check the origin of mount points. A local attacker could exploit this to trick the system into unmounting arbitrary mount points, leading to a denial of service. (CVE-2011-1833)\n\nIt was discovered that Bluetooth l2cap and rfcomm did not correctly initialize structures. A local attacker could exploit this to read portions of the kernel stack, leading to a loss of privacy.\n(CVE-2011-2492)\n\nIt was discovered that GFS2 did not correctly check block sizes. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2689)\n\nFernando Gont discovered that the IPv6 stack used predictable fragment identification numbers. A remote attacker could exploit this to exhaust network resources, leading to a denial of service.\n(CVE-2011-2699)\n\nThe performance counter subsystem did not correctly handle certain counters. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2918)\n\nA flaw was found in the Linux kernel's /proc/*/*map* interface. A local, unprivileged user could exploit this flaw to cause a denial of service. (CVE-2011-3637)\n\nBen Hutchings discovered several flaws in the Linux Rose (X.25 PLP) layer. A local user or a remote user on an X.25 network could exploit these flaws to execute arbitrary code as root. (CVE-2011-4914).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2011-09-22T00:00:00", "type": "nessus", "title": "Ubuntu 11.04 : linux vulnerabilities (USN-1211-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1020", "CVE-2011-1493", "CVE-2011-1833", "CVE-2011-2492", "CVE-2011-2689", "CVE-2011-2699", "CVE-2011-2918", "CVE-2011-3637", "CVE-2011-4914"], "modified": "2019-10-16T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-versatile", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual", "cpe:/o:canonical:ubuntu_linux:11.04"], "id": "UBUNTU_USN-1211-1.NASL", "href": "https://www.tenable.com/plugins/nessus/56256", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1211-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56256);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2019/10/16 10:34:22\");\n\n script_cve_id(\"CVE-2011-1020\", \"CVE-2011-1493\", \"CVE-2011-1833\", \"CVE-2011-2492\", \"CVE-2011-2689\", \"CVE-2011-2699\", \"CVE-2011-2918\", \"CVE-2011-3637\", \"CVE-2011-4914\");\n script_bugtraq_id(46567, 46935, 48441, 48677, 48802, 49152);\n script_xref(name:\"USN\", value:\"1211-1\");\n\n script_name(english:\"Ubuntu 11.04 : linux vulnerabilities (USN-1211-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the /proc filesystem did not correctly handle\npermission changes when programs executed. A local attacker could hold\nopen files to examine details about programs running with higher\nprivileges, potentially increasing the chances of exploiting\nadditional vulnerabilities. (CVE-2011-1020)\n\nDan Rosenberg discovered that the X.25 Rose network stack did not\ncorrectly handle certain fields. If a system was running with Rose\nenabled, a remote attacker could send specially crafted traffic to\ngain root privileges. (CVE-2011-1493)\n\nVasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not\ncorrectly check the origin of mount points. A local attacker could\nexploit this to trick the system into unmounting arbitrary mount\npoints, leading to a denial of service. (CVE-2011-1833)\n\nIt was discovered that Bluetooth l2cap and rfcomm did not correctly\ninitialize structures. A local attacker could exploit this to read\nportions of the kernel stack, leading to a loss of privacy.\n(CVE-2011-2492)\n\nIt was discovered that GFS2 did not correctly check block sizes. A\nlocal attacker could exploit this to crash the system, leading to a\ndenial of service. (CVE-2011-2689)\n\nFernando Gont discovered that the IPv6 stack used predictable fragment\nidentification numbers. A remote attacker could exploit this to\nexhaust network resources, leading to a denial of service.\n(CVE-2011-2699)\n\nThe performance counter subsystem did not correctly handle certain\ncounters. A local attacker could exploit this to crash the system,\nleading to a denial of service. (CVE-2011-2918)\n\nA flaw was found in the Linux kernel's /proc/*/*map* interface. A\nlocal, unprivileged user could exploit this flaw to cause a denial of\nservice. (CVE-2011-3637)\n\nBen Hutchings discovered several flaws in the Linux Rose (X.25 PLP)\nlayer. A local user or a remote user on an X.25 network could exploit\nthese flaws to execute arbitrary code as root. (CVE-2011-4914).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1211-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-versatile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/02/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/09/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(11\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 11.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2011-1020\", \"CVE-2011-1493\", \"CVE-2011-1833\", \"CVE-2011-2492\", \"CVE-2011-2689\", \"CVE-2011-2699\", \"CVE-2011-2918\", \"CVE-2011-3637\", \"CVE-2011-4914\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-1211-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"11.04\", pkgname:\"linux-image-2.6.38-11-generic\", pkgver:\"2.6.38-11.50\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"linux-image-2.6.38-11-generic-pae\", pkgver:\"2.6.38-11.50\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"linux-image-2.6.38-11-server\", pkgver:\"2.6.38-11.50\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"linux-image-2.6.38-11-versatile\", pkgver:\"2.6.38-11.50\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"linux-image-2.6.38-11-virtual\", pkgver:\"2.6.38-11.50\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-2.6-generic / linux-image-2.6-generic-pae / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-11T14:39:55", "description": "Vasily Averin discovered that the NFS Lock Manager (NLM) incorrectly handled unlock requests. A local attacker could exploit this to cause a denial of service. (CVE-2011-2491)\n\nRobert Swiecki discovered that mapping extensions were incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2496)\n\nIt was discovered that the wireless stack incorrectly verified SSID lengths. A local attacker could exploit this to cause a denial of service or gain root privileges. (CVE-2011-2517)\n\nBen Pfaff discovered that Classless Queuing Disciplines (qdiscs) were being incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2525).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2011-12-05T00:00:00", "type": "nessus", "title": "Ubuntu 10.04 LTS : linux vulnerabilities (USN-1286-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2491", "CVE-2011-2496", "CVE-2011-2517", "CVE-2011-2525", "CVE-2011-4077", "CVE-2011-4081", "CVE-2011-4132", "CVE-2011-4326", "CVE-2011-4330"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpia", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-preempt", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-versatile", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts"], "id": "UBUNTU_USN-1286-1.NASL", "href": "https://www.tenable.com/plugins/nessus/57005", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1286-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57005);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2011-2491\", \"CVE-2011-2496\", \"CVE-2011-2517\", \"CVE-2011-2525\", \"CVE-2011-4077\", \"CVE-2011-4081\", \"CVE-2011-4132\", \"CVE-2011-4326\", \"CVE-2011-4330\");\n script_bugtraq_id(47321, 48538, 48641, 49141, 50366, 50370, 50663, 50750, 50751);\n script_xref(name:\"USN\", value:\"1286-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS : linux vulnerabilities (USN-1286-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Vasily Averin discovered that the NFS Lock Manager (NLM) incorrectly\nhandled unlock requests. A local attacker could exploit this to cause\na denial of service. (CVE-2011-2491)\n\nRobert Swiecki discovered that mapping extensions were incorrectly\nhandled. A local attacker could exploit this to crash the system,\nleading to a denial of service. (CVE-2011-2496)\n\nIt was discovered that the wireless stack incorrectly verified SSID\nlengths. A local attacker could exploit this to cause a denial of\nservice or gain root privileges. (CVE-2011-2517)\n\nBen Pfaff discovered that Classless Queuing Disciplines (qdiscs) were\nbeing incorrectly handled. A local attacker could exploit this to\ncrash the system, leading to a denial of service. (CVE-2011-2525).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1286-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpia\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-versatile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/01/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2011-2491\", \"CVE-2011-2496\", \"CVE-2011-2517\", \"CVE-2011-2525\", \"CVE-2011-4077\", \"CVE-2011-4081\", \"CVE-2011-4132\", \"CVE-2011-4326\", \"CVE-2011-4330\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-1286-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-36-386\", pkgver:\"2.6.32-36.79\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-36-generic\", pkgver:\"2.6.32-36.79\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-36-generic-pae\", pkgver:\"2.6.32-36.79\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-36-lpia\", pkgver:\"2.6.32-36.79\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-36-preempt\", pkgver:\"2.6.32-36.79\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-36-server\", pkgver:\"2.6.32-36.79\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-36-versatile\", pkgver:\"2.6.32-36.79\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-36-virtual\", pkgver:\"2.6.32-36.79\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-2.6-386 / linux-image-2.6-generic / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:48:21", "description": "The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2011-2037 advisory.\n\n - The proc filesystem implementation in the Linux kernel 2.6.37 and earlier does not restrict access to the /proc directory tree of a process after this process performs an exec of a setuid program, which allows local users to obtain sensitive information or cause a denial of service via open, lseek, read, and write system calls. (CVE-2011-1020)\n\n - Heap-based buffer overflow in the is_gpt_valid function in fs/partitions/efi.c in the Linux kernel 2.6.38 and earlier allows physically proximate attackers to cause a denial of service (OOPS) or possibly have unspecified other impact via a crafted size of the EFI GUID partition-table header on removable media.\n (CVE-2011-1577)\n\n - The cifs_find_smb_ses function in fs/cifs/connect.c in the Linux kernel before 2.6.36 does not properly determine the associations between users and sessions, which allows local users to bypass CIFS share authentication by leveraging a mount of a share by a different user. (CVE-2011-1585)\n\n - fs/proc/base.c in the Linux kernel before 2.6.39.4 does not properly restrict access to /proc/#####/io files, which allows local users to obtain sensitive I/O statistics by polling a file, as demonstrated by discovering the length of another user's password. (CVE-2011-2495)\n\n - The qdisc_notify function in net/sched/sch_api.c in the Linux kernel before 2.6.35 does not prevent tc_fill_qdisc function calls referencing builtin (aka CQ_F_BUILTIN) Qdisc structures, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via a crafted call. (CVE-2011-2525)\n\n - fs/ext4/extents.c in the Linux kernel before 3.0 does not mark a modified extent as dirty in certain cases of extent splitting, which allows local users to cause a denial of service (system crash) via vectors involving ext4 umount and mount operations. (CVE-2011-3638)\n\n - The user_update function in security/keys/user_defined.c in the Linux kernel 2.6 allows local users to cause a denial of service (NULL pointer dereference and kernel oops) via vectors related to a user-defined key and updating a negative key into a fully instantiated key. (CVE-2011-4110)\n\n - Stack-based buffer overflow in the hfs_mac2asc function in fs/hfs/trans.c in the Linux kernel 2.6 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via an HFS image with a crafted len field. (CVE-2011-4330)\n\n - The ptrace_setxregs function in arch/xtensa/kernel/ptrace.c in the Linux kernel before 3.1 does not validate user-space pointers, which allows local users to obtain sensitive information from kernel memory locations via a crafted PTRACE_SETXTREGS request. (CVE-2011-2707)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2011-2037)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1017", "CVE-2011-1020", "CVE-2011-1577", "CVE-2011-1585", "CVE-2011-2182", "CVE-2011-2495", "CVE-2011-2525", "CVE-2011-2707", "CVE-2011-2909", "CVE-2011-3347", "CVE-2011-3638", "CVE-2011-4110", "CVE-2011-4330"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware", "p-cpe:/a:oracle:linux:kernel-uek-headers", "p-cpe:/a:oracle:linux:ofa-2.6.32-300.3.1.el5uek", "p-cpe:/a:oracle:linux:ofa-2.6.32-300.3.1.el5uekdebug", "p-cpe:/a:oracle:linux:ofa-2.6.32-300.3.1.el6uek", "p-cpe:/a:oracle:linux:ofa-2.6.32-300.3.1.el6uekdebug"], "id": "ORACLELINUX_ELSA-2011-2037.NASL", "href": "https://www.tenable.com/plugins/nessus/68425", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2011-2037.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68425);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2011-1017\",\n \"CVE-2011-1020\",\n \"CVE-2011-1577\",\n \"CVE-2011-1585\",\n \"CVE-2011-2182\",\n \"CVE-2011-2495\",\n \"CVE-2011-2525\",\n \"CVE-2011-2707\",\n \"CVE-2011-2909\",\n \"CVE-2011-3347\",\n \"CVE-2011-3638\",\n \"CVE-2011-4110\",\n \"CVE-2011-4330\"\n );\n script_bugtraq_id(\n 46512,\n 46567,\n 47343,\n 47381,\n 48641,\n 48817,\n 49408,\n 49411,\n 50312,\n 50322,\n 50750,\n 50755\n );\n\n script_name(english:\"Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2011-2037)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2011-2037 advisory.\n\n - The proc filesystem implementation in the Linux kernel 2.6.37 and earlier does not restrict access to the\n /proc directory tree of a process after this process performs an exec of a setuid program, which allows\n local users to obtain sensitive information or cause a denial of service via open, lseek, read, and write\n system calls. (CVE-2011-1020)\n\n - Heap-based buffer overflow in the is_gpt_valid function in fs/partitions/efi.c in the Linux kernel 2.6.38\n and earlier allows physically proximate attackers to cause a denial of service (OOPS) or possibly have\n unspecified other impact via a crafted size of the EFI GUID partition-table header on removable media.\n (CVE-2011-1577)\n\n - The cifs_find_smb_ses function in fs/cifs/connect.c in the Linux kernel before 2.6.36 does not properly\n determine the associations between users and sessions, which allows local users to bypass CIFS share\n authentication by leveraging a mount of a share by a different user. (CVE-2011-1585)\n\n - fs/proc/base.c in the Linux kernel before 2.6.39.4 does not properly restrict access to /proc/#####/io\n files, which allows local users to obtain sensitive I/O statistics by polling a file, as demonstrated by\n discovering the length of another user's password. (CVE-2011-2495)\n\n - The qdisc_notify function in net/sched/sch_api.c in the Linux kernel before 2.6.35 does not prevent\n tc_fill_qdisc function calls referencing builtin (aka CQ_F_BUILTIN) Qdisc structures, which allows local\n users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other\n impact via a crafted call. (CVE-2011-2525)\n\n - fs/ext4/extents.c in the Linux kernel before 3.0 does not mark a modified extent as dirty in certain cases\n of extent splitting, which allows local users to cause a denial of service (system crash) via vectors\n involving ext4 umount and mount operations. (CVE-2011-3638)\n\n - The user_update function in security/keys/user_defined.c in the Linux kernel 2.6 allows local users to\n cause a denial of service (NULL pointer dereference and kernel oops) via vectors related to a user-defined\n key and updating a negative key into a fully instantiated key. (CVE-2011-4110)\n\n - Stack-based buffer overflow in the hfs_mac2asc function in fs/hfs/trans.c in the Linux kernel 2.6 allows\n local users to cause a denial of service (crash) and possibly execute arbitrary code via an HFS image with\n a crafted len field. (CVE-2011-4330)\n\n - The ptrace_setxregs function in arch/xtensa/kernel/ptrace.c in the Linux kernel before 3.1 does not\n validate user-space pointers, which allows local users to obtain sensitive information from kernel memory\n locations via a crafted PTRACE_SETXTREGS request. (CVE-2011-2707)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2011-2037.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2011-4330\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ofa-2.6.32-300.3.1.el5uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ofa-2.6.32-300.3.1.el5uekdebug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ofa-2.6.32-300.3.1.el6uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ofa-2.6.32-300.3.1.el6uekdebug\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 5 / 6', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['2.6.32-300.3.1.el5uek', '2.6.32-300.3.1.el6uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2011-2037');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '2.6';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-2.6.32-300.3.1.el5uek', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.32'},\n {'reference':'kernel-uek-2.6.32-300.3.1.el5uek', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.32'},\n {'reference':'kernel-uek-debug-2.6.32-300.3.1.el5uek', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.32'},\n {'reference':'kernel-uek-debug-2.6.32-300.3.1.el5uek', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.32'},\n {'reference':'kernel-uek-debug-devel-2.6.32-300.3.1.el5uek', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.32'},\n {'reference':'kernel-uek-debug-devel-2.6.32-300.3.1.el5uek', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.32'},\n {'reference':'kernel-uek-devel-2.6.32-300.3.1.el5uek', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.32'},\n {'reference':'kernel-uek-devel-2.6.32-300.3.1.el5uek', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.32'},\n {'reference':'kernel-uek-doc-2.6.32-300.3.1.el5uek', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-2.6.32'},\n {'reference':'kernel-uek-firmware-2.6.32-300.3.1.el5uek', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-2.6.32'},\n {'reference':'kernel-uek-headers-2.6.32-300.3.1.el5uek', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-headers-2.6.32'},\n {'reference':'kernel-uek-headers-2.6.32-300.3.1.el5uek', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-headers-2.6.32'},\n {'reference':'ofa-2.6.32-300.3.1.el5uek-1.5.1-4.0.53', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ofa-2.6.32-300.3.1.el5uek-1.5.1-4.0.53', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ofa-2.6.32-300.3.1.el5uekdebug-1.5.1-4.0.53', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ofa-2.6.32-300.3.1.el5uekdebug-1.5.1-4.0.53', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-2.6.32-300.3.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.32'},\n {'reference':'kernel-uek-2.6.32-300.3.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.32'},\n {'reference':'kernel-uek-debug-2.6.32-300.3.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.32'},\n {'reference':'kernel-uek-debug-2.6.32-300.3.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.32'},\n {'reference':'kernel-uek-debug-devel-2.6.32-300.3.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.32'},\n {'reference':'kernel-uek-debug-devel-2.6.32-300.3.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.32'},\n {'reference':'kernel-uek-devel-2.6.32-300.3.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.32'},\n {'reference':'kernel-uek-devel-2.6.32-300.3.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.32'},\n {'reference':'kernel-uek-doc-2.6.32-300.3.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-2.6.32'},\n {'reference':'kernel-uek-firmware-2.6.32-300.3.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-2.6.32'},\n {'reference':'kernel-uek-headers-2.6.32-300.3.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-headers-2.6.32'},\n {'reference':'kernel-uek-headers-2.6.32-300.3.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-headers-2.6.32'},\n {'reference':'ofa-2.6.32-300.3.1.el6uek-1.5.1-4.0.47', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ofa-2.6.32-300.3.1.el6uek-1.5.1-4.0.47', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ofa-2.6.32-300.3.1.el6uekdebug-1.5.1-4.0.47', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ofa-2.6.32-300.3.1.el6uekdebug-1.5.1-4.0.47', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-18T14:33:10", "description": "The openSUSE 11.3 kernel was updated to fix various bugs and security issues.\n\nFollowing security issues have been fixed: CVE-2011-4604: If root does read() on a specific socket, it's possible to corrupt (kernel) memory over network, with an ICMP packet, if the B.A.T.M.A.N. mesh protocol is used.\n\nCVE-2011-2525: A flaw allowed the tc_fill_qdisc() function in the Linux kernels packet scheduler API implementation to be called on built-in qdisc structures. A local, unprivileged user could have used this flaw to trigger a NULL pointer dereference, resulting in a denial of service.\n\nCVE-2011-2699: Fernando Gont discovered that the IPv6 stack used predictable fragment identification numbers. A remote attacker could exploit this to exhaust network resources, leading to a denial of service.\n\nCVE-2011-2213: The inet_diag_bc_audit function in net/ipv4/inet_diag.c in the Linux kernel did not properly audit INET_DIAG bytecode, which allowed local users to cause a denial of service (kernel infinite loop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink message, as demonstrated by an INET_DIAG_BC_JMP instruction with a zero yes value, a different vulnerability than CVE-2010-3880.\n\nCVE-2011-1576: The Generic Receive Offload (GRO) implementation in the Linux kernel allowed remote attackers to cause a denial of service via crafted VLAN packets that are processed by the napi_reuse_skb function, leading to (1) a memory leak or (2) memory corruption, a different vulnerability than CVE-2011-1478.\n\nCVE-2011-2534: Buffer overflow in the clusterip_proc_write function in net/ipv4/netfilter/ipt_CLUSTERIP.c in the Linux kernel might have allowed local users to cause a denial of service or have unspecified other impact via a crafted write operation, related to string data that lacks a terminating '\\0' character.\n\nCVE-2011-1770: Integer underflow in the dccp_parse_options function (net/dccp/options.c) in the Linux kernel allowed remote attackers to cause a denial of service via a Datagram Congestion Control Protocol (DCCP) packet with an invalid feature options length, which triggered a buffer over-read.\n\nCVE-2011-2723: The skb_gro_header_slow function in include/linux/netdevice.h in the Linux kernel, when Generic Receive Offload (GRO) is enabled, reset certain fields in incorrect situations, which allowed remote attackers to cause a denial of service (system crash) via crafted network traffic.\n\nCVE-2011-2898: A kernel information leak in the AF_PACKET protocol was fixed which might have allowed local attackers to read kernel memory.\n\nCVE-2011-2203: A NULL ptr dereference on mounting corrupt hfs filesystems was fixed which could be used by local attackers to crash the kernel.\n\nCVE-2011-4081: Using the crypto interface a local user could Oops the kernel by writing to a AF_ALG socket.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : kernel (openSUSE-SU-2012:0206-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-3880", "CVE-2011-1478", "CVE-2011-1576", "CVE-2011-1770", "CVE-2011-2203", "CVE-2011-2213", "CVE-2011-2525", "CVE-2011-2534", "CVE-2011-2699", "CVE-2011-2723", "CVE-2011-2898", "CVE-2011-4081", "CVE-2011-4604"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-desktop", "p-cpe:/a:novell:opensuse:kernel-desktop-base", "p-cpe:/a:novell:opensuse:kernel-desktop-devel", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-ec2", "p-cpe:/a:novell:opensuse:kernel-ec2-base", "p-cpe:/a:novell:opensuse:kernel-ec2-devel", "p-cpe:/a:novell:opensuse:kernel-ec2-extra", "p-cpe:/a:novell:opensuse:kernel-pae", "p-cpe:/a:novell:opensuse:kernel-pae-base", "p-cpe:/a:novell:opensuse:kernel-pae-devel", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-trace", "p-cpe:/a:novell:opensuse:kernel-trace-base", "p-cpe:/a:novell:opensuse:kernel-trace-devel", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-base", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "p-cpe:/a:novell:opensuse:kernel-vmi", "p-cpe:/a:novell:opensuse:kernel-vmi-base", "p-cpe:/a:novell:opensuse:kernel-vmi-devel", "p-cpe:/a:novell:opensuse:kernel-xen", "p-cpe:/a:novell:opensuse:kernel-xen-base", "p-cpe:/a:novell:opensuse:kernel-xen-devel", "p-cpe:/a:novell:opensuse:preload-kmp-default", "p-cpe:/a:novell:opensuse:preload-kmp-desktop", "cpe:/o:novell:opensuse:11.3"], "id": "SUSE_11_3_KERNEL-120104.NASL", "href": "https://www.tenable.com/plugins/nessus/75557", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update kernel-5605.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75557);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2010-3880\", \"CVE-2011-1478\", \"CVE-2011-1576\", \"CVE-2011-1770\", \"CVE-2011-2203\", \"CVE-2011-2213\", \"CVE-2011-2525\", \"CVE-2011-2534\", \"CVE-2011-2699\", \"CVE-2011-2723\", \"CVE-2011-2898\", \"CVE-2011-4081\", \"CVE-2011-4604\");\n\n script_name(english:\"openSUSE Security Update : kernel (openSUSE-SU-2012:0206-1)\");\n script_summary(english:\"Check for the kernel-5605 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The openSUSE 11.3 kernel was updated to fix various bugs and security\nissues.\n\nFollowing security issues have been fixed: CVE-2011-4604: If root does\nread() on a specific socket, it's possible to corrupt (kernel) memory\nover network, with an ICMP packet, if the B.A.T.M.A.N. mesh protocol\nis used.\n\nCVE-2011-2525: A flaw allowed the tc_fill_qdisc() function in the\nLinux kernels packet scheduler API implementation to be called on\nbuilt-in qdisc structures. A local, unprivileged user could have used\nthis flaw to trigger a NULL pointer dereference, resulting in a denial\nof service.\n\nCVE-2011-2699: Fernando Gont discovered that the IPv6 stack used\npredictable fragment identification numbers. A remote attacker could\nexploit this to exhaust network resources, leading to a denial of\nservice.\n\nCVE-2011-2213: The inet_diag_bc_audit function in net/ipv4/inet_diag.c\nin the Linux kernel did not properly audit INET_DIAG bytecode, which\nallowed local users to cause a denial of service (kernel infinite\nloop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink\nmessage, as demonstrated by an INET_DIAG_BC_JMP instruction with a\nzero yes value, a different vulnerability than CVE-2010-3880.\n\nCVE-2011-1576: The Generic Receive Offload (GRO) implementation in the\nLinux kernel allowed remote attackers to cause a denial of service via\ncrafted VLAN packets that are processed by the napi_reuse_skb\nfunction, leading to (1) a memory leak or (2) memory corruption, a\ndifferent vulnerability than CVE-2011-1478.\n\nCVE-2011-2534: Buffer overflow in the clusterip_proc_write function in\nnet/ipv4/netfilter/ipt_CLUSTERIP.c in the Linux kernel might have\nallowed local users to cause a denial of service or have unspecified\nother impact via a crafted write operation, related to string data\nthat lacks a terminating '\\0' character.\n\nCVE-2011-1770: Integer underflow in the dccp_parse_options function\n(net/dccp/options.c) in the Linux kernel allowed remote attackers to\ncause a denial of service via a Datagram Congestion Control Protocol\n(DCCP) packet with an invalid feature options length, which triggered\na buffer over-read.\n\nCVE-2011-2723: The skb_gro_header_slow function in\ninclude/linux/netdevice.h in the Linux kernel, when Generic Receive\nOffload (GRO) is enabled, reset certain fields in incorrect\nsituations, which allowed remote attackers to cause a denial of\nservice (system crash) via crafted network traffic.\n\nCVE-2011-2898: A kernel information leak in the AF_PACKET protocol was\nfixed which might have allowed local attackers to read kernel memory.\n\nCVE-2011-2203: A NULL ptr dereference on mounting corrupt hfs\nfilesystems was fixed which could be used by local attackers to crash\nthe kernel.\n\nCVE-2011-4081: Using the crypto interface a local user could Oops the\nkernel by writing to a AF_ALG socket.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=691052\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=692498\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=698450\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=699709\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=700879\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=702037\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=707288\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=709764\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=710235\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=726788\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=728661\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=735612\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=736149\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2012-02/msg00008.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vmi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vmi-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vmi-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:preload-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:preload-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-debug-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-debug-base-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-debug-devel-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-default-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-default-base-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-default-devel-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-desktop-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-desktop-base-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-desktop-devel-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-devel-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-ec2-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-ec2-base-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-ec2-devel-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-ec2-extra-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-pae-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-pae-base-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-pae-devel-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-source-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-source-vanilla-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-syms-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-trace-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-trace-base-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-trace-devel-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-vanilla-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-vanilla-base-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-vanilla-devel-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-vmi-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-vmi-base-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-vmi-devel-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-xen-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-xen-base-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-xen-devel-2.6.34.10-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"preload-kmp-default-1.1_k2.6.34.10_0.6-19.1.37\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"preload-kmp-desktop-1.1_k2.6.34.10_0.6-19.1.37\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-11T14:26:51", "description": "Security issues :\n\n - Using PCI passthrough without interrupt remapping support allowed KVM guests to generate MSI interrupts and thus potentially inject traps. A privileged guest user could use this flaw to crash the host or possibly escalate their privileges on the host. The fix for this issue can prevent PCI passthrough working and guests starting. (CVE-2011-1898, Important)\n\n - Flaw in the client-side NLM implementation could allow a local, unprivileged user to cause a denial of service.\n (CVE-2011-2491, Important)\n\n - Integer underflow in the Bluetooth implementation could allow a remote attacker to cause a denial of service or escalate their privileges by sending a specially crafted request to a target system via Bluetooth.\n (CVE-2011-2497, Important)\n\n - Buffer overflows in the netlink-based wireless configuration interface implementation could allow a local user, who has the CAP_NET_ADMIN capability, to cause a denial of service or escalate their privileges on systems that have an active wireless interface.\n (CVE-2011-2517, Important)\n\n - Flaw in the way the maximum file offset was handled for ext4 file systems could allow a local, unprivileged user to cause a denial of service. (CVE-2011-2695, Important)\n\n - Flaw allowed napi_reuse_skb() to be called on VLAN packets. An attacker on the local network could use this flaw to send crafted packets to a target, possibly causing a denial of service. (CVE-2011-1576, Moderate)\n\n - Integer signedness error in next_pidmap() could allow a local, unprivileged user to cause a denial of service.\n (CVE-2011-1593, Moderate)\n\n - Race condition in the memory merging support (KSM) could allow a local, unprivileged user to cause a denial of service. KSM is off by default, but on systems running VDSM, or on KVM hosts, it is likely turned on by the ksm/ksmtuned services. (CVE-2011-2183, Moderate)\n\n - Flaw in inet_diag_bc_audit() could allow a local, unprivileged user to cause a denial of service.\n (CVE-2011-2213, Moderate)\n\n - Flaw in the way space was allocated in the Global File System 2 (GFS2) implementation. If the file system was almost full, and a local, unprivileged user made an fallocate() request, it could result in a denial of service. Setting quotas to prevent users from using all available disk space would prevent exploitation of this flaw. (CVE-2011-2689, Moderate)\n\n - Local, unprivileged users could send signals via the sigqueueinfo system call, with si_code set to SI_TKILL and with spoofed process and user IDs, to other processes. This flaw does not allow existing permission checks to be bypassed; signals can only be sent if your privileges allow you to already do so. (CVE-2011-1182, Low)\n\n - Heap overflow in the EFI GUID Partition Table (GPT) implementation could allow a local attacker to cause a denial of service by mounting a disk containing crafted partition tables. (CVE-2011-1776, Low)\n\n - Structure padding in two structures in the Bluetooth implementation was not initialized properly before being copied to user-space, possibly allowing local, unprivileged users to leak kernel stack memory to user-space. (CVE-2011-2492, Low)\n\n - /proc/[PID]/io is world-readable by default. Previously, these files could be read without any further restrictions. A local, unprivileged user could read these files, belonging to other, possibly privileged processes to gather confidential information, such as the length of a password used in a process.\n (CVE-2011-2495, Low)", "cvss3": {"exploitabilityScore": 0.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : kernel on SL6.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1182", "CVE-2011-1576", "CVE-2011-1593", "CVE-2011-1776", "CVE-2011-1898", "CVE-2011-2183", "CVE-2011-2213", "CVE-2011-2491", "CVE-2011-2492", "CVE-2011-2495", "CVE-2011-2497", "CVE-2011-2517", "CVE-2011-2689", "CVE-2011-2695"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20110823_KERNEL_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61118", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61118);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-1182\", \"CVE-2011-1576\", \"CVE-2011-1593\", \"CVE-2011-1776\", \"CVE-2011-1898\", \"CVE-2011-2183\", \"CVE-2011-2213\", \"CVE-2011-2491\", \"CVE-2011-2492\", \"CVE-2011-2495\", \"CVE-2011-2497\", \"CVE-2011-2517\", \"CVE-2011-2689\", \"CVE-2011-2695\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security issues :\n\n - Using PCI passthrough without interrupt remapping\n support allowed KVM guests to generate MSI interrupts\n and thus potentially inject traps. A privileged guest\n user could use this flaw to crash the host or possibly\n escalate their privileges on the host. The fix for this\n issue can prevent PCI passthrough working and guests\n starting. (CVE-2011-1898, Important)\n\n - Flaw in the client-side NLM implementation could allow a\n local, unprivileged user to cause a denial of service.\n (CVE-2011-2491, Important)\n\n - Integer underflow in the Bluetooth implementation could\n allow a remote attacker to cause a denial of service or\n escalate their privileges by sending a specially crafted\n request to a target system via Bluetooth.\n (CVE-2011-2497, Important)\n\n - Buffer overflows in the netlink-based wireless\n configuration interface implementation could allow a\n local user, who has the CAP_NET_ADMIN capability, to\n cause a denial of service or escalate their privileges\n on systems that have an active wireless interface.\n (CVE-2011-2517, Important)\n\n - Flaw in the way the maximum file offset was handled for\n ext4 file systems could allow a local, unprivileged user\n to cause a denial of service. (CVE-2011-2695, Important)\n\n - Flaw allowed napi_reuse_skb() to be called on VLAN\n packets. An attacker on the local network could use this\n flaw to send crafted packets to a target, possibly\n causing a denial of service. (CVE-2011-1576, Moderate)\n\n - Integer signedness error in next_pidmap() could allow a\n local, unprivileged user to cause a denial of service.\n (CVE-2011-1593, Moderate)\n\n - Race condition in the memory merging support (KSM) could\n allow a local, unprivileged user to cause a denial of\n service. KSM is off by default, but on systems running\n VDSM, or on KVM hosts, it is likely turned on by the\n ksm/ksmtuned services. (CVE-2011-2183, Moderate)\n\n - Flaw in inet_diag_bc_audit() could allow a local,\n unprivileged user to cause a denial of service.\n (CVE-2011-2213, Moderate)\n\n - Flaw in the way space was allocated in the Global File\n System 2 (GFS2) implementation. If the file system was\n almost full, and a local, unprivileged user made an\n fallocate() request, it could result in a denial of\n service. Setting quotas to prevent users from using all\n available disk space would prevent exploitation of this\n flaw. (CVE-2011-2689, Moderate)\n\n - Local, unprivileged users could send signals via the\n sigqueueinfo system call, with si_code set to SI_TKILL\n and with spoofed process and user IDs, to other\n processes. This flaw does not allow existing permission\n checks to be bypassed; signals can only be sent if your\n privileges allow you to already do so. (CVE-2011-1182,\n Low)\n\n - Heap overflow in the EFI GUID Partition Table (GPT)\n implementation could allow a local attacker to cause a\n denial of service by mounting a disk containing crafted\n partition tables. (CVE-2011-1776, Low)\n\n - Structure padding in two structures in the Bluetooth\n implementation was not initialized properly before being\n copied to user-space, possibly allowing local,\n unprivileged users to leak kernel stack memory to\n user-space. (CVE-2011-2492, Low)\n\n - /proc/[PID]/io is world-readable by default. Previously,\n these files could be read without any further\n restrictions. A local, unprivileged user could read\n these files, belonging to other, possibly privileged\n processes to gather confidential information, such as\n the length of a password used in a process.\n (CVE-2011-2495, Low)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1108&L=scientific-linux-errata&T=0&P=3053\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b0e0261b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/05/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"kernel-2.6.32-131.12.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-2.6.32-131.12.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-devel-2.6.32-131.12.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-devel-2.6.32-131.12.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-doc-2.6.32-131.12.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-firmware-2.6.32-131.12.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-headers-2.6.32-131.12.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perf-2.6.32-131.12.1.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:34:52", "description": "Updated kernel packages that fix several security issues, various bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nSecurity issues :\n\n* Using PCI passthrough without interrupt remapping support allowed KVM guests to generate MSI interrupts and thus potentially inject traps. A privileged guest user could use this flaw to crash the host or possibly escalate their privileges on the host. The fix for this issue can prevent PCI passthrough working and guests starting. Refer to Red Hat Bugzilla bug 715555 for details. (CVE-2011-1898, Important)\n\n* Flaw in the client-side NLM implementation could allow a local, unprivileged user to cause a denial of service. (CVE-2011-2491, Important)\n\n* Integer underflow in the Bluetooth implementation could allow a remote attacker to cause a denial of service or escalate their privileges by sending a specially crafted request to a target system via Bluetooth. (CVE-2011-2497, Important)\n\n* Buffer overflows in the netlink-based wireless configuration interface implementation could allow a local user, who has the CAP_NET_ADMIN capability, to cause a denial of service or escalate their privileges on systems that have an active wireless interface.\n(CVE-2011-2517, Important)\n\n* Flaw in the way the maximum file offset was handled for ext4 file systems could allow a local, unprivileged user to cause a denial of service. (CVE-2011-2695, Important)\n\n* Flaw allowed napi_reuse_skb() to be called on VLAN packets. An attacker on the local network could use this flaw to send crafted packets to a target, possibly causing a denial of service.\n(CVE-2011-1576, Moderate)\n\n* Integer signedness error in next_pidmap() could allow a local, unprivileged user to cause a denial of service. (CVE-2011-1593, Moderate)\n\n* Race condition in the memory merging support (KSM) could allow a local, unprivileged user to cause a denial of service. KSM is off by default, but on systems running VDSM, or on KVM hosts, it is likely turned on by the ksm/ksmtuned services. (CVE-2011-2183, Moderate)\n\n* Flaw in inet_diag_bc_audit() could allow a local, unprivileged user to cause a denial of service. (CVE-2011-2213, Moderate)\n\n* Flaw in the way space was allocated in the Global File System 2 (GFS2) implementation. If the file system was almost full, and a local, unprivileged user made an fallocate() request, it could result in a denial of service. Setting quotas to prevent users from using all available disk space would prevent exploitation of this flaw.\n(CVE-2011-2689, Moderate)\n\n* Local, unprivileged users could send signals via the sigqueueinfo system call, with si_code set to SI_TKILL and with spoofed process and user IDs, to other processes. This flaw does not allow existing permission checks to be bypassed; signals can only be sent if your privileges allow you to already do so. (CVE-2011-1182, Low)\n\n* Heap overflow in the EFI GUID Partition Table (GPT) implementation could allow a local attacker to cause a denial of service by mounting a disk containing crafted partition tables. (CVE-2011-1776, Low)\n\n* Structure padding in two structures in the Bluetooth implementation was not initialized properly before being copied to user-space, possibly allowing local, unprivileged users to leak kernel stack memory to user-space. (CVE-2011-2492, Low)\n\n* /proc/[PID]/io is world-readable by default. Previously, these files could be read without any further restrictions. A local, unprivileged user could read these files, belonging to other, possibly privileged processes to gather confidential information, such as the length of a password used in a process. (CVE-2011-2495, Low)\n\nRed Hat would like to thank Vasily Averin for reporting CVE-2011-2491;\nDan Rosenberg for reporting CVE-2011-2497 and CVE-2011-2213; Ryan Sweat for reporting CVE-2011-1576; Robert Swiecki for reporting CVE-2011-1593; Andrea Righi for reporting CVE-2011-2183; Julien Tinnes of the Google Security Team for reporting CVE-2011-1182; Timo Warns for reporting CVE-2011-1776; Marek Kroemeke and Filip Palian for reporting CVE-2011-2492; and Vasiliy Kulikov of Openwall for reporting CVE-2011-2495.", "cvss3": {"exploitabilityScore": 0.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2011-08-24T00:00:00", "type": "nessus", "title": "RHEL 6 : kernel (RHSA-2011:1189)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1182", "CVE-2011-1576", "CVE-2011-1593", "CVE-2011-1776", "CVE-2011-1898", "CVE-2011-2183", "CVE-2011-2213", "CVE-2011-2491", "CVE-2011-2492", "CVE-2011-2495", "CVE-2011-2497", "CVE-2011-2517", "CVE-2011-2689", "CVE-2011-2695"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-i686", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-firmware", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:perf-debuginfo", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.1"], "id": "REDHAT-RHSA-2011-1189.NASL", "href": "https://www.tenable.com/plugins/nessus/55964", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1189. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55964);\n script_version(\"1.26\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-1182\", \"CVE-2011-1576\", \"CVE-2011-1593\", \"CVE-2011-1776\", \"CVE-2011-1898\", \"CVE-2011-2183\", \"CVE-2011-2213\", \"CVE-2011-2491\", \"CVE-2011-2492\", \"CVE-2011-2495\", \"CVE-2011-2497\", \"CVE-2011-2517\", \"CVE-2011-2689\", \"CVE-2011-2695\");\n script_bugtraq_id(47003, 47497, 47796, 48333, 48441, 48472, 48515, 48538, 48677, 48697, 48907, 49141);\n script_xref(name:\"RHSA\", value:\"2011:1189\");\n\n script_name(english:\"RHEL 6 : kernel (RHSA-2011:1189)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix several security issues, various\nbugs, and add two enhancements are now available for Red Hat\nEnterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nSecurity issues :\n\n* Using PCI passthrough without interrupt remapping support allowed\nKVM guests to generate MSI interrupts and thus potentially inject\ntraps. A privileged guest user could use this flaw to crash the host\nor possibly escalate their privileges on the host. The fix for this\nissue can prevent PCI passthrough working and guests starting. Refer\nto Red Hat Bugzilla bug 715555 for details. (CVE-2011-1898, Important)\n\n* Flaw in the client-side NLM implementation could allow a local,\nunprivileged user to cause a denial of service. (CVE-2011-2491,\nImportant)\n\n* Integer underflow in the Bluetooth implementation could allow a\nremote attacker to cause a denial of service or escalate their\nprivileges by sending a specially crafted request to a target system\nvia Bluetooth. (CVE-2011-2497, Important)\n\n* Buffer overflows in the netlink-based wireless configuration\ninterface implementation could allow a local user, who has the\nCAP_NET_ADMIN capability, to cause a denial of service or escalate\ntheir privileges on systems that have an active wireless interface.\n(CVE-2011-2517, Important)\n\n* Flaw in the way the maximum file offset was handled for ext4 file\nsystems could allow a local, unprivileged user to cause a denial of\nservice. (CVE-2011-2695, Important)\n\n* Flaw allowed napi_reuse_skb() to be called on VLAN packets. An\nattacker on the local network could use this flaw to send crafted\npackets to a target, possibly causing a denial of service.\n(CVE-2011-1576, Moderate)\n\n* Integer signedness error in next_pidmap() could allow a local,\nunprivileged user to cause a denial of service. (CVE-2011-1593,\nModerate)\n\n* Race condition in the memory merging support (KSM) could allow a\nlocal, unprivileged user to cause a denial of service. KSM is off by\ndefault, but on systems running VDSM, or on KVM hosts, it is likely\nturned on by the ksm/ksmtuned services. (CVE-2011-2183, Moderate)\n\n* Flaw in inet_diag_bc_audit() could allow a local, unprivileged user\nto cause a denial of service. (CVE-2011-2213, Moderate)\n\n* Flaw in the way space was allocated in the Global File System 2\n(GFS2) implementation. If the file system was almost full, and a\nlocal, unprivileged user made an fallocate() request, it could result\nin a denial of service. Setting quotas to prevent users from using all\navailable disk space would prevent exploitation of this flaw.\n(CVE-2011-2689, Moderate)\n\n* Local, unprivileged users could send signals via the sigqueueinfo\nsystem call, with si_code set to SI_TKILL and with spoofed process and\nuser IDs, to other processes. This flaw does not allow existing\npermission checks to be bypassed; signals can only be sent if your\nprivileges allow you to already do so. (CVE-2011-1182, Low)\n\n* Heap overflow in the EFI GUID Partition Table (GPT) implementation\ncould allow a local attacker to cause a denial of service by mounting\na disk containing crafted partition tables. (CVE-2011-1776, Low)\n\n* Structure padding in two structures in the Bluetooth implementation\nwas not initialized properly before being copied to user-space,\npossibly allowing local, unprivileged users to leak kernel stack\nmemory to user-space. (CVE-2011-2492, Low)\n\n* /proc/[PID]/io is world-readable by default. Previously, these files\ncould be read without any further restrictions. A local, unprivileged\nuser could read these files, belonging to other, possibly privileged\nprocesses to gather confidential information, such as the length of a\npassword used in a process. (CVE-2011-2495, Low)\n\nRed Hat would like to thank Vasily Averin for reporting CVE-2011-2491;\nDan Rosenberg for reporting CVE-2011-2497 and CVE-2011-2213; Ryan\nSweat for reporting CVE-2011-1576; Robert Swiecki for reporting\nCVE-2011-1593; Andrea Righi for reporting CVE-2011-2183; Julien Tinnes\nof the Google Security Team for reporting CVE-2011-1182; Timo Warns\nfor reporting CVE-2011-1776; Marek Kroemeke and Filip Palian for\nreporting CVE-2011-2492; and Vasiliy Kulikov of Openwall for reporting\nCVE-2011-2495.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1182\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1576\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1593\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1776\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1898\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2183\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2213\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2491\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2492\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2495\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2497\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2517\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2689\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2695\"\n );\n # https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?056c0c27\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=715555\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:1189\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/05/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2011-1182\", \"CVE-2011-1576\", \"CVE-2011-1593\", \"CVE-2011-1776\", \"CVE-2011-1898\", \"CVE-2011-2183\", \"CVE-2011-2213\", \"CVE-2011-2491\", \"CVE-2011-2492\", \"CVE-2011-2495\", \"CVE-2011-2497\", \"CVE-2011-2517\", \"CVE-2011-2689\", \"CVE-2011-2695\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2011:1189\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:1189\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-debuginfo-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-debuginfo-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-devel-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-devel-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debuginfo-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debuginfo-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debuginfo-common-i686-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debuginfo-common-s390x-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-devel-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-devel-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-doc-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-firmware-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-headers-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-headers-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-debuginfo-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-devel-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perf-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perf-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perf-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perf-debuginfo-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perf-debuginfo-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perf-debuginfo-2.6.32-131.12.1.el6\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debug / kernel-debug-debuginfo / kernel-debug-devel / etc\");\n }\n}\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:19:39", "description": "a. ESX third-party update for Service Console kernel The ESX Service Console Operating System (COS) kernel is updated to kernel-2.6.18-274.3.1.el5 to fix multiple security issues in the COS kernel.\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2011-0726, CVE-2011-1078, CVE-2011-1079, CVE-2011-1080, CVE-2011-1093, CVE-2011-1163, CVE-2011-1166, CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, CVE-2011-1494, CVE-2011-1495, CVE-2011-1577, CVE-2011-1763, CVE-2010-4649, CVE-2011-0695, CVE-2011-0711, CVE-2011-1044, CVE-2011-1182, CVE-2011-1573, CVE-2011-1576, CVE-2011-1593, CVE-2011-1745, CVE-2011-1746, CVE-2011-1776, CVE-2011-1936, CVE-2011-2022, CVE-2011-2213, CVE-2011-2492, CVE-2011-1780, CVE-2011-2525, CVE-2011-2689, CVE-2011-2482, CVE-2011-2491, CVE-2011-2495, CVE-2011-2517, CVE-2011-2519, CVE-2011-2901 to these issues.\n b. ESX third-party update for Service Console cURL RPM The ESX Service Console (COS) curl RPM is updated to cURL-7.15.5.9 resolving a security issues.\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2011-2192 to this issue.\n c. ESX third-party update for Service Console nspr and nss RPMs The ESX Service Console (COS) nspr and nss RPMs are updated to nspr-4.8.8-1.el5_7 and nss-3.12.10-4.el5_7 respectively resolving a security issues.\n A Certificate Authority (CA) issued fraudulent SSL certificates and Netscape Portable Runtime (NSPR) and Network Security Services (NSS) contain the built-in tokens of this fraudulent Certificate Authority. This update renders all SSL certificates signed by the fraudulent CA as untrusted for all uses.\n d. ESX third-party update for Service Console rpm RPMs The ESX Service Console Operating System (COS) rpm packages are updated to popt-1.10.2.3-22.el5_7.2, rpm-4.4.2.3-22.el5_7.2, rpm-libs-4.4.2.3-22.el5_7.2 and rpm-python-4.4.2.3-22.el5_7.2 which fixes multiple security issues.\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-2059 and CVE-2011-3378 to these issues.\n e. ESX third-party update for Service Console samba RPMs The ESX Service Console Operating System (COS) samba packages are updated to samba-client-3.0.33-3.29.el5_7.4, samba-common-3.0.33-3.29.el5_7.4 and libsmbclient-3.0.33-3.29.el5_7.4 which fixes multiple security issues in the Samba client.\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-0547, CVE-2010-0787, CVE-2011-1678, CVE-2011-2522 and CVE-2011-2694 to these issues.\n Note that ESX does not include the Samba Web Administration Tool (SWAT) and therefore ESX COS is not affected by CVE-2011-2522 and CVE-2011-2694.\n f. ESX third-party update for Service Console python package The ESX Service Console (COS) python package is updated to 2.4.3-44 which fixes multiple security issues.\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-3720, CVE-2010-3493, CVE-2011-1015 and CVE-2011-1521 to these issues.\n g. ESXi update to third-party component python The python third-party library is updated to python 2.5.6 which fixes multiple security issues.\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-3560, CVE-2009-3720, CVE-2010-1634, CVE-2010-2089, and CVE-2011-1521 to these issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2012-01-31T00:00:00", "type": "nessus", "title": "VMSA-2012-0001 : VMware ESXi and ESX updates to third-party library and ESX Service Console", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-3560", "CVE-2009-3720", "CVE-2010-0547", "CVE-2010-0787", "CVE-2010-1634", "CVE-2010-2059", "CVE-2010-2089", "CVE-2010-3493", "CVE-2010-4649", "CVE-2011-0695", "CVE-2011-0711", "CVE-2011-0726", "CVE-2011-1015", "CVE-2011-1044", "CVE-2011-1078", "CVE-2011-1079", "CVE-2011-1080", "CVE-2011-1093", "CVE-2011-1163", "CVE-2011-1166", "CVE-2011-1170", "CVE-2011-1171", "CVE-2011-1172", "CVE-2011-1182", "CVE-2011-1494", "CVE-2011-1495", "CVE-2011-1521", "CVE-2011-1573", "CVE-2011-1576", "CVE-2011-1577", "CVE-2011-1593", "CVE-2011-1678", "CVE-2011-1745", "CVE-2011-1746", "CVE-2011-1763", "CVE-2011-1776", "CVE-2011-1780", "CVE-2011-1936", "CVE-2011-2022", "CVE-2011-2192", "CVE-2011-2213", "CVE-2011-2482", "CVE-2011-2491", "CVE-2011-2492", "CVE-2011-2495", "CVE-2011-2517", "CVE-2011-2519", "CVE-2011-2522", "CVE-2011-2525", "CVE-2011-2689", "CVE-2011-2694", "CVE-2011-2901", "CVE-2011-3378"], "modified": "2021-01-06T00:00:00", "cpe": ["cpe:/o:vmware:esx:4.0", "cpe:/o:vmware:esx:4.1", "cpe:/o:vmware:esxi:4.0", "cpe:/o:vmware:esxi:4.1", "cpe:/o:vmware:esxi:5.0"], "id": "VMWARE_VMSA-2012-0001.NASL", "href": "https://www.tenable.com/plugins/nessus/57749", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from VMware Security Advisory 2012-0001. \n# The text itself is copyright (C) VMware Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57749);\n script_version(\"1.43\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-3560\", \"CVE-2009-3720\", \"CVE-2010-0547\", \"CVE-2010-0787\", \"CVE-2010-1634\", \"CVE-2010-2059\", \"CVE-2010-2089\", \"CVE-2010-3493\", \"CVE-2010-4649\", \"CVE-2011-0695\", \"CVE-2011-0711\", \"CVE-2011-0726\", \"CVE-2011-1015\", \"CVE-2011-1044\", \"CVE-2011-1078\", \"CVE-2011-1079\", \"CVE-2011-1080\", \"CVE-2011-1093\", \"CVE-2011-1163\", \"CVE-2011-1166\", \"CVE-2011-1170\", \"CVE-2011-1171\", \"CVE-2011-1172\", \"CVE-2011-1182\", \"CVE-2011-1494\", \"CVE-2011-1495\", \"CVE-2011-1521\", \"CVE-2011-1573\", \"CVE-2011-1576\", \"CVE-2011-1577\", \"CVE-2011-1593\", \"CVE-2011-1678\", \"CVE-2011-1745\", \"CVE-2011-1746\", \"CVE-2011-1763\", \"CVE-2011-1776\", \"CVE-2011-1780\", \"CVE-2011-1936\", \"CVE-2011-2022\", \"CVE-2011-2192\", \"CVE-2011-2213\", \"CVE-2011-2482\", \"CVE-2011-2491\", \"CVE-2011-2492\", \"CVE-2011-2495\", \"CVE-2011-2517\", \"CVE-2011-2519\", \"CVE-2011-2522\", \"CVE-2011-2525\", \"CVE-2011-2689\", \"CVE-2011-2694\", \"CVE-2011-2901\", \"CVE-2011-3378\");\n script_bugtraq_id(36097, 37203, 37992, 38326, 40370, 40863, 44533, 46073, 46417, 46488, 46541, 46616, 46793, 46839, 46878, 46919, 47003, 47024, 47308, 47343, 47497, 47534, 47535, 47791, 47796, 47843, 48048, 48058, 48333, 48441, 48538, 48641, 48677, 48899, 48901, 49141, 49370, 49373, 49375, 49408, 49939);\n script_xref(name:\"VMSA\", value:\"2012-0001\");\n\n script_name(english:\"VMSA-2012-0001 : VMware ESXi and ESX updates to third-party library and ESX Service Console\");\n script_summary(english:\"Checks esxupdate output for the patches\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote VMware ESXi / ESX host is missing one or more\nsecurity-related patches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"a. ESX third-party update for Service Console kernel\n \n The ESX Service Console Operating System (COS) kernel is updated to\n kernel-2.6.18-274.3.1.el5 to fix multiple security issues in the\n COS kernel.\n \n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n assigned the names CVE-2011-0726, CVE-2011-1078, CVE-2011-1079,\n CVE-2011-1080, CVE-2011-1093, CVE-2011-1163, CVE-2011-1166,\n CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, CVE-2011-1494,\n CVE-2011-1495, CVE-2011-1577, CVE-2011-1763, CVE-2010-4649,\n CVE-2011-0695, CVE-2011-0711, CVE-2011-1044, CVE-2011-1182,\n CVE-2011-1573, CVE-2011-1576, CVE-2011-1593, CVE-2011-1745,\n CVE-2011-1746, CVE-2011-1776, CVE-2011-1936, CVE-2011-2022,\n CVE-2011-2213, CVE-2011-2492, CVE-2011-1780, CVE-2011-2525,\n CVE-2011-2689, CVE-2011-2482, CVE-2011-2491, CVE-2011-2495,\n CVE-2011-2517, CVE-2011-2519, CVE-2011-2901 to these issues.\n \nb. ESX third-party update for Service Console cURL RPM\n \n The ESX Service Console (COS) curl RPM is updated to cURL-7.15.5.9\n resolving a security issues.\n \n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n assigned the name CVE-2011-2192 to this issue.\n \nc. ESX third-party update for Service Console nspr and nss RPMs\n \n The ESX Service Console (COS) nspr and nss RPMs are updated to\n nspr-4.8.8-1.el5_7 and nss-3.12.10-4.el5_7 respectively resolving\n a security issues.\n \n A Certificate Authority (CA) issued fraudulent SSL certificates and\n Netscape Portable Runtime (NSPR) and Network Security Services (NSS)\n contain the built-in tokens of this fraudulent Certificate\n Authority. This update renders all SSL certificates signed by the\n fraudulent CA as untrusted for all uses.\n \nd. ESX third-party update for Service Console rpm RPMs\n \n The ESX Service Console Operating System (COS) rpm packages are\n updated to popt-1.10.2.3-22.el5_7.2, rpm-4.4.2.3-22.el5_7.2,\n rpm-libs-4.4.2.3-22.el5_7.2 and rpm-python-4.4.2.3-22.el5_7.2\n which fixes multiple security issues.\n \n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n assigned the names CVE-2010-2059 and CVE-2011-3378 to these\n issues.\n \ne. ESX third-party update for Service Console samba RPMs\n \n The ESX Service Console Operating System (COS) samba packages are\n updated to samba-client-3.0.33-3.29.el5_7.4,\n samba-common-3.0.33-3.29.el5_7.4 and\n libsmbclient-3.0.33-3.29.el5_7.4 which fixes multiple security\n issues in the Samba client.\n \n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n assigned the names CVE-2010-0547, CVE-2010-0787, CVE-2011-1678,\n CVE-2011-2522 and CVE-2011-2694 to these issues.\n \n Note that ESX does not include the Samba Web Administration Tool\n (SWAT) and therefore ESX COS is not affected by CVE-2011-2522 and\n CVE-2011-2694.\n \nf. ESX third-party update for Service Console python package\n \n The ESX Service Console (COS) python package is updated to\n 2.4.3-44 which fixes multiple security issues.\n \n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n assigned the names CVE-2009-3720, CVE-2010-3493, CVE-2011-1015 and\n CVE-2011-1521 to these issues.\n \ng. ESXi update to third-party component python\n \n The python third-party library is updated to python 2.5.6 which\n fixes multiple security issues.\n \n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n assigned the names CVE-2009-3560, CVE-2009-3720, CVE-2010-1634,\n CVE-2010-2089, and CVE-2011-1521 to these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.vmware.com/pipermail/security-announce/2012/000170.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply the missing patches.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(20, 59, 119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:4.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi:4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi:4.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi:5.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/11/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/31\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"VMware ESX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/VMware/release\", \"Host/VMware/version\");\n script_require_ports(\"Host/VMware/esxupdate\", \"Host/VMware/esxcli_software_vibs\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"vmware_esx_packages.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/VMware/release\")) audit(AUDIT_OS_NOT, \"VMware ESX / ESXi\");\nif (\n !get_kb_item(\"Host/VMware/esxcli_software_vibs\") &&\n !get_kb_item(\"Host/VMware/esxupdate\")\n) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ninit_esx_check(date:\"2012-01-30\");\nflag = 0;\n\n\nif (\n esx_check(\n ver : \"ESX 4.0\",\n patch : \"ESX400-201203401-SG\",\n patch_updates : make_list(\"ESX400-201205401-SG\", \"ESX400-201206401-SG\", \"ESX400-201209401-SG\", \"ESX400-201302401-SG\", \"ESX400-201305401-SG\", \"ESX400-201310401-SG\", \"ESX400-201404401-SG\")\n )\n) flag++;\nif (esx_check(ver:\"ESX 4.0\", patch:\"ESX400-201203402-SG\")) flag++;\nif (esx_check(ver:\"ESX 4.0\", patch:\"ESX400-201203403-SG\")) flag++;\nif (esx_check(ver:\"ESX 4.0\", patch:\"ESX400-201203404-SG\")) flag++;\nif (\n esx_check(\n ver : \"ESX 4.0\",\n patch : \"ESX400-201203405-SG\",\n patch_updates : make_list(\"ESX400-201209404-SG\")\n )\n) flag++;\n\nif (\n esx_check(\n ver : \"ESX 4.1\",\n patch : \"ESX410-201201401-SG\",\n patch_updates : make_list(\"ESX410-201204401-SG\", \"ESX410-201205401-SG\", \"ESX410-201206401-SG\", \"ESX410-201208101-SG\", \"ESX410-201211401-SG\", \"ESX410-201301401-SG\", \"ESX410-201304401-SG\", \"ESX410-201307401-SG\", \"ESX410-201312401-SG\", \"ESX410-201404401-SG\", \"ESX410-Update03\")\n )\n) flag++;\nif (\n esx_check(\n ver : \"ESX 4.1\",\n patch : \"ESX410-201201402-SG\",\n patch_updates : make_list(\"ESX410-Update03\")\n )\n) flag++;\nif (\n esx_check(\n ver : \"ESX 4.1\",\n patch : \"ESX410-201201404-SG\",\n patch_updates : make_list(\"ESX410-201211405-SG\", \"ESX410-201307402-SG\", \"ESX410-201312403-SG\", \"ESX410-Update03\")\n )\n) flag++;\nif (\n esx_check(\n ver : \"ESX 4.1\",\n patch : \"ESX410-201201405-SG\",\n patch_updates : make_list(\"ESX410-201211407-SG\", \"ESX410-Update03\")\n )\n) flag++;\nif (\n esx_check(\n ver : \"ESX 4.1\",\n patch : \"ESX410-201201406-SG\",\n patch_updates : make_list(\"ESX410-201208105-SG\", \"ESX410-Update03\")\n )\n) flag++;\nif (\n esx_check(\n ver : \"ESX 4.1\",\n patch : \"ESX410-201201407-SG\",\n patch_updates : make_list(\"ESX410-Update03\")\n )\n) flag++;\n\nif (\n esx_check(\n ver : \"ESXi 4.0\",\n patch : \"ESXi400-201203401-SG\",\n patch_updates : make_list(\"ESXi400-201205401-SG\", \"ESXi400-201206401-SG\", \"ESXi400-201209401-SG\", \"ESXi400-201302401-SG\", \"ESXi400-201305401-SG\", \"ESXi400-201310401-SG\", \"ESXi400-201404401-SG\")\n )\n) flag++;\n\nif (\n esx_check(\n ver : \"ESXi 4.1\",\n patch : \"ESXi410-201201401-SG\",\n patch_updates : make_list(\"ESXi410-201204401-SG\", \"ESXi410-201205401-SG\", \"ESXi410-201206401-SG\", \"ESXi410-201208101-SG\", \"ESXi410-201211401-SG\", \"ESXi410-201301401-SG\", \"ESXi410-201304401-SG\", \"ESXi410-201307401-SG\", \"ESXi410-201312401-SG\", \"ESXi410-201404401-SG\", \"ESXi410-Update03\")\n )\n) flag++;\n\nif (esx_check(ver:\"ESXi 5.0\", vib:\"VMware:esx-base:5.0.0-0.10.608089\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:esx_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T16:33:50", "description": "The remote VMware ESX / ESXi host is missing a security-related patch.\nIt is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party libraries :\n\n - COS kernel\n - cURL\n - python\n - rpm", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-03-03T00:00:00", "type": "nessus", "title": "VMware ESX / ESXi Service Console and Third-Party Libraries Multiple Vulnerabilities (VMSA-2012-0001) (remote check)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-3560", "CVE-2009-3720", "CVE-2010-0547", "CVE-2010-0787", "CVE-2010-1634", "CVE-2010-2059", "CVE-2010-2089", "CVE-2010-3493", "CVE-2010-4649", "CVE-2011-0695", "CVE-2011-0711", "CVE-2011-0726", "CVE-2011-1015", "CVE-2011-1044", "CVE-2011-1078", "CVE-2011-1079", "CVE-2011-1080", "CVE-2011-1093", "CVE-2011-1163", "CVE-2011-1166", "CVE-2011-1170", "CVE-2011-1171", "CVE-2011-1172", "CVE-2011-1182", "CVE-2011-1494", "CVE-2011-1495", "CVE-2011-1521", "CVE-2011-1573", "CVE-2011-1576", "CVE-2011-1577", "CVE-2011-1593", "CVE-2011-1678", "CVE-2011-1745", "CVE-2011-1746", "CVE-2011-1763", "CVE-2011-1776", "CVE-2011-1780", "CVE-2011-1936", "CVE-2011-2022", "CVE-2011-2192", "CVE-2011-2213", "CVE-2011-2482", "CVE-2011-2491", "CVE-2011-2492", "CVE-2011-2495", "CVE-2011-2517", "CVE-2011-2519", "CVE-2011-2522", "CVE-2011-2525", "CVE-2011-2689", "CVE-2011-2694", "CVE-2011-2901", "CVE-2011-3378"], "modified": "2021-01-06T00:00:00", "cpe": ["cpe:/o:vmware:esx", "cpe:/o:vmware:esxi"], "id": "VMWARE_VMSA-2012-0001_REMOTE.NASL", "href": "https://www.tenable.com/plugins/nessus/89105", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89105);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2009-3560\",\n \"CVE-2009-3720\",\n \"CVE-2010-0547\",\n \"CVE-2010-0787\",\n \"CVE-2010-1634\",\n \"CVE-2010-2059\",\n \"CVE-2010-2089\",\n \"CVE-2010-3493\",\n \"CVE-2010-4649\",\n \"CVE-2011-0695\",\n \"CVE-2011-0711\",\n \"CVE-2011-0726\",\n \"CVE-2011-1015\",\n \"CVE-2011-1044\",\n \"CVE-2011-1078\",\n \"CVE-2011-1079\",\n \"CVE-2011-1080\",\n \"CVE-2011-1093\",\n \"CVE-2011-1163\",\n \"CVE-2011-1166\",\n \"CVE-2011-1170\",\n \"CVE-2011-1171\",\n \"CVE-2011-1172\",\n \"CVE-2011-1182\",\n \"CVE-2011-1494\",\n \"CVE-2011-1495\",\n \"CVE-2011-1521\",\n \"CVE-2011-1573\",\n \"CVE-2011-1576\",\n \"CVE-2011-1577\",\n \"CVE-2011-1593\",\n \"CVE-2011-1678\",\n \"CVE-2011-1745\",\n \"CVE-2011-1746\",\n \"CVE-2011-1763\",\n \"CVE-2011-1776\",\n \"CVE-2011-1780\",\n \"CVE-2011-1936\",\n \"CVE-2011-2022\",\n \"CVE-2011-2192\",\n \"CVE-2011-2213\",\n \"CVE-2011-2482\",\n \"CVE-2011-2491\",\n \"CVE-2011-2492\",\n \"CVE-2011-2495\",\n \"CVE-2011-2517\",\n \"CVE-2011-2519\",\n \"CVE-2011-2522\",\n \"CVE-2011-2525\",\n \"CVE-2011-2689\",\n \"CVE-2011-2694\",\n \"CVE-2011-2901\",\n \"CVE-2011-3378\"\n );\n script_bugtraq_id(\n 36097,\n 37203,\n 37992,\n 38326,\n 40370,\n 40863,\n 44533,\n 46073,\n 46417,\n 46488,\n 46541,\n 46616,\n 46793,\n 46839,\n 46878,\n 46919,\n 47003,\n 47024,\n 47308,\n 47343,\n 47497,\n 47534,\n 47535,\n 47791,\n 47796,\n 47843,\n 48048,\n 48058,\n 48333,\n 48441,\n 48538,\n 48641,\n 48677,\n 48899,\n 48901,\n 49141,\n 49370,\n 49373,\n 49375,\n 49408,\n 49939\n );\n script_xref(name:\"VMSA\", value:\"2012-0001\");\n\n script_name(english:\"VMware ESX / ESXi Service Console and Third-Party Libraries Multiple Vulnerabilities (VMSA-2012-0001) (remote check)\");\n script_summary(english:\"Checks the remote ESX/ESXi host's version and build number.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote VMware ESXi / ESX host is missing a security-related patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote VMware ESX / ESXi host is missing a security-related patch.\nIt is, therefore, affected by multiple vulnerabilities, including\nremote code execution vulnerabilities, in several third-party\nlibraries :\n\n - COS kernel\n - cURL\n - python\n - rpm\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/security/advisories/VMSA-2012-0001.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the vendor advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(20, 59, 119);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/01/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Misc.\");\n\n script_dependencies(\"vmware_vsphere_detect.nbin\");\n script_require_keys(\"Host/VMware/version\", \"Host/VMware/release\");\n script_require_ports(\"Host/VMware/vsphere\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nver = get_kb_item_or_exit(\"Host/VMware/version\");\nrel = get_kb_item_or_exit(\"Host/VMware/release\");\nport = get_kb_item_or_exit(\"Host/VMware/vsphere\");\n\nesx = \"ESX/ESXi\";\n\nextract = eregmatch(pattern:\"^(ESXi?) (\\d\\.\\d).*$\", string:ver);\nif (isnull(extract))\n audit(AUDIT_UNKNOWN_APP_VER, esx);\nelse\n{\n esx = extract[1];\n ver = extract[2];\n}\n\nproduct = \"VMware \" + esx;\n\n# fix builds\nfixes = make_array(\n \"ESX 4.0\", 660575,\n \"ESXi 4.0\", 660575,\n \"ESX 4.1\", 582267,\n \"ESXi 4.1\", 582267,\n \"ESXi 5.0\", 623860\n);\n\n# security-only fix builds\nsec_only_builds = make_array(\n \"ESXi 5.0\", 608089\n);\n\nkey = esx + ' ' + ver;\nfix = NULL;\nfix = fixes[key];\nsec_fix = NULL;\nsec_fix = sec_only_builds[key];\n\nbmatch = eregmatch(pattern:'^VMware ESXi?.*build-([0-9]+)$', string:rel);\nif (empty_or_null(bmatch))\n audit(AUDIT_UNKNOWN_BUILD, product, ver);\n\nbuild = int(bmatch[1]);\n\nif (!fix)\n audit(AUDIT_INST_VER_NOT_VULN, product, ver, build);\n\nif (build < fix && build != sec_fix)\n{\n # if there is a security fix\n if (sec_fix)\n fix = fix + \" / \" + sec_fix;\n\n # properly spaced label\n if (\"ESXi\" >< esx) ver_label = ' version : ';\n else ver_label = ' version : ';\n report = '\\n ' + esx + ver_label + ver +\n '\\n Installed build : ' + build +\n '\\n Fixed build : ' + fix +\n '\\n';\n security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);\n}\nelse\n audit(AUDIT_INST_VER_NOT_VULN, product, ver, build);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:19:26", "description": "This Linux kernel update fixes various security issues and bugs in the SUSE Linux Enterprise 10 SP4 kernel.\n\nThis update fixes the following security issues :\n\n - X.25 remote DoS. (CVE-2010-3873). (bnc#651219)\n\n - X.25 remote Dos. (CVE-2010-4164). (bnc#653260)\n\n - 1 socket local DoS. (CVE-2010-4249). (bnc#655696)\n\n - ebtables infoleak. (CVE-2011-1080). (bnc#676602)\n\n - netfilter: arp_tables infoleak to userspace.\n (CVE-2011-1170). (bnc#681180)\n\n - netfilter: ip_tables infoleak to userspace.\n (CVE-2011-1171). (bnc#681181)\n\n - netfilter: ip6_tables infoleak to userspace.\n (CVE-2011-1172). (bnc#681185)\n\n - econet 4 byte infoleak. (CVE-2011-1173). (bnc#681186)\n\n - hfs NULL pointer dereference. (CVE-2011-2203).\n (bnc#699709)\n\n - inet_diag infinite loop. (CVE-2011-2213). (bnc#700879)\n\n - netfilter: ipt_CLUSTERIP buffer overflow.\n (CVE-2011-2534). (bnc#702037)\n\n - ipv6: make fragment identifications less predictable.\n (CVE-2011-2699). (bnc#707288)\n\n - clock_gettime() panic. (CVE-2011-3209). (bnc#726064)\n\n - qdisc NULL dereference (CVE-2011-2525) This update also fixes the following non-security issues:. (bnc#735612)\n\n - New timesource for VMware platform. (bnc#671124)\n\n - usblp crashes after the printer is unplugged for the second time. (bnc#673343)\n\n - Data corruption with mpt2sas driver. (bnc#704253)\n\n - NIC Bond no longer works when booting the XEN kernel.\n (bnc#716437)\n\n - 'reboot=b' kernel command line hangs system on reboot.\n (bnc#721267)\n\n - kernel panic at iscsi_xmitwork function. (bnc#721351)\n\n - NFS supplementary group permissions. (bnc#725878)\n\n - IBM LTC System z Maintenance Kernel Patches (#59).\n (bnc#726843)\n\n - NFS slowness. (bnc#727597)\n\n - IBM LTC System z maintenance kernel patches (#60).\n (bnc#728341)\n\n - propagate MAC-address to VLAN-interface. (bnc#729117)\n\n - ipmi deadlock in start_next_msg. (bnc#730749)\n\n - ext3 filesystem corruption after crash. (bnc#731770)\n\n - IBM LTC System z maintenance kernel patches (#61).\n (bnc#732375)\n\n - hangs when offlining a CPU core. (bnc#733407)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2012-01-24T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 7918)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-3873", "CVE-2010-4164", "CVE-2010-4249", "CVE-2011-1080", "CVE-2011-1170", "CVE-2011-1171", "CVE-2011-1172", "CVE-2011-1173", "CVE-2011-2203", "CVE-2011-2213", "CVE-2011-2525", "CVE-2011-2534", "CVE-2011-2699", "CVE-2011-3209"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_KERNEL-7918.NASL", "href": "https://www.tenable.com/plugins/nessus/57659", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57659);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2010-3873\", \"CVE-2010-4164\", \"CVE-2010-4249\", \"CVE-2011-1080\", \"CVE-2011-1170\", \"CVE-2011-1171\", \"CVE-2011-1172\", \"CVE-2011-1173\", \"CVE-2011-2203\", \"CVE-2011-2213\", \"CVE-2011-2525\", \"CVE-2011-2534\", \"CVE-2011-2699\", \"CVE-2011-3209\");\n\n script_name(english:\"SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 7918)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This Linux kernel update fixes various security issues and bugs in the\nSUSE Linux Enterprise 10 SP4 kernel.\n\nThis update fixes the following security issues :\n\n - X.25 remote DoS. (CVE-2010-3873). (bnc#651219)\n\n - X.25 remote Dos. (CVE-2010-4164). (bnc#653260)\n\n - 1 socket local DoS. (CVE-2010-4249). (bnc#655696)\n\n - ebtables infoleak. (CVE-2011-1080). (bnc#676602)\n\n - netfilter: arp_tables infoleak to userspace.\n (CVE-2011-1170). (bnc#681180)\n\n - netfilter: ip_tables infoleak to userspace.\n (CVE-2011-1171). (bnc#681181)\n\n - netfilter: ip6_tables infoleak to userspace.\n (CVE-2011-1172). (bnc#681185)\n\n - econet 4 byte infoleak. (CVE-2011-1173). (bnc#681186)\n\n - hfs NULL pointer dereference. (CVE-2011-2203).\n (bnc#699709)\n\n - inet_diag infinite loop. (CVE-2011-2213). (bnc#700879)\n\n - netfilter: ipt_CLUSTERIP buffer overflow.\n (CVE-2011-2534). (bnc#702037)\n\n - ipv6: make fragment identifications less predictable.\n (CVE-2011-2699). (bnc#707288)\n\n - clock_gettime() panic. (CVE-2011-3209). (bnc#726064)\n\n - qdisc NULL dereference (CVE-2011-2525) This update also\n fixes the following non-security issues:. (bnc#735612)\n\n - New timesource for VMware platform. (bnc#671124)\n\n - usblp crashes after the printer is unplugged for the\n second time. (bnc#673343)\n\n - Data corruption with mpt2sas driver. (bnc#704253)\n\n - NIC Bond no longer works when booting the XEN kernel.\n (bnc#716437)\n\n - 'reboot=b' kernel command line hangs system on reboot.\n (bnc#721267)\n\n - kernel panic at iscsi_xmitwork function. (bnc#721351)\n\n - NFS supplementary group permissions. (bnc#725878)\n\n - IBM LTC System z Maintenance Kernel Patches (#59).\n (bnc#726843)\n\n - NFS slowness. (bnc#727597)\n\n - IBM LTC System z maintenance kernel patches (#60).\n (bnc#728341)\n\n - propagate MAC-address to VLAN-interface. (bnc#729117)\n\n - ipmi deadlock in start_next_msg. (bnc#730749)\n\n - ext3 filesystem corruption after crash. (bnc#731770)\n\n - IBM LTC System z maintenance kernel patches (#61).\n (bnc#732375)\n\n - hangs when offlining a CPU core. (bnc#733407)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3873.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4164.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4249.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1080.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1170.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1171.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1172.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1173.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2203.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2213.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2525.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2534.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2699.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-3209.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7918.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"i586\", reference:\"kernel-bigsmp-2.6.16.60-0.93.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"i586\", reference:\"kernel-default-2.6.16.60-0.93.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"i586\", reference:\"kernel-smp-2.6.16.60-0.93.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"i586\", reference:\"kernel-source-2.6.16.60-0.93.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"i586\", reference:\"kernel-syms-2.6.16.60-0.93.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"i586\", reference:\"kernel-xen-2.6.16.60-0.93.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"i586\", reference:\"kernel-xenpae-2.6.16.60-0.93.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"i586\", reference:\"kernel-bigsmp-2.6.16.60-0.93.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"i586\", reference:\"kernel-debug-2.6.16.60-0.93.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"i586\", reference:\"kernel-default-2.6.16.60-0.93.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"i586\", reference:\"kernel-kdump-2.6.16.60-0.93.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"i586\", reference:\"kernel-kdumppae-2.6.16.60-0.93.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"i586\", reference:\"kernel-smp-2.6.16.60-0.93.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"i586\", reference:\"kernel-source-2.6.16.60-0.93.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"i586\", reference:\"kernel-syms-2.6.16.60-0.93.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"i586\", reference:\"kernel-vmi-2.6.16.60-0.93.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"i586\", reference:\"kernel-vmipae-2.6.16.60-0.93.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"i586\", reference:\"kernel-xen-2.6.16.60-0.93.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"i586\", reference:\"kernel-xenpae-2.6.16.60-0.93.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-11T14:23:30", "description": "This Linux kernel update fixes various security issues and bugs in the SUSE Linux Enterprise 10 SP4 kernel.\n\nThis update fixes the following security issues :\n\n - X.25 remote DoS. (CVE-2010-3873). (bnc#651219)\n\n - X.25 remote Dos. (CVE-2010-4164). (bnc#653260)\n\n - 1 socket local DoS. (CVE-2010-4249). (bnc#655696)\n\n - ebtables infoleak. (CVE-2011-1080). (bnc#676602)\n\n - netfilter: arp_tables infoleak to userspace.\n (CVE-2011-1170). (bnc#681180)\n\n - netfilter: ip_tables infoleak to userspace.\n (CVE-2011-1171). (bnc#681181)\n\n - netfilter: ip6_tables infoleak to userspace.\n (CVE-2011-1172). (bnc#681185)\n\n - econet 4 byte infoleak. (CVE-2011-1173). (bnc#681186)\n\n - hfs NULL pointer dereference. (CVE-2011-2203).\n (bnc#699709)\n\n - inet_diag infinite loop. (CVE-2011-2213). (bnc#700879)\n\n - netfilter: ipt_CLUSTERIP buffer overflow.\n (CVE-2011-2534). (bnc#702037)\n\n - ipv6: make fragment identifications less predictable.\n (CVE-2011-2699). (bnc#707288)\n\n - clock_gettime() panic. (CVE-2011-3209). (bnc#726064)\n\n - qdisc NULL dereference (CVE-2011-2525) This update also fixes the following non-security issues:. (bnc#735612)\n\n - New timesource for VMware platform. (bnc#671124)\n\n - usblp crashes after the printer is unplugged for the second time. (bnc#673343)\n\n - Data corruption with mpt2sas driver. (bnc#704253)\n\n - NIC Bond no longer works when booting the XEN kernel.\n (bnc#716437)\n\n - 'reboot=b' kernel command line hangs system on reboot.\n (bnc#721267)\n\n - kernel panic at iscsi_xmitwork function. (bnc#721351)\n\n - NFS supplementary group permissions. (bnc#725878)\n\n - IBM LTC System z Maintenance Kernel Patches (#59).\n (bnc#726843)\n\n - NFS slowness. (bnc#727597)\n\n - IBM LTC System z maintenance kernel patches (#60).\n (bnc#728341)\n\n - propagate MAC-address to VLAN-interface. (bnc#729117)\n\n - ipmi deadlock in start_next_msg. (bnc#730749)\n\n - ext3 filesystem corruption after crash. (bnc#731770)\n\n - IBM LTC System z maintenance kernel patches (#61).\n (bnc#732375)\n\n - hangs when offlining a CPU core. (bnc#733407)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2012-05-17T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 7915)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-3873", "CVE-2010-4164", "CVE-2010-4249", "CVE-2011-1080", "CVE-2011-1170", "CVE-2011-1171", "CVE-2011-1172", "CVE-2011-1173", "CVE-2011-2203", "CVE-2011-2213", "CVE-2011-2525", "CVE-2011-2534", "CVE-2011-2699", "CVE-2011-3209"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_KERNEL-7915.NASL", "href": "https://www.tenable.com/plugins/nessus/59161", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59161);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2010-3873\", \"CVE-2010-4164\", \"CVE-2010-4249\", \"CVE-2011-1080\", \"CVE-2011-1170\", \"CVE-2011-1171\", \"CVE-2011-1172\", \"CVE-2011-1173\", \"CVE-2011-2203\", \"CVE-2011-2213\", \"CVE-2011-2525\", \"CVE-2011-2534\", \"CVE-2011-2699\", \"CVE-2011-3209\");\n\n script_name(english:\"SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 7915)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This Linux kernel update fixes various security issues and bugs in the\nSUSE Linux Enterprise 10 SP4 kernel.\n\nThis update fixes the following security issues :\n\n - X.25 remote DoS. (CVE-2010-3873). (bnc#651219)\n\n - X.25 remote Dos. (CVE-2010-4164). (bnc#653260)\n\n - 1 socket local DoS. (CVE-2010-4249). (bnc#655696)\n\n - ebtables infoleak. (CVE-2011-1080). (bnc#676602)\n\n - netfilter: arp_tables infoleak to userspace.\n (CVE-2011-1170). (bnc#681180)\n\n - netfilter: ip_tables infoleak to userspace.\n (CVE-2011-1171). (bnc#681181)\n\n - netfilter: ip6_tables infoleak to userspace.\n (CVE-2011-1172). (bnc#681185)\n\n - econet 4 byte infoleak. (CVE-2011-1173). (bnc#681186)\n\n - hfs NULL pointer dereference. (CVE-2011-2203).\n (bnc#699709)\n\n - inet_diag infinite loop. (CVE-2011-2213). (bnc#700879)\n\n - netfilter: ipt_CLUSTERIP buffer overflow.\n (CVE-2011-2534). (bnc#702037)\n\n - ipv6: make fragment identifications less predictable.\n (CVE-2011-2699). (bnc#707288)\n\n - clock_gettime() panic. (CVE-2011-3209). (bnc#726064)\n\n - qdisc NULL dereference (CVE-2011-2525) This update also\n fixes the following non-security issues:. (bnc#735612)\n\n - New timesource for VMware platform. (bnc#671124)\n\n - usblp crashes after the printer is unplugged for the\n second time. (bnc#673343)\n\n - Data corruption with mpt2sas driver. (bnc#704253)\n\n - NIC Bond no longer works when booting the XEN kernel.\n (bnc#716437)\n\n - 'reboot=b' kernel command line hangs system on reboot.\n (bnc#721267)\n\n - kernel panic at iscsi_xmitwork function. (bnc#721351)\n\n - NFS supplementary group permissions. (bnc#725878)\n\n - IBM LTC System z Maintenance Kernel Patches (#59).\n (bnc#726843)\n\n - NFS slowness. (bnc#727597)\n\n - IBM LTC System z maintenance kernel patches (#60).\n (bnc#728341)\n\n - propagate MAC-address to VLAN-interface. (bnc#729117)\n\n - ipmi deadlock in start_next_msg. (bnc#730749)\n\n - ext3 filesystem corruption after crash. (bnc#731770)\n\n - IBM LTC System z maintenance kernel patches (#61).\n (bnc#732375)\n\n - hangs when offlining a CPU core. (bnc#733407)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3873.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4164.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4249.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1080.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1170.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1171.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1172.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1173.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2203.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2213.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2525.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2534.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2699.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-3209.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7915.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/05/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"kernel-default-2.6.16.60-0.93.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"kernel-smp-2.6.16.60-0.93.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"kernel-source-2.6.16.60-0.93.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"kernel-syms-2.6.16.60-0.93.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"kernel-xen-2.6.16.60-0.93.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"kernel-debug-2.6.16.60-0.93.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"kernel-default-2.6.16.60-0.93.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"kernel-kdump-2.6.16.60-0.93.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"kernel-smp-2.6.16.60-0.93.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"kernel-source-2.6.16.60-0.93.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"kernel-syms-2.6.16.60-0.93.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"kernel-xen-2.6.16.60-0.93.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-11T14:49:55", "description": "The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2011-1189 advisory.\n\n - kernel/signal.c in the Linux kernel before 2.6.39 allows local users to spoof the uid and pid of a signal sender via a sigqueueinfo system call. (CVE-2011-1182)\n\n - The Generic Receive Offload (GRO) implementation in the Linux kernel 2.6.18 on Red Hat Enterprise Linux 5 and 2.6.32 on Red Hat Enterprise Linux 6, as used in Red Hat Enterprise Virtualization (RHEV) Hypervisor and other products, allows remote attackers to cause a denial of service via crafted VLAN packets that are processed by the napi_reuse_skb function, leading to (1) a memory leak or (2) memory corruption, a different vulnerability than CVE-2011-1478. (CVE-2011-1576)\n\n - Multiple integer overflows in the next_pidmap function in kernel/pid.c in the Linux kernel before 2.6.38.4 allow local users to cause a denial of service (system crash) via a crafted (1) getdents or (2) readdir system call. (CVE-2011-1593)\n\n - The is_gpt_valid function in fs/partitions/efi.c in the Linux kernel before 2.6.39 does not check the size of an Extensible Firmware Interface (EFI) GUID Partition Table (GPT) entry, which allows physically proximate attackers to cause a denial of service (heap-based buffer overflow and OOPS) or obtain sensitive information from kernel heap memory by connecting a crafted GPT storage device, a different vulnerability than CVE-2011-1577. (CVE-2011-1776)\n\n - Xen 4.1 before 4.1.1 and 4.0 before 4.0.2, when using PCI passthrough on Intel VT-d chipsets that do not have interrupt remapping, allows guest OS users to gain host OS privileges by using DMA to generate MSI interrupts by writing to the interrupt injection registers. (CVE-2011-1898)\n\n - Race condition in the scan_get_next_rmap_item function in mm/ksm.c in the Linux kernel before 2.6.39.3, when Kernel SamePage Merging (KSM) is enabled, allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted application. (CVE-2011-2183)\n\n - The inet_diag_bc_audit function in net/ipv4/inet_diag.c in the Linux kernel before 2.6.39.3 does not properly audit INET_DIAG bytecode, which allows local users to cause a denial of service (kernel infinite loop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink message, as demonstrated by an INET_DIAG_BC_JMP instruction with a zero yes value, a different vulnerability than CVE-2010-3880.\n (CVE-2011-2213)\n\n - The Network Lock Manager (NLM) protocol implementation in the NFS client functionality in the Linux kernel before 3.0 allows local users to cause a denial of service (system hang) via a LOCK_UN flock system call.\n (CVE-2011-2491)\n\n - The bluetooth subsystem in the Linux kernel before 3.0-rc4 does not properly initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel memory via a crafted getsockopt system call, related to (1) the l2cap_sock_getsockopt_old function in net/bluetooth/l2cap_sock.c and (2) the rfcomm_sock_getsockopt_old function in net/bluetooth/rfcomm/sock.c.\n (CVE-2011-2492)\n\n - fs/proc/base.c in the Linux kernel before 2.6.39.4 does not properly restrict access to /proc/#####/io files, which allows local users to obtain sensitive I/O statistics by polling a file, as demonstrated by discovering the length of another user's password. (CVE-2011-2495)\n\n - Integer underflow in the l2cap_config_req function in net/bluetooth/l2cap_core.c in the Linux kernel before 3.0 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a small command-size value within the command header of a Logical Link Control and Adaptation Protocol (L2CAP) configuration request, leading to a buffer overflow.\n (CVE-2011-2497)\n\n - Multiple buffer overflows in net/wireless/nl80211.c in the Linux kernel before 2.6.39.2 allow local users to gain privileges by leveraging the CAP_NET_ADMIN capability during scan operations with a long SSID value. (CVE-2011-2517)\n\n - The gfs2_fallocate function in fs/gfs2/file.c in the Linux kernel before 3.0-rc1 does not ensure that the size of a chunk allocation is a multiple of the block size, which allows local users to cause a denial of service (BUG and system crash) by arranging for all resource groups to have too little free space.\n (CVE-2011-2689)\n\n - Multiple off-by-one errors in the ext4 subsystem in the Linux kernel before 3.0-rc5 allow local users to cause a denial of service (BUG_ON and system crash) by accessing a sparse file in extent format with a write operation involving a block number corresponding to the largest possible 32-bit unsigned integer.\n (CVE-2011-2695)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 0.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : kernel (ELSA-2011-1189)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-3880", "CVE-2011-1182", "CVE-2011-1478", "CVE-2011-1576", "CVE-2011-1577", "CVE-2011-1593", "CVE-2011-1776", "CVE-2011-1898", "CVE-2011-2183", "CVE-2011-2213", "CVE-2011-2491", "CVE-2011-2492", "CVE-2011-2495", "CVE-2011-2497", "CVE-2011-2517", "CVE-2011-2689", "CVE-2011-2695"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-firmware", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:perf"], "id": "ORACLELINUX_ELSA-2011-1189.NASL", "href": "https://www.tenable.com/plugins/nessus/68331", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2011-1189.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68331);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2011-1182\",\n \"CVE-2011-1576\",\n \"CVE-2011-1593\",\n \"CVE-2011-1776\",\n \"CVE-2011-1898\",\n \"CVE-2011-2183\",\n \"CVE-2011-2213\",\n \"CVE-2011-2491\",\n \"CVE-2011-2492\",\n \"CVE-2011-2495\",\n \"CVE-2011-2497\",\n \"CVE-2011-2517\",\n \"CVE-2011-2689\",\n \"CVE-2011-2695\"\n );\n script_bugtraq_id(\n 47003,\n 47497,\n 47796,\n 48333,\n 48441,\n 48472,\n 48515,\n 48538,\n 48677,\n 48697,\n 48907,\n 49141\n );\n script_xref(name:\"RHSA\", value:\"2011:1189\");\n\n script_name(english:\"Oracle Linux 6 : kernel (ELSA-2011-1189)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2011-1189 advisory.\n\n - kernel/signal.c in the Linux kernel before 2.6.39 allows local users to spoof the uid and pid of a signal\n sender via a sigqueueinfo system call. (CVE-2011-1182)\n\n - The Generic Receive Offload (GRO) implementation in the Linux kernel 2.6.18 on Red Hat Enterprise Linux 5\n and 2.6.32 on Red Hat Enterprise Linux 6, as used in Red Hat Enterprise Virtualization (RHEV) Hypervisor\n and other products, allows remote attackers to cause a denial of service via crafted VLAN packets that are\n processed by the napi_reuse_skb function, leading to (1) a memory leak or (2) memory corruption, a\n different vulnerability than CVE-2011-1478. (CVE-2011-1576)\n\n - Multiple integer overflows in the next_pidmap function in kernel/pid.c in the Linux kernel before 2.6.38.4\n allow local users to cause a denial of service (system crash) via a crafted (1) getdents or (2) readdir\n system call. (CVE-2011-1593)\n\n - The is_gpt_valid function in fs/partitions/efi.c in the Linux kernel before 2.6.39 does not check the size\n of an Extensible Firmware Interface (EFI) GUID Partition Table (GPT) entry, which allows physically\n proximate attackers to cause a denial of service (heap-based buffer overflow and OOPS) or obtain sensitive\n information from kernel heap memory by connecting a crafted GPT storage device, a different vulnerability\n than CVE-2011-1577. (CVE-2011-1776)\n\n - Xen 4.1 before 4.1.1 and 4.0 before 4.0.2, when using PCI passthrough on Intel VT-d chipsets that do not\n have interrupt remapping, allows guest OS users to gain host OS privileges by using DMA to generate MSI\n interrupts by writing to the interrupt injection registers. (CVE-2011-1898)\n\n - Race condition in the scan_get_next_rmap_item function in mm/ksm.c in the Linux kernel before 2.6.39.3,\n when Kernel SamePage Merging (KSM) is enabled, allows local users to cause a denial of service (NULL\n pointer dereference) or possibly have unspecified other impact via a crafted application. (CVE-2011-2183)\n\n - The inet_diag_bc_audit function in net/ipv4/inet_diag.c in the Linux kernel before 2.6.39.3 does not\n properly audit INET_DIAG bytecode, which allows local users to cause a denial of service (kernel infinite\n loop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink message, as demonstrated by an\n INET_DIAG_BC_JMP instruction with a zero yes value, a different vulnerability than CVE-2010-3880.\n (CVE-2011-2213)\n\n - The Network Lock Manager (NLM) protocol implementation in the NFS client functionality in the Linux kernel\n before 3.0 allows local users to cause a denial of service (system hang) via a LOCK_UN flock system call.\n (CVE-2011-2491)\n\n - The bluetooth subsystem in the Linux kernel before 3.0-rc4 does not properly initialize certain data\n structures, which allows local users to obtain potentially sensitive information from kernel memory via a\n crafted getsockopt system call, related to (1) the l2cap_sock_getsockopt_old function in\n net/bluetooth/l2cap_sock.c and (2) the rfcomm_sock_getsockopt_old function in net/bluetooth/rfcomm/sock.c.\n (CVE-2011-2492)\n\n - fs/proc/base.c in the Linux kernel before 2.6.39.4 does not properly restrict access to /proc/#####/io\n files, which allows local users to obtain sensitive I/O statistics by polling a file, as demonstrated by\n discovering the length of another user's password. (CVE-2011-2495)\n\n - Integer underflow in the l2cap_config_req function in net/bluetooth/l2cap_core.c in the Linux kernel\n before 3.0 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have\n unspecified other impact via a small command-size value within the command header of a Logical Link\n Control and Adaptation Protocol (L2CAP) configuration request, leading to a buffer overflow.\n (CVE-2011-2497)\n\n - Multiple buffer overflows in net/wireless/nl80211.c in the Linux kernel before 2.6.39.2 allow local users\n to gain privileges by leveraging the CAP_NET_ADMIN capability during scan operations with a long SSID\n value. (CVE-2011-2517)\n\n - The gfs2_fallocate function in fs/gfs2/file.c in the Linux kernel before 3.0-rc1 does not ensure that the\n size of a chunk allocation is a multiple of the block size, which allows local users to cause a denial of\n service (BUG and system crash) by arranging for all resource groups to have too little free space.\n (CVE-2011-2689)\n\n - Multiple off-by-one errors in the ext4 subsystem in the Linux kernel before 3.0-rc5 allow local users to\n cause a denial of service (BUG_ON and system crash) by accessing a sparse file in extent format with a\n write operation involving a block number corresponding to the largest possible 32-bit unsigned integer.\n (CVE-2011-2695)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2011-1189.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2011-2497\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/03/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['2.6.32-131.12.1.el6'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2011-1189');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '2.6';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-2.6.32-131.12.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-2.6.32'},\n {'reference':'kernel-2.6.32-131.12.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-2.6.32'},\n {'reference':'kernel-debug-2.6.32-131.12.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-2.6.32'},\n {'reference':'kernel-debug-2.6.32-131.12.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-2.6.32'},\n {'reference':'kernel-debug-devel-2.6.32-131.12.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-2.6.32'},\n {'reference':'kernel-debug-devel-2.6.32-131.12.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-2.6.32'},\n {'reference':'kernel-devel-2.6.32-131.12.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-2.6.32'},\n {'reference':'kernel-devel-2.6.32-131.12.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-2.6.32'},\n {'reference':'kernel-firmware-2.6.32-131.12.1.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-firmware-2.6.32'},\n {'reference':'kernel-headers-2.6.32-131.12.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-2.6.32'},\n {'reference':'kernel-headers-2.6.32-131.12.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-2.6.32'},\n {'reference':'perf-2.6.32-131.12.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-2.6.32-131.12.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel / kernel-debug / kernel-debug-devel / etc');\n}\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:35:48", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leak. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2009-4067 Rafael Dominguez Vega of MWR InfoSecurity reported an issue in the auerswald module, a driver for Auerswald PBX/System Telephone USB devices. Attackers with physical access to a system's USB ports could obtain elevated privileges using a specially crafted USB device.\n\n - CVE-2011-0712 Rafael Dominguez Vega of MWR InfoSecurity reported an issue in the caiaq module, a USB driver for Native Instruments USB audio devices. Attackers with physical access to a system's USB ports could obtain elevated privileges using a specially crafted USB device.\n\n - CVE-2011-1020 Kees Cook discovered an issue in the /proc filesystem that allows local users to gain access to sensitive process information after execution of a setuid binary.\n\n - CVE-2011-2209 Dan Rosenberg discovered an issue in the osf_sysinfo() system call on the alpha architecture. Local users could obtain access to sensitive kernel memory.\n\n - CVE-2011-2211 Dan Rosenberg discovered an issue in the osf_wait4() system call on the alpha architecture permitting local users to gain elevated privileges.\n\n - CVE-2011-2213 Dan Rosenberg discovered an issue in the INET socket monitoring interface. Local users could cause a denial of service by injecting code and causing the kernel to execute an infinite loop.\n\n - CVE-2011-2484 Vasiliy Kulikov of Openwall discovered that the number of exit handlers that a process can register is not capped, resulting in local denial of service through resource exhaustion (CPU time and memory).\n\n - CVE-2011-2491 Vasily Averin discovered an issue with the NFS locking implementation. A malicious NFS server can cause a client to hang indefinitely in an unlock call.\n\n - CVE-2011-2492 Marek Kroemeke and Filip Palian discovered that uninitialized struct elements in the Bluetooth subsystem could lead to a leak of sensitive kernel memory through leaked stack memory.\n\n - CVE-2011-2495 Vasiliy Kulikov of Openwall discovered that the io file of a process' proc directory was world-readable, resulting in local information disclosure of information such as password lengths.\n\n - CVE-2011-2496 Robert Swiecki discovered that mremap() could be abused for local denial of service by triggering a BUG_ON assert.\n\n - CVE-2011-2497 Dan Rosenberg discovered an integer underflow in the Bluetooth subsystem, which could lead to denial of service or privilege escalation.\n\n - CVE-2011-2525 Ben Pfaff reported an issue in the network scheduling code. A local user could cause a denial of service (NULL pointer dereference) by sending a specially crafted netlink message.\n\n - CVE-2011-2928 Timo Warns discovered that insufficient validation of Be filesystem images could lead to local denial of service if a malformed filesystem image is mounted.\n\n - CVE-2011-3188 Dan Kaminsky reported a weakness of the sequence number generation in the TCP protocol implementation. This can be used by remote attackers to inject packets into an active session.\n\n - CVE-2011-3191 Darren Lavender reported an issue in the Common Internet File System (CIFS). A malicious file server could cause memory corruption leading to a denial of service.\n\nThis update also includes a fix for a regression introduced with the previous security fix for CVE-2011-1768 (Debian bug #633738).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2011-09-26T00:00:00", "type": "nessus", "title": "Debian DSA-2310-1 : linux-2.6 - privilege escalation/denial of service/information leak", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-4067", "CVE-2011-0712", "CVE-2011-1020", "CVE-2011-1768", "CVE-2011-2209", "CVE-2011-2211", "CVE-2011-2213", "CVE-2011-2484", "CVE-2011-2491", "CVE-2011-2492", "CVE-2011-2495", "CVE-2011-2496", "CVE-2011-2497", "CVE-2011-2525", "CVE-2011-2928", "CVE-2011-3188", "CVE-2011-3191"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:linux-2.6", "cpe:/o:debian:debian_linux:5.0"], "id": "DEBIAN_DSA-2310.NASL", "href": "https://www.tenable.com/plugins/nessus/56285", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2310. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56285);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-4067\", \"CVE-2011-0712\", \"CVE-2011-1020\", \"CVE-2011-2209\", \"CVE-2011-2211\", \"CVE-2011-2213\", \"CVE-2011-2484\", \"CVE-2011-2491\", \"CVE-2011-2492\", \"CVE-2011-2495\", \"CVE-2011-2496\", \"CVE-2011-2497\", \"CVE-2011-2525\", \"CVE-2011-2928\", \"CVE-2011-3188\", \"CVE-2011-3191\");\n script_bugtraq_id(46419, 46567, 47321, 48254, 48333, 48383, 48441, 48472, 48641, 48687, 49141, 49256, 49289, 49295, 49408);\n script_xref(name:\"DSA\", value:\"2310\");\n\n script_name(english:\"Debian DSA-2310-1 : linux-2.6 - privilege escalation/denial of service/information leak\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleak. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems :\n\n - CVE-2009-4067\n Rafael Dominguez Vega of MWR InfoSecurity reported an\n issue in the auerswald module, a driver for Auerswald\n PBX/System Telephone USB devices. Attackers with\n physical access to a system's USB ports could obtain\n elevated privileges using a specially crafted USB\n device.\n\n - CVE-2011-0712\n Rafael Dominguez Vega of MWR InfoSecurity reported an\n issue in the caiaq module, a USB driver for Native\n Instruments USB audio devices. Attackers with physical\n access to a system's USB ports could obtain elevated\n privileges using a specially crafted USB device.\n\n - CVE-2011-1020\n Kees Cook discovered an issue in the /proc filesystem\n that allows local users to gain access to sensitive\n process information after execution of a setuid binary.\n\n - CVE-2011-2209\n Dan Rosenberg discovered an issue in the osf_sysinfo()\n system call on the alpha architecture. Local users could\n obtain access to sensitive kernel memory.\n\n - CVE-2011-2211\n Dan Rosenberg discovered an issue in the osf_wait4()\n system call on the alpha architecture permitting local\n users to gain elevated privileges.\n\n - CVE-2011-2213\n Dan Rosenberg discovered an issue in the INET socket\n monitoring interface. Local users could cause a denial\n of service by injecting code and causing the kernel to\n execute an infinite loop.\n\n - CVE-2011-2484\n Vasiliy Kulikov of Openwall discovered that the number\n of exit handlers that a process can register is not\n capped, resulting in local denial of service through\n resource exhaustion (CPU time and memory).\n\n - CVE-2011-2491\n Vasily Averin discovered an issue with the NFS locking\n implementation. A malicious NFS server can cause a\n client to hang indefinitely in an unlock call.\n\n - CVE-2011-2492\n Marek Kroemeke and Filip Palian discovered that\n uninitialized struct elements in the Bluetooth subsystem\n could lead to a leak of sensitive kernel memory through\n leaked stack memory.\n\n - CVE-2011-2495\n Vasiliy Kulikov of Openwall discovered that the io file\n of a process' proc directory was world-readable,\n resulting in local information disclosure of information\n such as password lengths.\n\n - CVE-2011-2496\n Robert Swiecki discovered that mremap() could be abused\n for local denial of service by triggering a BUG_ON\n assert.\n\n - CVE-2011-2497\n Dan Rosenberg discovered an integer underflow in the\n Bluetooth subsystem, which could lead to denial of\n service or privilege escalation.\n\n - CVE-2011-2525\n Ben Pfaff reported an issue in the network scheduling\n code. A local user could cause a denial of service (NULL\n pointer dereference) by sending a specially crafted\n netlink message.\n\n - CVE-2011-2928\n Timo Warns discovered that insufficient validation of Be\n filesystem images could lead to local denial of service\n if a malformed filesystem image is mounted.\n\n - CVE-2011-3188\n Dan Kaminsky reported a weakness of the sequence number\n generation in the TCP protocol implementation. This can\n be used by remote attackers to inject packets into an\n active session.\n\n - CVE-2011-3191\n Darren Lavender reported an issue in the Common Internet\n File System (CIFS). A malicious file server could cause\n memory corruption leading to a denial of service.\n\nThis update also includes a fix for a regression introduced with the\nprevious security fix for CVE-2011-1768 (Debian bug #633738).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=633738\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-4067\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0712\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1020\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2209\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2211\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2213\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2484\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2491\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2492\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2495\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2496\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2497\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2525\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2928\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-3188\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-3191\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1768\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=633738\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2011/dsa-2310\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the linux-2.6 and user-mode-linux packages. These updates will\nnot become active until after the system is rebooted.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 2.6.26-26lenny4. Updates for arm and alpha are not yet\navailable, but will be released as soon as possible. Updates for the\nhppa and ia64 architectures will be included in the upcoming 5.0.9\npoint release.\n\nThe following matrix lists additional source packages that were\nrebuilt for compatibility with or to take advantage of this update :\n\n Debian 5.0 (lenny) \n user-mode-linux 2.6.26-1um-2+26lenny4 \nNote: Debian carefully tracks all known security issues across every\nlinux kernel package in all releases under active security support.\nHowever, given the high frequency at which low-severity security\nissues are discovered in the kernel and the resource requirements of\ndoing an update, updates for lower priority issues will normally not\nbe released for all kernels at the same time. Rather, they will be\nreleased in a staggered or 'leap-frog' fashion.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-2.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/02/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/09/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"linux-base\", reference:\"2.6.26-26lenny4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-18T14:27:41", "description": "It was discovered that the Stream Control Transmission Protocol (SCTP) implementation incorrectly calculated lengths. If the net.sctp.addip_enable variable was turned on, a remote attacker could send specially crafted traffic to crash the system. (CVE-2011-1573)\n\nRyan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service.\n(CVE-2011-1576)\n\nTimo Warns discovered that the EFI GUID partition table was not correctly parsed. A physically local attacker that could insert mountable devices could exploit this to crash the system or possibly gain root privileges. (CVE-2011-1776)\n\nDan Rosenberg discovered that the IPv4 diagnostic routines did not correctly validate certain requests. A local attacker could exploit this to consume CPU resources, leading to a denial of service.\n(CVE-2011-2213)\n\nVasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. (CVE-2011-2494)\n\nVasiliy Kulikov discovered that /proc/PID/io did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. (CVE-2011-2495)\n\nRobert Swiecki discovered that mapping extensions were incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2496)\n\nDan Rosenberg discovered that the Bluetooth stack incorrectly handled certain L2CAP requests. If a system was using Bluetooth, a remote attacker could send specially crafted traffic to crash the system or gain root privileges. (CVE-2011-2497)\n\nIt was discovered that the wireless stack incorrectly verified SSID lengths. A local attacker could exploit this to cause a denial of service or gain root privileges. (CVE-2011-2517)\n\nBen Pfaff discovered that Classless Queuing Disciplines (qdiscs) were being incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2525)\n\nIt was discovered that the EXT4 filesystem contained multiple off-by-one flaws. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2695)\n\nHerbert Xu discovered that certain fields were incorrectly handled when Generic Receive Offload (CVE-2011-2723)\n\nChristian Ohm discovered that the perf command looks for configuration files in the current directory. If a privileged user were tricked into running perf in a directory containing a malicious configuration file, an attacker could run arbitrary commands and possibly gain privileges. (CVE-2011-2905)\n\nVasiliy Kulikov discovered that the Comedi driver did not correctly clear memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2011-2909)\n\nTime Warns discovered that long symlinks were incorrectly handled on Be filesystems. A local attacker could exploit this with a malformed Be filesystem and crash the system, leading to a denial of service.\n(CVE-2011-2928)\n\nDan Kaminsky discovered that the kernel incorrectly handled random sequence number generation. An attacker could use this flaw to possibly predict sequence numbers and inject packets. (CVE-2011-3188)\n\nDarren Lavender discovered that the CIFS client incorrectly handled certain large values. A remote attacker with a malicious server could exploit this to crash the system or possibly execute arbitrary code as the root user. (CVE-2011-3191)\n\nYogesh Sharma discovered that CIFS did not correctly handle UNCs that had no prefixpaths. A local attacker with access to a CIFS partition could exploit this to crash the system, leading to a denial of service. (CVE-2011-3363)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2011-10-26T00:00:00", "type": "nessus", "title": "USN-1241-1 : linux-fsl-imx51 vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1573", "CVE-2011-1576", "CVE-2011-1776", "CVE-2011-2213", "CVE-2011-2494", "CVE-2011-2495", "CVE-2011-2496", "CVE-2011-2497", "CVE-2011-2517", "CVE-2011-2525", "CVE-2011-2695", "CVE-2011-2723", "CVE-2011-2905", "CVE-2011-2909", "CVE-2011-2928", "CVE-2011-3188", "CVE-2011-3191", "CVE-2011-3363"], "modified": "2016-12-01T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux"], "id": "UBUNTU_USN-1241-1.NASL", "href": "https://www.tenable.com/plugins/nessus/56640", "sourceData": "# This script was automatically generated from Ubuntu Security\n# Notice USN-1241-1. It is released under the Nessus Script \n# Licence.\n#\n# Ubuntu Security Notices are (C) Canonical, Inc.\n# See http://www.ubuntu.com/usn/\n# Ubuntu(R) is a registered trademark of Canonical, Inc.\n\nif (!defined_func(\"bn_random\")) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56640);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2016/12/01 20:56:51 $\");\n\n script_cve_id(\"CVE-2011-1573\", \"CVE-2011-1576\", \"CVE-2011-1776\", \"CVE-2011-2213\", \"CVE-2011-2494\", \"CVE-2011-2495\", \"CVE-2011-2496\", \"CVE-2011-2497\", \"CVE-2011-2517\", \"CVE-2011-2525\", \"CVE-2011-2695\", \"CVE-2011-2723\", \"CVE-2011-2905\", \"CVE-2011-2909\", \"CVE-2011-2928\", \"CVE-2011-3188\", \"CVE-2011-3191\", \"CVE-2011-3363\");\n script_xref(name:\"USN\", value:\"1241-1\");\n\n script_name(english:\"USN-1241-1 : linux-fsl-imx51 vulnerabilities\");\n script_summary(english:\"Checks dpkg output for updated package(s)\");\n\n script_set_attribute(attribute:\"synopsis\", value: \n\"The remote Ubuntu host is missing one or more security-related\npatches.\");\n script_set_attribute(attribute:\"description\", value:\n\"It was discovered that the Stream Control Transmission Protocol\n(SCTP) implementation incorrectly calculated lengths. If the\nnet.sctp.addip_enable variable was turned on, a remote attacker could\nsend specially crafted traffic to crash the system. (CVE-2011-1573)\n\nRyan Sweat discovered that the kernel incorrectly handled certain\nVLAN packets. On some systems, a remote attacker could send specially\ncrafted traffic to crash the system, leading to a denial of service.\n(CVE-2011-1576)\n\nTimo Warns discovered that the EFI GUID partition table was not\ncorrectly parsed. A physically local attacker that could insert\nmountable devices could exploit this to crash the system or possibly\ngain root privileges. (CVE-2011-1776)\n\nDan Rosenberg discovered that the IPv4 diagnostic routines did not\ncorrectly validate certain requests. A local attacker could exploit\nthis to consume CPU resources, leading to a denial of service.\n(CVE-2011-2213)\n\nVasiliy Kulikov discovered that taskstats did not enforce access\nrestrictions. A local attacker could exploit this to read certain\ninformation, leading to a loss of privacy. (CVE-2011-2494)\n\nVasiliy Kulikov discovered that /proc/PID/io did not enforce access\nrestrictions. A local attacker could exploit this to read certain\ninformation, leading to a loss of privacy. (CVE-2011-2495)\n\nRobert Swiecki discovered that mapping extensions were incorrectly\nhandled. A local attacker could exploit this to crash the system,\nleading to a denial of service. (CVE-2011-2496)\n\nDan Rosenberg discovered that the Bluetooth stack incorrectly handled\ncertain L2CAP requests. If a system was using Bluetooth, a remote\nattacker could send specially crafted traffic to crash the system or\ngain root privileges. (CVE-2011-2497)\n\nIt was discovered that the wireless stack incorrectly verified SSID\nlengths. A local attacker could exploit this to cause a denial of\nservice or gain root privileges. (CVE-2011-2517)\n\nBen Pfaff discovered that Classless Queuing Disciplines (qdiscs) were\nbeing incorrectly handled. A local attacker could exploit this to\ncrash the system, leading to a denial of service. (CVE-2011-2525)\n\nIt was discovered that the EXT4 filesystem contained multiple\noff-by-one flaws. A local attacker could exploit this to crash the\nsystem, leading to a denial of service. (CVE-2011-2695)\n\nHerbert Xu discovered that certain fields were incorrectly handled\nwhen Generic Receive Offload (CVE-2011-2723)\n\nChristian Ohm discovered that the perf command looks for\nconfiguration files in the current directory. If a privileged user\nwere tricked into running perf in a directory containing a malicious\nconfiguration file, an attacker could run arbitrary commands and\npossibly gain privileges. (CVE-2011-2905)\n\nVasiliy Kulikov discovered that the Comedi driver did not correctly\nclear memory. A local attacker could exploit this to read kernel\nstack memory, leading to a loss of privacy. (CVE-2011-2909)\n\nTime Warns discovered that long symlinks were incorrectly handled on\nBe filesystems. A local attacker could exploit this with a malformed\nBe filesystem and crash the system, leading to a denial of service.\n(CVE-2011-2928)\n\nDan Kaminsky discovered that the kernel incorrectly handled random\nsequence number generation. An attacker could use this flaw to\npossibly predict sequence numbers and inject packets. (CVE-2011-3188)\n\nDarren Lavender discovered that the CIFS client incorrectly handled\ncertain large values. A remote attacker with a malicious server could\nexploit this to crash the system or possibly execute arbitrary code\nas the root user. (CVE-2011-3191)\n\nYogesh Sharma discovered that CIFS did not correctly handle UNCs that\nhad no prefixpaths. A local attacker with access to a CIFS partition\ncould exploit this to crash the system, leading to a denial of\nservice. (CVE-2011-3363)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.ubuntu.com/usn/usn-1241-1/\");\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package(s).\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/25\");\n\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/26\");\n script_end_attributes();\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(\"Ubuntu Security Notice (C) 2011 Canonical, Inc. / NASL script (C) 2011-2016 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude(\"ubuntu.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/Ubuntu/release\")) exit(0, \"The host is not running Ubuntu.\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) exit(1, \"Could not obtain the list of installed packages.\");\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.31-611-imx51\", pkgver:\"2.6.31-611.29\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:ubuntu_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-20T14:20:00", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2011-1020 Kees Cook discovered an issue in the /proc filesystem that allows local users to gain access to sensitive process information after execution of a setuid binary.\n\n - CVE-2011-1576 Ryan Sweat discovered an issue in the VLAN implementation. Local users may be able to cause a kernel memory leak, resulting in a denial of service.\n\n - CVE-2011-2484 Vasiliy Kulikov of Openwall discovered that the number of exit handlers that a process can register is not capped, resulting in local denial of service through resource exhaustion (CPU time and memory).\n\n - CVE-2011-2491 Vasily Averin discovered an issue with the NFS locking implementation. A malicious NFS server can cause a client to hang indefinitely in an unlock call.\n\n - CVE-2011-2492 Marek Kroemeke and Filip Palian discovered that uninitialized struct elements in the Bluetooth subsystem could lead to a leak of sensitive kernel memory through leaked stack memory.\n\n - CVE-2011-2495 Vasiliy Kulikov of Openwall discovered that the io file of a process' proc directory was world-readable, resulting in local information disclosure of information such as password lengths.\n\n - CVE-2011-2496 Robert Swiecki discovered that mremap() could be abused for local denial of service by triggering a BUG_ON assert.\n\n - CVE-2011-2497 Dan Rosenberg discovered an integer underflow in the Bluetooth subsystem, which could lead to denial of service or privilege escalation.\n\n - CVE-2011-2517 It was discovered that the netlink-based wireless configuration interface performed insufficient length validation when parsing SSIDs, resulting in buffer overflows. Local users with the CAP_NET_ADMIN capability can cause a denial of service.\n\n - CVE-2011-2525 Ben Pfaff reported an issue in the network scheduling code. A local user could cause a denial of service (NULL pointer dereference) by sending a specially crafted netlink message.\n\n - CVE-2011-2700 Mauro Carvalho Chehab of Red Hat reported a buffer overflow issue in the driver for the Si4713 FM Radio Transmitter driver used by N900 devices. Local users could exploit this issue to cause a denial of service or potentially gain elevated privileges.\n\n - CVE-2011-2723 Brent Meshier reported an issue in the GRO (generic receive offload) implementation. This can be exploited by remote users to create a denial of service (system crash) in certain network device configurations.\n\n - CVE-2011-2905 Christian Ohm discovered that the 'perf' analysis tool searches for its config files in the current working directory. This could lead to denial of service or potential privilege escalation if a user with elevated privileges is tricked into running 'perf' in a directory under the control of the attacker.\n\n - CVE-2011-2909 Vasiliy Kulikov of Openwall discovered that a programming error in the Comedi driver could lead to the information disclosure through leaked stack memory.\n\n - CVE-2011-2918 Vince Weaver discovered that incorrect handling of software event overflows in the 'perf' analysis tool could lead to local denial of service.\n\n - CVE-2011-2928 Timo Warns discovered that insufficient validation of Be filesystem images could lead to local denial of service if a malformed filesystem image is mounted.\n\n - CVE-2011-3188 Dan Kaminsky reported a weakness of the sequence number generation in the TCP protocol implementation. This can be used by remote attackers to inject packets into an active session.\n\n - CVE-2011-3191 Darren Lavender reported an issue in the Common Internet File System (CIFS). A malicious file server could cause memory corruption leading to a denial of service.\n\nThis update also includes a fix for a regression introduced with the previous security fix for CVE-2011-1768 (Debian bug #633738).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2011-09-09T00:00:00", "type": "nessus", "title": "Debian DSA-2303-2 : linux-2.6 - privilege escalation/denial of service/information leak", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1020", "CVE-2011-1576", "CVE-2011-1768", "CVE-2011-2484", "CVE-2011-2491", "CVE-2011-2492", "CVE-2011-2495", "CVE-2011-2496", "CVE-2011-2497", "CVE-2011-2517", "CVE-2011-2525", "CVE-2011-2700", "CVE-2011-2723", "CVE-2011-2905", "CVE-2011-2909", "CVE-2011-2918", "CVE-2011-2928", "CVE-2011-3188", "CVE-2011-3191"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:linux-2.6", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DSA-2303.NASL", "href": "https://www.tenable.com/plugins/nessus/56130", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2303. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56130);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-1020\", \"CVE-2011-1576\", \"CVE-2011-2484\", \"CVE-2011-2491\", \"CVE-2011-2492\", \"CVE-2011-2495\", \"CVE-2011-2496\", \"CVE-2011-2497\", \"CVE-2011-2517\", \"CVE-2011-2525\", \"CVE-2011-2700\", \"CVE-2011-2723\", \"CVE-2011-2905\", \"CVE-2011-2909\", \"CVE-2011-2918\", \"CVE-2011-2928\", \"CVE-2011-3188\", \"CVE-2011-3191\");\n script_bugtraq_id(46567, 47321, 48383, 48441, 48472, 48538, 48641, 48804, 48907, 48929, 49140, 49141, 49152, 49256, 49289, 49295, 49408, 49411);\n script_xref(name:\"DSA\", value:\"2303\");\n\n script_name(english:\"Debian DSA-2303-2 : linux-2.6 - privilege escalation/denial of service/information leak\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service or privilege escalation. The Common\nVulnerabilities and Exposures project identifies the following\nproblems :\n\n - CVE-2011-1020\n Kees Cook discovered an issue in the /proc filesystem\n that allows local users to gain access to sensitive\n process information after execution of a setuid binary.\n\n - CVE-2011-1576\n Ryan Sweat discovered an issue in the VLAN\n implementation. Local users may be able to cause a\n kernel memory leak, resulting in a denial of service.\n\n - CVE-2011-2484\n Vasiliy Kulikov of Openwall discovered that the number\n of exit handlers that a process can register is not\n capped, resulting in local denial of service through\n resource exhaustion (CPU time and memory).\n\n - CVE-2011-2491\n Vasily Averin discovered an issue with the NFS locking\n implementation. A malicious NFS server can cause a\n client to hang indefinitely in an unlock call.\n\n - CVE-2011-2492\n Marek Kroemeke and Filip Palian discovered that\n uninitialized struct elements in the Bluetooth subsystem\n could lead to a leak of sensitive kernel memory through\n leaked stack memory.\n\n - CVE-2011-2495\n Vasiliy Kulikov of Openwall discovered that the io file\n of a process' proc directory was world-readable,\n resulting in local information disclosure of information\n such as password lengths.\n\n - CVE-2011-2496\n Robert Swiecki discovered that mremap() could be abused\n for local denial of service by triggering a BUG_ON\n assert.\n\n - CVE-2011-2497\n Dan Rosenberg discovered an integer underflow in the\n Bluetooth subsystem, which could lead to denial of\n service or privilege escalation.\n\n - CVE-2011-2517\n It was discovered that the netlink-based wireless\n configuration interface performed insufficient length\n validation when parsing SSIDs, resulting in buffer\n overflows. Local users with the CAP_NET_ADMIN capability\n can cause a denial of service.\n\n - CVE-2011-2525\n Ben Pfaff reported an issue in the network scheduling\n code. A local user could cause a denial of service (NULL\n pointer dereference) by sending a specially crafted\n netlink message.\n\n - CVE-2011-2700\n Mauro Carvalho Chehab of Red Hat reported a buffer\n overflow issue in the driver for the Si4713 FM Radio\n Transmitter driver used by N900 devices. Local users\n could exploit this issue to cause a denial of service or\n potentially gain elevated privileges.\n\n - CVE-2011-2723\n Brent Meshier reported an issue in the GRO (generic\n receive offload) implementation. This can be exploited\n by remote users to create a denial of service (system\n crash) in certain network device configurations.\n\n - CVE-2011-2905\n Christian Ohm discovered that the 'perf' analysis tool\n searches for its config files in the current working\n directory. This could lead to denial of service or\n potential privilege escalation if a user with elevated\n privileges is tricked into running 'perf' in a directory\n under the control of the attacker.\n\n - CVE-2011-2909\n Vasiliy Kulikov of Openwall discovered that a\n programming error in the Comedi driver could lead to the\n information disclosure through leaked stack memory.\n\n - CVE-2011-2918\n Vince Weaver discovered that incorrect handling of\n software event overflows in the 'perf' analysis tool\n could lead to local denial of service.\n\n - CVE-2011-2928\n Timo Warns discovered that insufficient validation of Be\n filesystem images could lead to local denial of service\n if a malformed filesystem image is mounted.\n\n - CVE-2011-3188\n Dan Kaminsky reported a weakness of the sequence number\n generation in the TCP protocol implementation. This can\n be used by remote attackers to inject packets into an\n active session.\n\n - CVE-2011-3191\n Darren Lavender reported an issue in the Common Internet\n File System (CIFS). A malicious file server could cause\n memory corruption leading to a denial of service.\n\nThis update also includes a fix for a regression introduced with the\nprevious security fix for CVE-2011-1768 (Debian bug #633738).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1020\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1576\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2484\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2491\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2492\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2495\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2496\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2497\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2517\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2525\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2700\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2723\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2905\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2909\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2918\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2928\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-3188\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-3191\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1768\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=633738\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/linux-2.6\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2011/dsa-2303\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the linux-2.6 and user-mode-linux packages.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.6.32-35squeeze2. Updates for issues impacting the oldstable\ndistribution (lenny) will be available soon.\n\nThe following matrix lists additional source packages that were\nrebuilt for compatibility with or to take advantage of this update :\n\n Debian 6.0 (squeeze) \n user-mode-linux 2.6.32-1um-4+35squeeze2\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-2.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/02/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/09/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"firmware-linux-free\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-base\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-doc-2.6.32\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-486\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-4kc-malta\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-5kc-malta\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-686\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-686-bigmem\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-amd64\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-armel\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-i386\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-ia64\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-mips\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-mipsel\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-powerpc\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-s390\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-sparc\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-amd64\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-common\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-common-openvz\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-common-vserver\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-common-xen\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-iop32x\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-itanium\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-ixp4xx\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-kirkwood\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-mckinley\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-openvz-686\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-openvz-amd64\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-orion5x\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-powerpc\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-powerpc-smp\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-powerpc64\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-r4k-ip22\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-r5k-cobalt\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-r5k-ip32\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-s390x\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-sb1-bcm91250a\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-sb1a-bcm91480b\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-sparc64\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-sparc64-smp\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-versatile\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-686\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-686-bigmem\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-amd64\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-itanium\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-mckinley\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-powerpc\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-powerpc64\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-s390x\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-sparc64\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-xen-686\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-xen-amd64\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-486\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-4kc-malta\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-5kc-malta\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-686\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-686-bigmem\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-686-bigmem-dbg\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-amd64\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-amd64-dbg\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-iop32x\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-itanium\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-ixp4xx\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-kirkwood\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-mckinley\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-openvz-686\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-openvz-686-dbg\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-openvz-amd64\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-openvz-amd64-dbg\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-orion5x\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-powerpc\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-powerpc-smp\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-powerpc64\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-r4k-ip22\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-r5k-cobalt\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-r5k-ip32\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-s390x\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-s390x-tape\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-sb1-bcm91250a\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-sb1a-bcm91480b\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-sparc64\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-sparc64-smp\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-versatile\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-686\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-686-bigmem\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-686-bigmem-dbg\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-amd64\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-amd64-dbg\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-itanium\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-mckinley\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-powerpc\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-powerpc64\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-s390x\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-sparc64\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-xen-686\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-xen-686-dbg\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-xen-amd64\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-xen-amd64-dbg\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-libc-dev\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-manual-2.6.32\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-patch-debian-2.6.32\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-source-2.6.32\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-support-2.6.32-5\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-tools-2.6.32\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"xen-linux-system-2.6.32-5-xen-686\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"xen-linux-system-2.6.32-5-xen-amd64\", reference:\"2.6.32-35squeeze2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-19T14:23:35", "description": "It was discovered that the /proc filesystem did not correctly handle permission changes when programs executed. A local attacker could hold open files to examine details about programs running with higher privileges, potentially increasing the chances of exploiting additional vulnerabilities. (CVE-2011-1020)\n\nVasiliy Kulikov discovered that the Bluetooth stack did not correctly clear memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2011-1078)\n\nVasiliy Kulikov discovered that the Bluetooth stack did not correctly check that device name strings were NULL terminated. A local attacker could exploit this to crash the system, leading to a denial of service, or leak contents of kernel stack memory, leading to a loss of privacy. (CVE-2011-1079)\n\nVasiliy Kulikov discovered that bridge network filtering did not check that name fields were NULL terminated. A local attacker could exploit this to leak contents of kernel stack memory, leading to a loss of privacy. (CVE-2011-1080)\n\nJohan Hovold discovered that the DCCP network stack did not correctly handle certain packet combinations. A remote attacker could send specially crafted network traffic that would crash the system, leading to a denial of service. (CVE-2011-1093)\n\nPeter Huewe discovered that the TPM device did not correctly initialize memory. A local attacker could exploit this to read kernel heap memory contents, leading to a loss of privacy. (CVE-2011-1160)\n\nDan Rosenberg discovered that the IRDA subsystem did not correctly check certain field sizes. If a system was using IRDA, a remote attacker could send specially crafted traffic to crash the system or gain root privileges. (CVE-2011-1180)\n\nRyan Sweat discovered that the GRO code did not correctly validate memory. In some configurations on systems using VLANs, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. (CVE-2011-1478)\n\nIt was discovered that the security fix for CVE-2010-4250 introduced a regression. A remote attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-1479)\n\nDan Rosenberg discovered that the X.25 Rose network stack did not correctly handle certain fields. If a system was running with Rose enabled, a remote attacker could send specially crafted traffic to gain root privileges. (CVE-2011-1493)\n\nIt was discovered that the Stream Control Transmission Protocol (SCTP) implementation incorrectly calculated lengths. If the net.sctp.addip_enable variable was turned on, a remote attacker could send specially crafted traffic to crash the system. (CVE-2011-1573)\n\nRyan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service.\n(CVE-2011-1576)\n\nTimo Warns discovered that the GUID partition parsing routines did not correctly validate certain structures. A local attacker with physical access could plug in a specially crafted block device to crash the system, leading to a denial of service. (CVE-2011-1577)\n\nPhil Oester discovered that the network bonding system did not correctly handle large queues. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. (CVE-2011-1581)\n\nIt was discovered that CIFS incorrectly handled authentication. When a user had a CIFS share mounted that required authentication, a local user could mount the same share without knowing the correct password.\n(CVE-2011-1585)\n\nIt was discovered that the GRE protocol incorrectly handled netns initialization. A remote attacker could send a packet while the ip_gre module was loading, and crash the system, leading to a denial of service. (CVE-2011-1767)\n\nIt was discovered that the IP/IP protocol incorrectly handled netns initialization. A remote attacker could send a packet while the ipip module was loading, and crash the system, leading to a denial of service. (CVE-2011-1768)\n\nBen Greear discovered that CIFS did not correctly handle direct I/O. A local attacker with access to a CIFS partition could exploit this to crash the system, leading to a denial of service. (CVE-2011-1771)\n\nTimo Warns discovered that the EFI GUID partition table was not correctly parsed. A physically local attacker that could insert mountable devices could exploit this to crash the system or possibly gain root privileges. (CVE-2011-1776)\n\nVasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not correctly check the origin of mount points. A local attacker could exploit this to trick the system into unmounting arbitrary mount points, leading to a denial of service. (CVE-2011-1833)\n\nBen Hutchings reported a flaw in the kernel's handling of corrupt LDM partitions. A local user could exploit this to cause a denial of service or escalate privileges. (CVE-2011-2182)\n\nDan Rosenberg discovered that the IPv4 diagnostic routines did not correctly validate certain requests. A local attacker could exploit this to consume CPU resources, leading to a denial of service.\n(CVE-2011-2213)\n\nIt was discovered that an mmap() call with the MAP_PRIVATE flag on '/dev/zero' was incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service.\n(CVE-2011-2479)\n\nVasiliy Kulikov discovered that taskstats listeners were not correctly handled. A local attacker could exploit this to exhaust memory and CPU resources, leading to a denial of service. (CVE-2011-2484)\n\nIt was discovered that Bluetooth l2cap and rfcomm did not correctly initialize structures. A local attacker could exploit this to read portions of the kernel stack, leading to a loss of privacy.\n(CVE-2011-2492)\n\nSami Liedes discovered that ext4 did not correctly handle missing root inodes. A local attacker could trigger the mount of a specially crafted filesystem to cause the system to crash, leading to a denial of service. (CVE-2011-2493)\n\nRobert Swiecki discovered that mapping extensions were incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2496)\n\nDan Rosenberg discovered that the Bluetooth stack incorrectly handled certain L2CAP requests. If a system was using Bluetooth, a remote attacker could send specially crafted traffic to crash the system or gain root privileges. (CVE-2011-2497)\n\nBen Pfaff discovered that Classless Queuing Disciplines (qdiscs) were being incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2525)\n\nIt was discovered that GFS2 did not correctly check block sizes. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2689)\n\nIt was discovered that the EXT4 filesystem contained multiple off-by-one flaws. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2695)\n\nFernando Gont discovered that the IPv6 stack used predictable fragment identification numbers. A remote attacker could exploit this to exhaust network resources, leading to a denial of service.\n(CVE-2011-2699)\n\nMauro Carvalho Chehab discovered that the si4713 radio driver did not correctly check the length of memory copies. If this hardware was available, a local attacker could exploit this to crash the system or gain root privileges. (CVE-2011-2700)\n\nHerbert Xu discovered that certain fields were incorrectly handled when Generic Receive Offload (CVE-2011-2723)\n\nThe performance counter subsystem did not correctly handle certain counters. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2918)\n\nTime Warns discovered that long symlinks were incorrectly handled on Be filesystems. A local attacker could exploit this with a malformed Be filesystem and crash the system, leading to a denial of service.\n(CVE-2011-2928)\n\nQianfeng Zhang discovered that the bridge networking interface incorrectly handled certain network packets. A remote attacker could exploit this to crash the system, leading to a denial of service.\n(CVE-2011-2942)\n\nDan Kaminsky discovered that the kernel incorrectly handled random sequence number generation. An attacker could use this flaw to possibly predict sequence numbers and inject packets. (CVE-2011-3188)\n\nDarren Lavender discovered that the CIFS client incorrectly handled certain large values. A remote attacker with a malicious server could exploit this to crash the system or possibly execute arbitrary code as the root user. (CVE-2011-3191)\n\nYasuaki Ishimatsu discovered a flaw in the kernel's clock implementation. A local unprivileged attacker could exploit this causing a denial of service. (CVE-2011-3209)\n\nYogesh Sharma discovered that CIFS did not correctly handle UNCs that had no prefixpaths. A local attacker with access to a CIFS partition could exploit this to crash the system, leading to a denial of service. (CVE-2011-3363)\n\nA flaw was discovered in the Linux kernel's AppArmor security interface when invalid information was written to it. An unprivileged local user could use this to cause a denial of service on the system.\n(CVE-2011-3619)\n\nA flaw was found in the Linux kernel's /proc/*/*map* interface. A local, unprivileged user could exploit this flaw to cause a denial of service. (CVE-2011-3637)\n\nScot Doyle discovered that the bridge networking interface incorrectly handled certain network packets. A remote attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-4087)\n\nA bug was found in the way headroom check was performed in udp6_ufo_fragment() function. A remote attacker could use this flaw to crash the system. (CVE-2011-4326)\n\nBen Hutchings discovered several flaws in the Linux Rose (X.25 PLP) layer. A local user or a remote user on an X.25 network could exploit these flaws to execute arbitrary code as root. (CVE-2011-4914).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2011-11-10T00:00:00", "type": "nessus", "title": "Ubuntu 10.04 LTS : linux-lts-backport-natty vulnerabilities (USN-1256-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 8.5, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-4250", "CVE-2011-1020", "CVE-2011-1078", "CVE-2011-1079", "CVE-2011-1080", "CVE-2011-1093", "CVE-2011-1160", "CVE-2011-1180", "CVE-2011-1478", "CVE-2011-1479", "CVE-2011-1493", "CVE-2011-1573", "CVE-2011-1576", "CVE-2011-1577", "CVE-2011-1581", "CVE-2011-1585", "CVE-2011-1767", "CVE-2011-1768", "CVE-2011-1771", "CVE-2011-1776", "CVE-2011-1833", "CVE-2011-2182", "CVE-2011-2183", "CVE-2011-2213", "CVE-2011-2479", "CVE-2011-2484", "CVE-2011-2491", "CVE-2011-2492", "CVE-2011-2493", "CVE-2011-2494", "CVE-2011-2495", "CVE-2011-2496", "CVE-2011-2497", "CVE-2011-2517", "CVE-2011-2525", "CVE-2011-2689", "CVE-2011-2695", "CVE-2011-2699", "CVE-2011-2700", "CVE-2011-2723", "CVE-2011-2905", "CVE-2011-2909", "CVE-2011-2918", "CVE-2011-2928", "CVE-2011-2942", "CVE-2011-3188", "CVE-2011-3191", "CVE-2011-3209", "CVE-2011-3363", "CVE-2011-3619", "CVE-2011-3637", "CVE-2011-4087", "CVE-2011-4326", "CVE-2011-4914"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts"], "id": "UBUNTU_USN-1256-1.NASL", "href": "https://www.tenable.com/plugins/nessus/56768", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1256-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56768);\n script_version(\"1.18\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2010-4250\", \"CVE-2011-1020\", \"CVE-2011-1078\", \"CVE-2011-1079\", \"CVE-2011-1080\", \"CVE-2011-1093\", \"CVE-2011-1160\", \"CVE-2011-1180\", \"CVE-2011-1478\", \"CVE-2011-1479\", \"CVE-2011-1493\", \"CVE-2011-1573\", \"CVE-2011-1576\", \"CVE-2011-1577\", \"CVE-2011-1581\", \"CVE-2011-1585\", \"CVE-2011-1767\", \"CVE-2011-1768\", \"CVE-2011-1771\", \"CVE-2011-1776\", \"CVE-2011-1833\", \"CVE-2011-2182\", \"CVE-2011-2183\", \"CVE-2011-2213\", \"CVE-2011-2479\", \"CVE-2011-2484\", \"CVE-2011-2491\", \"CVE-2011-2492\", \"CVE-2011-2493\", \"CVE-2011-2494\", \"CVE-2011-2495\", \"CVE-2011-2496\", \"CVE-2011-2497\", \"CVE-2011-2517\", \"CVE-2011-2525\", \"CVE-2011-2689\", \"CVE-2011-2695\", \"CVE-2011-2699\", \"CVE-2011-2700\", \"CVE-2011-2723\", \"CVE-2011-2905\", \"CVE-2011-2909\", \"CVE-2011-2918\", \"CVE-2011-2928\", \"CVE-2011-2942\", \"CVE-2011-3188\", \"CVE-2011-3191\", \"CVE-2011-3209\", \"CVE-2011-3363\", \"CVE-2011-3619\", \"CVE-2011-3637\", \"CVE-2011-4087\", \"CVE-2011-4326\", \"CVE-2011-4914\");\n script_bugtraq_id(46567, 46616, 46793, 46866, 46935, 46980, 47056, 47296, 47308, 47321, 47343, 47381, 47768, 47796, 47852, 47853, 47926, 48101, 48333, 48347, 48383, 48441, 48472, 48538, 48641, 48677, 48697, 48802, 48804, 48907, 48929, 49108, 49140, 49141, 49408, 49411, 50314);\n script_xref(name:\"USN\", value:\"1256-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS : linux-lts-backport-natty vulnerabilities (USN-1256-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the /proc filesystem did not correctly handle\npermission changes when programs executed. A local attacker could hold\nopen files to examine details about programs running with higher\nprivileges, potentially increasing the chances of exploiting\nadditional vulnerabilities. (CVE-2011-1020)\n\nVasiliy Kulikov discovered that the Bluetooth stack did not correctly\nclear memory. A local attacker could exploit this to read kernel stack\nmemory, leading to a loss of privacy. (CVE-2011-1078)\n\nVasiliy Kulikov discovered that the Bluetooth stack did not correctly\ncheck that device name strings were NULL terminated. A local attacker\ncould exploit this to crash the system, leading to a denial of\nservice, or leak contents of kernel stack memory, leading to a loss of\nprivacy. (CVE-2011-1079)\n\nVasiliy Kulikov discovered that bridge network filtering did not check\nthat name fields were NULL terminated. A local attacker could exploit\nthis to leak contents of kernel stack memory, leading to a loss of\nprivacy. (CVE-2011-1080)\n\nJohan Hovold discovered that the DCCP network stack did not correctly\nhandle certain packet combinations. A remote attacker could send\nspecially crafted network traffic that would crash the system, leading\nto a denial of service. (CVE-2011-1093)\n\nPeter Huewe discovered that the TPM device did not correctly\ninitialize memory. A local attacker could exploit this to read kernel\nheap memory contents, leading to a loss of privacy. (CVE-2011-1160)\n\nDan Rosenberg discovered that the IRDA subsystem did not correctly\ncheck certain field sizes. If a system was using IRDA, a remote\nattacker could send specially crafted traffic to crash the system or\ngain root privileges. (CVE-2011-1180)\n\nRyan Sweat discovered that the GRO code did not correctly validate\nmemory. In some configurations on systems using VLANs, a remote\nattacker could send specially crafted traffic to crash the system,\nleading to a denial of service. (CVE-2011-1478)\n\nIt was discovered that the security fix for CVE-2010-4250 introduced a\nregression. A remote attacker could exploit this to crash the system,\nleading to a denial of service. (CVE-2011-1479)\n\nDan Rosenberg discovered that the X.25 Rose network stack did not\ncorrectly handle certain fields. If a system was running with Rose\nenabled, a remote attacker could send specially crafted traffic to\ngain root privileges. (CVE-2011-1493)\n\nIt was discovered that the Stream Control Transmission Protocol (SCTP)\nimplementation incorrectly calculated lengths. If the\nnet.sctp.addip_enable variable was turned on, a remote attacker could\nsend specially crafted traffic to crash the system. (CVE-2011-1573)\n\nRyan Sweat discovered that the kernel incorrectly handled certain VLAN\npackets. On some systems, a remote attacker could send specially\ncrafted traffic to crash the system, leading to a denial of service.\n(CVE-2011-1576)\n\nTimo Warns discovered that the GUID partition parsing routines did not\ncorrectly validate certain structures. A local attacker with physical\naccess could plug in a specially crafted block device to crash the\nsystem, leading to a denial of service. (CVE-2011-1577)\n\nPhil Oester discovered that the network bonding system did not\ncorrectly handle large queues. On some systems, a remote attacker\ncould send specially crafted traffic to crash the system, leading to a\ndenial of service. (CVE-2011-1581)\n\nIt was discovered that CIFS incorrectly handled authentication. When a\nuser had a CIFS share mounted that required authentication, a local\nuser could mount the same share without knowing the correct password.\n(CVE-2011-1585)\n\nIt was discovered that the GRE protocol incorrectly handled netns\ninitialization. A remote attacker could send a packet while the ip_gre\nmodule was loading, and crash the system, leading to a denial of\nservice. (CVE-2011-1767)\n\nIt was discovered that the IP/IP protocol incorrectly handled netns\ninitialization. A remote attacker could send a packet while the ipip\nmodule was loading, and crash the system, leading to a denial of\nservice. (CVE-2011-1768)\n\nBen Greear discovered that CIFS did not correctly handle direct I/O. A\nlocal attacker with access to a CIFS partition could exploit this to\ncrash the system, leading to a denial of service. (CVE-2011-1771)\n\nTimo Warns discovered that the EFI GUID partition table was not\ncorrectly parsed. A physically local attacker that could insert\nmountable devices could exploit this to crash the system or possibly\ngain root privileges. (CVE-2011-1776)\n\nVasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not\ncorrectly check the origin of mount points. A local attacker could\nexploit this to trick the system into unmounting arbitrary mount\npoints, leading to a denial of service. (CVE-2011-1833)\n\nBen Hutchings reported a flaw in the kernel's handling of corrupt LDM\npartitions. A local user could exploit this to cause a denial of\nservice or escalate privileges. (CVE-2011-2182)\n\nDan Rosenberg discovered that the IPv4 diagnostic routines did not\ncorrectly validate certain requests. A local attacker could exploit\nthis to consume CPU resources, leading to a denial of service.\n(CVE-2011-2213)\n\nIt was discovered that an mmap() call with the MAP_PRIVATE flag on\n'/dev/zero' was incorrectly handled. A local attacker could exploit\nthis to crash the system, leading to a denial of service.\n(CVE-2011-2479)\n\nVasiliy Kulikov discovered that taskstats listeners were not correctly\nhandled. A local attacker could exploit this to exhaust memory and CPU\nresources, leading to a denial of service. (CVE-2011-2484)\n\nIt was discovered that Bluetooth l2cap and rfcomm did not correctly\ninitialize structures. A local attacker could exploit this to read\nportions of the kernel stack, leading to a loss of privacy.\n(CVE-2011-2492)\n\nSami Liedes discovered that ext4 did not correctly handle missing root\ninodes. A local attacker could trigger the mount of a specially\ncrafted filesystem to cause the system to crash, leading to a denial\nof service. (CVE-2011-2493)\n\nRobert Swiecki discovered that mapping extensions were incorrectly\nhandled. A local attacker could exploit this to crash the system,\nleading to a denial of service. (CVE-2011-2496)\n\nDan Rosenberg discovered that the Bluetooth stack incorrectly handled\ncertain L2CAP requests. If a system was using Bluetooth, a remote\nattacker could send specially crafted traffic to crash the system or\ngain root privileges. (CVE-2011-2497)\n\nBen Pfaff discovered that Classless Queuing Disciplines (qdiscs) were\nbeing incorrectly handled. A local attacker could exploit this to\ncrash the system, leading to a denial of service. (CVE-2011-2525)\n\nIt was discovered that GFS2 did not correctly check block sizes. A\nlocal attacker could exploit this to crash the system, leading to a\ndenial of service. (CVE-2011-2689)\n\nIt was discovered that the EXT4 filesystem contained multiple\noff-by-one flaws. A local attacker could exploit this to crash the\nsystem, leading to a denial of service. (CVE-2011-2695)\n\nFernando Gont discovered that the IPv6 stack used predictable fragment\nidentification numbers. A remote attacker could exploit this to\nexhaust network resources, leading to a denial of service.\n(CVE-2011-2699)\n\nMauro Carvalho Chehab discovered that the si4713 radio driver did not\ncorrectly check the length of memory copies. If this hardware was\navailable, a local attacker could exploit this to crash the system or\ngain root privileges. (CVE-2011-2700)\n\nHerbert Xu discovered that certain fields were incorrectly handled\nwhen Generic Receive Offload (CVE-2011-2723)\n\nThe performance counter subsystem did not correctly handle certain\ncounters. A local attacker could exploit this to crash the system,\nleading to a denial of service. (CVE-2011-2918)\n\nTime Warns discovered that long symlinks were incorrectly handled on\nBe filesystems. A local attacker could exploit this with a malformed\nBe filesystem and crash the system, leading to a denial of service.\n(CVE-2011-2928)\n\nQianfeng Zhang discovered that the bridge networking interface\nincorrectly handled certain network packets. A remote attacker could\nexploit this to crash the system, leading to a denial of service.\n(CVE-2011-2942)\n\nDan Kaminsky discovered that the kernel incorrectly handled random\nsequence number generation. An attacker could use this flaw to\npossibly predict sequence numbers and inject packets. (CVE-2011-3188)\n\nDarren Lavender discovered that the CIFS client incorrectly handled\ncertain large values. A remote attacker with a malicious server could\nexploit this to crash the system or possibly execute arbitrary code as\nthe root user. (CVE-2011-3191)\n\nYasuaki Ishimatsu discovered a flaw in the kernel's clock\nimplementation. A local unprivileged attacker could exploit this\ncausing a denial of service. (CVE-2011-3209)\n\nYogesh Sharma discovered that CIFS did not correctly handle UNCs that\nhad no prefixpaths. A local attacker with access to a CIFS partition\ncould exploit this to crash the system, leading to a denial of\nservice. (CVE-2011-3363)\n\nA flaw was discovered in the Linux kernel's AppArmor security\ninterface when invalid information was written to it. An unprivileged\nlocal user could use this to cause a denial of service on the system.\n(CVE-2011-3619)\n\nA flaw was found in the Linux kernel's /proc/*/*map* interface. A\nlocal, unprivileged user could exploit this flaw to cause a denial of\nservice. (CVE-2011-3637)\n\nScot Doyle discovered that the bridge networking interface incorrectly\nhandled certain network packets. A remote attacker could exploit this\nto crash the system, leading to a denial of service. (CVE-2011-4087)\n\nA bug was found in the way headroom check was performed in\nudp6_ufo_fragment() function. A remote attacker could use this flaw to\ncrash the system. (CVE-2011-4326)\n\nBen Hutchings discovered several flaws in the Linux Rose (X.25 PLP)\nlayer. A local user or a remote user on an X.25 network could exploit\nthese flaws to execute arbitrary code as root. (CVE-2011-4914).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1256-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/02/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2010-4250\", \"CVE-2011-1020\", \"CVE-2011-1078\", \"CVE-2011-1079\", \"CVE-2011-1080\", \"CVE-2011-1093\", \"CVE-2011-1160\", \"CVE-2011-1180\", \"CVE-2011-1478\", \"CVE-2011-1479\", \"CVE-2011-1493\", \"CVE-2011-1573\", \"CVE-2011-1576\", \"CVE-2011-1577\", \"CVE-2011-1581\", \"CVE-2011-1585\", \"CVE-2011-1767\", \"CVE-2011-1768\", \"CVE-2011-1771\", \"CVE-2011-1776\", \"CVE-2011-1833\", \"CVE-2011-2182\", \"CVE-2011-2183\", \"CVE-2011-2213\", \"CVE-2011-2479\", \"CVE-2011-2484\", \"CVE-2011-2491\", \"CVE-2011-2492\", \"CVE-2011-2493\", \"CVE-2011-2494\", \"CVE-2011-2495\", \"CVE-2011-2496\", \"CVE-2011-2497\", \"CVE-2011-2517\", \"CVE-2011-2525\", \"CVE-2011-2689\", \"CVE-2011-2695\", \"CVE-2011-2699\", \"CVE-2011-2700\", \"CVE-2011-2723\", \"CVE-2011-2905\", \"CVE-2011-2909\", \"CVE-2011-2918\", \"CVE-2011-2928\", \"CVE-2011-2942\", \"CVE-2011-3188\", \"CVE-2011-3191\", \"CVE-2011-3209\", \"CVE-2011-3363\", \"CVE-2011-3619\", \"CVE-2011-3637\", \"CVE-2011-4087\", \"CVE-2011-4326\", \"CVE-2011-4914\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-1256-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.38-12-generic\", pkgver:\"2.6.38-12.51~lucid1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.38-12-generic-pae\", pkgver:\"2.6.38-12.51~lucid1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.38-12-server\", pkgver:\"2.6.38-12.51~lucid1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.38-12-virtual\", pkgver:\"2.6.38-12.51~lucid1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-2.6-generic / linux-image-2.6-generic-pae / etc\");\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2023-01-16T14:37:08", "description": "Goldwyn Rodrigues discovered that the OCFS2 filesystem did not correctly clear memory when writing certain file holes. A local attacker could exploit this to read uninitialized data from the disk, leading to a loss of privacy. (CVE-2011-0463)\n\nTimo Warns discovered that the LDM disk partition handling code did not correctly handle certain values. By inserting a specially crafted disk device, a local attacker could exploit this to gain root privileges. (CVE-2011-1017)\n\nIt was discovered that the /proc filesystem did not correctly handle permission changes when programs executed. A local attacker could hold open files to examine details about programs running with higher privileges, potentially increasing the chances of exploiting additional vulnerabilities. (CVE-2011-1020)\n\nVasiliy Kulikov discovered that the Bluetooth stack did not correctly clear memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2011-1078)\n\nVasiliy Kulikov discovered that the Bluetooth stack did not correctly check that device name strings were NULL terminated. A local attacker could exploit this to crash the system, leading to a denial of service, or leak contents of kernel stack memory, leading to a loss of privacy. (CVE-2011-1079)\n\nVasiliy Kulikov discovered that bridge network filtering did not check that name fields were NULL terminated. A local attacker could exploit this to leak contents of kernel stack memory, leading to a loss of privacy. (CVE-2011-1080)\n\nPeter Huewe discovered that the TPM device did not correctly initialize memory. A local attacker could exploit this to read kernel heap memory contents, leading to a loss of privacy. (CVE-2011-1160)\n\nVasiliy Kulikov discovered that the netfilter code did not check certain strings copied from userspace. A local attacker with netfilter access could exploit this to read kernel memory or crash the system, leading to a denial of service. (CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, CVE-2011-2534)\n\nVasiliy Kulikov discovered that the Acorn Universal Networking driver did not correctly initialize memory. A remote attacker could send specially crafted traffic to read kernel stack memory, leading to a loss of privacy. (CVE-2011-1173)\n\nDan Rosenberg discovered that the IRDA subsystem did not correctly check certain field sizes. If a system was using IRDA, a remote attacker could send specially crafted traffic to crash the system or gain root privileges. (CVE-2011-1180)\n\nJulien Tinnes discovered that the kernel did not correctly validate the signal structure from tkill(). A local attacker could exploit this to send signals to arbitrary threads, possibly bypassing expected restrictions. (CVE-2011-1182)\n\nDan Rosenberg discovered that the X.25 Rose network stack did not correctly handle certain fields. If a system was running with Rose enabled, a remote attacker could send specially crafted traffic to gain root privileges. (CVE-2011-1493)\n\nDan Rosenberg discovered that MPT devices did not correctly validate certain values in ioctl calls. If these drivers were loaded, a local attacker could exploit this to read arbitrary kernel memory, leading to a loss of privacy. (CVE-2011-1494, CVE-2011-1495)\n\nTimo Warns discovered that the GUID partition parsing routines did not correctly validate certain structures. A local attacker with physical access could plug in a specially crafted block device to crash the system, leading to a denial of service. (CVE-2011-1577)\n\nPhil Oester discovered that the network bonding system did not correctly handle large queues. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. (CVE-2011-1581)\n\nTavis Ormandy discovered that the pidmap function did not correctly handle large requests. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-1593)\n\nOliver Hartkopp and Dave Jones discovered that the CAN network driver did not correctly validate certain socket structures. If this driver was loaded, a local attacker could crash the system, leading to a denial of service. (CVE-2011-1598, CVE-2011-1748)\n\nVasiliy Kulikov discovered that the AGP driver did not check certain ioctl values. A local attacker with access to the video subsystem could exploit this to crash the system, leading to a denial of service, or possibly gain root privileges. (CVE-2011-1745, CVE-2011-2022)\n\nVasiliy Kulikov discovered that the AGP driver did not check the size of certain memory allocations. A local attacker with access to the video subsystem could exploit this to run the system out of memory, leading to a denial of service. (CVE-2011-1746)\n\nDan Rosenberg discovered that the DCCP stack did not correctly handle certain packet structures. A remote attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-1770)\n\nBen Greear discovered that CIFS did not correctly handle direct I/O.\nA local attacker with access to a CIFS partition could exploit this to crash the system, leading to a denial of service. (CVE-2011-1771)\n\nVasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not correctly check the origin of mount points. A local attacker could exploit this to trick the system into unmounting arbitrary mount points, leading to a denial of service. (CVE-2011-1833)\n\nVasiliy Kulikov discovered that taskstats listeners were not correctly handled. A local attacker could expoit this to exhaust memory and CPU resources, leading to a denial of service.\n(CVE-2011-2484)\n\nIt was discovered that Bluetooth l2cap and rfcomm did not correctly initialize structures. A local attacker could exploit this to read portions of the kernel stack, leading to a loss of privacy.\n(CVE-2011-2492)\n\nSami Liedes discovered that ext4 did not correctly handle missing root inodes. A local attacker could trigger the mount of a specially crafted filesystem to cause the system to crash, leading to a denial of service. (CVE-2011-2493)\n\nIt was discovered that GFS2 did not correctly check block sizes. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2689)\n\nFernando Gont discovered that the IPv6 stack used predictable fragment identification numbers. A remote attacker could exploit this to exhaust network resources, leading to a denial of service.\n(CVE-2011-2699)\n\nThe performance counter subsystem did not correctly handle certain counters. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2918)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2011-09-22T00:00:00", "type": "nessus", "title": "USN-1212-1 : linux-ti-omap4 vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 8.5, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-0463", "CVE-2011-1017", "CVE-2011-1020", "CVE-2011-1078", "CVE-2011-1079", "CVE-2011-1080", "CVE-2011-1160", "CVE-2011-1170", "CVE-2011-1171", "CVE-2011-1172", "CVE-2011-1173", "CVE-2011-1180", "CVE-2011-1182", "CVE-2011-1493", "CVE-2011-1494", "CVE-2011-1495", "CVE-2011-1577", "CVE-2011-1581", "CVE-2011-1593", "CVE-2011-1598", "CVE-2011-1745", "CVE-2011-1746", "CVE-2011-1748", "CVE-2011-1770", "CVE-2011-1771", "CVE-2011-1833", "CVE-2011-2022", "CVE-2011-2484", "CVE-2011-2492", "CVE-2011-2493", "CVE-2011-2534", "CVE-2011-2689", "CVE-2011-2699", "CVE-2011-2918"], "modified": "2019-10-16T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux"], "id": "UBUNTU_USN-1212-1.NASL", "href": "https://www.tenable.com/plugins/nessus/56257", "sourceData": "# This script was automatically generated from Ubuntu Security\n# Notice USN-1212-1. It is released under the Nessus Script \n# Licence.\n#\n# Ubuntu Security Notices are (C) Canonical, Inc.\n# See http://www.ubuntu.com/usn/\n# Ubuntu(R) is a registered trademark of Canonical, Inc.\n\nif (!defined_func(\"bn_random\")) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56257);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/10/16 10:34:22\");\n\n script_cve_id(\"CVE-2011-0463\", \"CVE-2011-1017\", \"CVE-2011-1020\", \"CVE-2011-1078\", \"CVE-2011-1079\", \"CVE-2011-1080\", \"CVE-2011-1160\", \"CVE-2011-1170\", \"CVE-2011-1171\", \"CVE-2011-1172\", \"CVE-2011-1173\", \"CVE-2011-1180\", \"CVE-2011-1182\", \"CVE-2011-1493\", \"CVE-2011-1494\", \"CVE-2011-1495\", \"CVE-2011-1577\", \"CVE-2011-1581\", \"CVE-2011-1593\", \"CVE-2011-1598\", \"CVE-2011-1745\", \"CVE-2011-1746\", \"CVE-2011-1748\", \"CVE-2011-1770\", \"CVE-2011-1771\", \"CVE-2011-1833\", \"CVE-2011-2022\", \"CVE-2011-2484\", \"CVE-2011-2492\", \"CVE-2011-2493\", \"CVE-2011-2534\", \"CVE-2011-2689\", \"CVE-2011-2699\", \"CVE-2011-2918\");\n script_xref(name:\"USN\", value:\"1212-1\");\n\n script_name(english:\"USN-1212-1 : linux-ti-omap4 vulnerabilities\");\n script_summary(english:\"Checks dpkg output for updated package(s)\");\n\n script_set_attribute(attribute:\"synopsis\", value: \n\"The remote Ubuntu host is missing one or more security-related\npatches.\");\n script_set_attribute(attribute:\"description\", value:\n\"Goldwyn Rodrigues discovered that the OCFS2 filesystem did not\ncorrectly clear memory when writing certain file holes. A local\nattacker could exploit this to read uninitialized data from the disk,\nleading to a loss of privacy. (CVE-2011-0463)\n\nTimo Warns discovered that the LDM disk partition handling code did\nnot correctly handle certain values. By inserting a specially crafted\ndisk device, a local attacker could exploit this to gain root\nprivileges. (CVE-2011-1017)\n\nIt was discovered that the /proc filesystem did not correctly handle\npermission changes when programs executed. A local attacker could\nhold open files to examine details about programs running with higher\nprivileges, potentially increasing the chances of exploiting\nadditional vulnerabilities. (CVE-2011-1020)\n\nVasiliy Kulikov discovered that the Bluetooth stack did not correctly\nclear memory. A local attacker could exploit this to read kernel\nstack memory, leading to a loss of privacy. (CVE-2011-1078)\n\nVasiliy Kulikov discovered that the Bluetooth stack did not correctly\ncheck that device name strings were NULL terminated. A local attacker\ncould exploit this to crash the system, leading to a denial of\nservice, or leak contents of kernel stack memory, leading to a loss\nof privacy. (CVE-2011-1079)\n\nVasiliy Kulikov discovered that bridge network filtering did not\ncheck that name fields were NULL terminated. A local attacker could\nexploit this to leak contents of kernel stack memory, leading to a\nloss of privacy. (CVE-2011-1080)\n\nPeter Huewe discovered that the TPM device did not correctly\ninitialize memory. A local attacker could exploit this to read kernel\nheap memory contents, leading to a loss of privacy. (CVE-2011-1160)\n\nVasiliy Kulikov discovered that the netfilter code did not check\ncertain strings copied from userspace. A local attacker with\nnetfilter access could exploit this to read kernel memory or crash\nthe system, leading to a denial of service. (CVE-2011-1170,\nCVE-2011-1171, CVE-2011-1172, CVE-2011-2534)\n\nVasiliy Kulikov discovered that the Acorn Universal Networking driver\ndid not correctly initialize memory. A remote attacker could send\nspecially crafted traffic to read kernel stack memory, leading to a\nloss of privacy. (CVE-2011-1173)\n\nDan Rosenberg discovered that the IRDA subsystem did not correctly\ncheck certain field sizes. If a system was using IRDA, a remote\nattacker could send specially crafted traffic to crash the system or\ngain root privileges. (CVE-2011-1180)\n\nJulien Tinnes discovered that the kernel did not correctly validate\nthe signal structure from tkill(). A local attacker could exploit\nthis to send signals to arbitrary threads, possibly bypassing\nexpected restrictions. (CVE-2011-1182)\n\nDan Rosenberg discovered that the X.25 Rose network stack did not\ncorrectly handle certain fields. If a system was running with Rose\nenabled, a remote attacker could send specially crafted traffic to\ngain root privileges. (CVE-2011-1493)\n\nDan Rosenberg discovered that MPT devices did not correctly validate\ncertain values in ioctl calls. If these drivers were loaded, a local\nattacker could exploit this to read arbitrary kernel memory, leading\nto a loss of privacy. (CVE-2011-1494, CVE-2011-1495)\n\nTimo Warns discovered that the GUID partition parsing routines did\nnot correctly validate certain structures. A local attacker with\nphysical access could plug in a specially crafted block device to\ncrash the system, leading to a denial of service. (CVE-2011-1577)\n\nPhil Oester discovered that the network bonding system did not\ncorrectly handle large queues. On some systems, a remote attacker\ncould send specially crafted traffic to crash the system, leading to\na denial of service. (CVE-2011-1581)\n\nTavis Ormandy discovered that the pidmap function did not correctly\nhandle large requests. A local attacker could exploit this to crash\nthe system, leading to a denial of service. (CVE-2011-1593)\n\nOliver Hartkopp and Dave Jones discovered that the CAN network driver\ndid not correctly validate certain socket structures. If this driver\nwas loaded, a local attacker could crash the system, leading to a\ndenial of service. (CVE-2011-1598, CVE-2011-1748)\n\nVasiliy Kulikov discovered that the AGP driver did not check certain\nioctl values. A local attacker with access to the video subsystem\ncould exploit this to crash the system, leading to a denial of\nservice, or possibly gain root privileges. (CVE-2011-1745,\nCVE-2011-2022)\n\nVasiliy Kulikov discovered that the AGP driver did not check the size\nof certain memory allocations. A local attacker with access to the\nvideo subsystem could exploit this to run the system out of memory,\nleading to a denial of service. (CVE-2011-1746)\n\nDan Rosenberg discovered that the DCCP stack did not correctly handle\ncertain packet structures. A remote attacker could exploit this to\ncrash the system, leading to a denial of service. (CVE-2011-1770)\n\nBen Greear discovered that CIFS did not correctly handle direct I/O.\nA local attacker with access to a CIFS partition could exploit this\nto crash the system, leading to a denial of service. (CVE-2011-1771)\n\nVasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not\ncorrectly check the origin of mount points. A local attacker could\nexploit this to trick the system into unmounting arbitrary mount\npoints, leading to a denial of service. (CVE-2011-1833)\n\nVasiliy Kulikov discovered that taskstats listeners were not\ncorrectly handled. A local attacker could expoit this to exhaust\nmemory and CPU resources, leading to a denial of service.\n(CVE-2011-2484)\n\nIt was discovered that Bluetooth l2cap and rfcomm did not correctly\ninitialize structures. A local attacker could exploit this to read\nportions of the kernel stack, leading to a loss of privacy.\n(CVE-2011-2492)\n\nSami Liedes discovered that ext4 did not correctly handle missing\nroot inodes. A local attacker could trigger the mount of a specially\ncrafted filesystem to cause the system to crash, leading to a denial\nof service. (CVE-2011-2493)\n\nIt was discovered that GFS2 did not correctly check block sizes. A\nlocal attacker could exploit this to crash the system, leading to a\ndenial of service. (CVE-2011-2689)\n\nFernando Gont discovered that the IPv6 stack used predictable\nfragment identification numbers. A remote attacker could exploit this\nto exhaust network resources, leading to a denial of service.\n(CVE-2011-2699)\n\nThe performance counter subsystem did not correctly handle certain\ncounters. A local attacker could exploit this to crash the system,\nleading to a denial of service. (CVE-2011-2918)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.ubuntu.com/usn/usn-1212-1/\");\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package(s).\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/21\");\n\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2011/09/22\");\n script_end_attributes();\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(\"Ubuntu Security Notice (C) 2011 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude(\"ubuntu.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/Ubuntu/release\")) exit(0, \"The host is not running Ubuntu.\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) exit(1, \"Could not obtain the list of installed packages.\");\n\nflag = 0;\n\nif (ubuntu_check(osver:\"11.04\", pkgname:\"linux-image-2.6.38-1209-omap4\", pkgver:\"2.6.38-1209.15\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:ubuntu_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2023-01-11T14:55:32", "description": "The SUSE Linux Enterprise Server 10 SP3 LTSS kernel received a roll up update to fix lots of moderate security issues and several bugs.\n\nThe Following security issues have been fixed :\n\nCVE-2012-4530: The load_script function in fs/binfmt_script.c in the Linux kernel did not properly handle recursion, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application.\n\nCVE-2011-2494: kernel/taskstats.c in the Linux kernel allowed local users to obtain sensitive I/O statistics by sending taskstats commands to a netlink socket, as demonstrated by discovering the length of another users password.\n\nCVE-2013-2234: The (1) key_notify_sa_flush and (2) key_notify_policy_flush functions in net/key/af_key.c in the Linux kernel did not initialize certain structure members, which allowed local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify interface of an IPSec key_socket.\n\nCVE-2013-2237: The key_notify_policy_flush function in net/key/af_key.c in the Linux kernel did not initialize a certain structure member, which allowed local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify_policy interface of an IPSec key_socket.\n\nCVE-2013-2147: The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in the Linux kernel did not initialize certain data structures, which allowed local users to obtain sensitive information from kernel memory via (1) a crafted IDAGETPCIINFO command for a /dev/ida device, related to the ida_locked_ioctl function in drivers/block/cpqarray.c or (2) a crafted CCISS_PASSTHRU32 command for a /dev/cciss device, related to the cciss_ioctl32_passthru function in drivers/block/cciss.c.\n\nCVE-2013-2141: The do_tkill function in kernel/signal.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel memory via a crafted application that makes a (1) tkill or (2) tgkill system call.\n\nCVE-2013-0160: The Linux kernel allowed local users to obtain sensitive information about keystroke timing by using the inotify API on the /dev/ptmx device.\n\nCVE-2012-6537: net/xfrm/xfrm_user.c in the Linux kernel did not initialize certain structures, which allowed local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability.\n\nCVE-2013-3222: The vcc_recvmsg function in net/atm/common.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.\n\nCVE-2013-3223: The ax25_recvmsg function in net/ax25/af_ax25.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.\n\nCVE-2013-3224: The bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the Linux kernel did not properly initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.\n\nCVE-2013-3228: The irda_recvmsg_dgram function in net/irda/af_irda.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.\n\nCVE-2013-3229: The iucv_sock_recvmsg function in net/iucv/af_iucv.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.\n\nCVE-2013-3231: The llc_ui_recvmsg function in net/llc/af_llc.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.\n\nCVE-2013-3232: The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.\n\nCVE-2013-3234: The rose_recvmsg function in net/rose/af_rose.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.\n\nCVE-2013-3235: net/tipc/socket.c in the Linux kernel did not initialize a certain data structure and a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.\n\nCVE-2013-1827: net/dccp/ccid.h in the Linux kernel allowed local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by leveraging the CAP_NET_ADMIN capability for a certain (1) sender or (2) receiver getsockopt call.\n\nCVE-2012-6549: The isofs_export_encode_fh function in fs/isofs/export.c in the Linux kernel did not initialize a certain structure member, which allowed local users to obtain sensitive information from kernel heap memory via a crafted application.\n\nCVE-2012-6547: The __tun_chr_ioctl function in drivers/net/tun.c in the Linux kernel did not initialize a certain structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application.\n\nCVE-2012-6546: The ATM implementation in the Linux kernel did not initialize certain structures, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application.\n\nCVE-2012-6544: The Bluetooth protocol stack in the Linux kernel did not properly initialize certain structures, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application that targets the (1) L2CAP or (2) HCI implementation.\n\nCVE-2012-6545: The Bluetooth RFCOMM implementation in the Linux kernel did not properly initialize certain structures, which allowed local users to obtain sensitive information from kernel memory via a crafted application.\n\nCVE-2012-6542: The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel had an incorrect return value in certain circumstances, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application that leverages an uninitialized pointer argument.\n\nCVE-2012-6541: The ccid3_hc_tx_getsockopt function in net/dccp/ccids/ccid3.c in the Linux kernel did not initialize a certain structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application.\n\nCVE-2012-6540: The do_ip_vs_get_ctl function in net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel did not initialize a certain structure for IP_VS_SO_GET_TIMEOUT commands, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application.\n\nCVE-2013-0914: The flush_signal_handlers function in kernel/signal.c in the Linux kernel preserved the value of the sa_restorer field across an exec operation, which made it easier for local users to bypass the ASLR protection mechanism via a crafted application containing a sigaction system call.\n\nCVE-2011-2492: The bluetooth subsystem in the Linux kernel did not properly initialize certain data structures, which allowed local users to obtain potentially sensitive information from kernel memory via a crafted getsockopt system call, related to (1) the l2cap_sock_getsockopt_old function in net/bluetooth/l2cap_sock.c and (2) the rfcomm_sock_getsockopt_old function in net/bluetooth/rfcomm/sock.c.\n\nCVE-2013-2206: The sctp_sf_do_5_2_4_dupcook function in net/sctp/sm_statefuns.c in the SCTP implementation in the Linux kernel did not properly handle associations during the processing of a duplicate COOKIE ECHO chunk, which allowed remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via crafted SCTP traffic.\n\nCVE-2012-6539: The dev_ifconf function in net/socket.c in the Linux kernel did not initialize a certain structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application.\n\nCVE-2013-2232: The ip6_sk_dst_check function in net/ipv6/ip6_output.c in the Linux kernel allowed local users to cause a denial of service (system crash) by using an AF_INET6 socket for a connection to an IPv4 interface.\n\nCVE-2013-2164: The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory via a read operation on a malfunctioning CD-ROM drive.\n\nCVE-2012-4444: The ip6_frag_queue function in net/ipv6/reassembly.c in the Linux kernel allowed remote attackers to bypass intended network restrictions via overlapping IPv6 fragments.\n\nCVE-2013-1928: The do_video_set_spu_palette function in fs/compat_ioctl.c in the Linux kernel on unspecified architectures lacked a certain error check, which might have allowed local users to obtain sensitive information from kernel stack memory via a crafted VIDEO_SET_SPU_PALETTE ioctl call on a /dev/dvb device.\n\nCVE-2013-0871: Race condition in the ptrace functionality in the Linux kernel allowed local users to gain privileges via a PTRACE_SETREGS ptrace system call in a crafted application, as demonstrated by ptrace_death.\n\nCVE-2013-0268: The msr_open function in arch/x86/kernel/msr.c in the Linux kernel allowed local users to bypass intended capability restrictions by executing a crafted application as root, as demonstrated by msr32.c.\n\nCVE-2012-3510: Use-after-free vulnerability in the xacct_add_tsk function in kernel/tsacct.c in the Linux kernel allowed local users to obtain potentially sensitive information from kernel memory or cause a denial of service (system crash) via a taskstats TASKSTATS_CMD_ATTR_PID command.\n\nCVE-2011-4110: The user_update function in security/keys/user_defined.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and kernel oops) via vectors related to a user-defined key and 'updating a negative key into a fully instantiated key.'\n\nCVE-2012-2136: The sock_alloc_send_pskb function in net/core/sock.c in the Linux kernel did not properly validate a certain length value, which allowed local users to cause a denial of service (heap-based buffer overflow and system crash) or possibly gain privileges by leveraging access to a TUN/TAP device.\n\nCVE-2009-4020: Stack-based buffer overflow in the hfs subsystem in the Linux kernel allowed remote attackers to have an unspecified impact via a crafted Hierarchical File System (HFS) filesystem, related to the hfs_readdir function in fs/hfs/dir.c.\n\nCVE-2011-2928: The befs_follow_link function in fs/befs/linuxvfs.c in the Linux kernel did not validate the length attribute of long symlinks, which allowed local users to cause a denial of service (incorrect pointer dereference and OOPS) by accessing a long symlink on a malformed Be filesystem.\n\nCVE-2011-4077: Buffer overflow in the xfs_readlink function in fs/xfs/xfs_vnodeops.c in XFS in the Linux kernel, when CONFIG_XFS_DEBUG is disabled, allowed local users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via an XFS image containing a symbolic link with a long pathname.\n\nCVE-2011-4324: The encode_share_access function in fs/nfs/nfs4xdr.c in the Linux kernel allowed local users to cause a denial of service (BUG and system crash) by using the mknod system call with a pathname on an NFSv4 filesystem.\n\nCVE-2011-4330: Stack-based buffer overflow in the hfs_mac2asc function in fs/hfs/trans.c in the Linux kernel allowed local users to cause a denial of service (crash) and possibly execute arbitrary code via an HFS image with a crafted len field.\n\nCVE-2011-1172: net/ipv6/netfilter/ip6_tables.c in the IPv6 implementation in the Linux kernel did not place the expected 0 character at the end of string data in the values of certain structure members, which allowed local users to obtain potentially sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability to issue a crafted request, and then reading the argument to the resulting modprobe process.\n\nCVE-2011-2525: The qdisc_notify function in net/sched/sch_api.c in the Linux kernel did not prevent tc_fill_qdisc function calls referencing builtin (aka CQ_F_BUILTIN) Qdisc structures, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via a crafted call.\n\nCVE-2011-2699: The IPv6 implementation in the Linux kernel did not generate Fragment Identification values separately for each destination, which made it easier for remote attackers to cause a denial of service (disrupted networking) by predicting these values and sending crafted packets.\n\nCVE-2011-1171: net/ipv4/netfilter/ip_tables.c in the IPv4 implementation in the Linux kernel did not place the expected 0 character at the end of string data in the values of certain structure members, which allowed local users to obtain potentially sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability to issue a crafted request, and then reading the argument to the resulting modprobe process.\n\nCVE-2011-1170: net/ipv4/netfilter/arp_tables.c in the IPv4 implementation in the Linux kernel did not place the expected 0 character at the end of string data in the values of certain structure members, which allowed local users to obtain potentially sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability to issue a crafted request, and then reading the argument to the resulting modprobe process.\n\nCVE-2011-3209: The div_long_long_rem implementation in include/asm-x86/div64.h in the Linux kernel on the x86 platform allowed local users to cause a denial of service (Divide Error Fault and panic) via a clock_gettime system call.\n\nCVE-2011-2213: The inet_diag_bc_audit function in net/ipv4/inet_diag.c in the Linux kernel did not properly audit INET_DIAG bytecode, which allowed local users to cause a denial of service (kernel infinite loop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink message, as demonstrated by an INET_DIAG_BC_JMP instruction with a zero yes value, a different vulnerability than CVE-2010-3880.\n\nCVE-2011-2534: Buffer overflow in the clusterip_proc_write function in net/ipv4/netfilter/ipt_CLUSTERIP.c in the Linux kernel might have allowed local users to cause a denial of service or have unspecified other impact via a crafted write operation, related to string data that lacks a terminating 0 character.\n\nCVE-2011-2699: The IPv6 implementation in the Linux kernel did not generate Fragment Identification values separately for each destination, which made it easier for remote attackers to cause a denial of service (disrupted networking) by predicting these values and sending crafted packets.\n\nCVE-2011-2203: The hfs_find_init function in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and Oops) by mounting an HFS file system with a malformed MDB extent record.\n\nCVE-2009-4067: A USB string descriptor overflow in the auerwald USB driver was fixed, which could be used by physically proximate attackers to cause a kernel crash.\n\nCVE-2011-3363: The setup_cifs_sb function in fs/cifs/connect.c in the Linux kernel did not properly handle DFS referrals, which allowed remote CIFS servers to cause a denial of service (system crash) by placing a referral at the root of a share.\n\nCVE-2011-2484: The add_del_listener function in kernel/taskstats.c in the Linux kernel did not prevent multiple registrations of exit handlers, which allowed local users to cause a denial of service (memory and CPU consumption), and bypass the OOM Killer, via a crafted application.\n\nCVE-2011-4132: The cleanup_journal_tail function in the Journaling Block Device (JBD) functionality in the Linux kernel allowed local users to cause a denial of service (assertion error and kernel oops) via an ext3 or ext4 image with an 'invalid log first block value.'\n\nCVE-2010-4249: The wait_for_unix_gc function in net/unix/garbage.c in the Linux kernel before 2.6.37-rc3-next-20101125 does not properly select times for garbage collection of inflight sockets, which allows local users to cause a denial of service (system hang) via crafted use of the socketpair and sendmsg system calls for SOCK_SEQPACKET sockets.\n\nThe following bugs have been fixed :\n\npatches.fixes/allow-executables-larger-than-2GB.patch: Allow executables larger than 2GB (bnc#836856).\n\ncio: prevent kernel panic after unexpected I/O interrupt (bnc#649868,LTC#67975).\n\n - cio: Add timeouts for internal IO (bnc#701550,LTC#72691). kernel: first time swap use results in heavy swapping (bnc#701550,LTC#73132).\n\n qla2xxx: Do not be so verbose on underrun detected\n\n patches.arch/i386-run-tsc-calibration-5-times.patch: Fix the patch, the logic was wrong (bnc#537165, bnc#826551).\n\n xfs: Do not reclaim new inodes in xfs_sync_inodes() (bnc#770980 bnc#811752).\n\n kbuild: Fix gcc -x syntax (bnc#773831).\n\n e1000e: stop cleaning when we reach tx_ring->next_to_use (bnc#762825).\n\n Fix race condition about network device name allocation (bnc#747576).\n\n kdump: bootmem map over crash reserved region (bnc#749168, bnc#722400, bnc#742881).\n\n tcp: fix race condition leading to premature termination of sockets in FIN_WAIT2 state and connection being reset (bnc#745760)\n\n tcp: drop SYN+FIN messages (bnc#765102).\n\n net/linkwatch: Handle jiffies wrap-around (bnc#740131).\n\n patches.fixes/vm-dirty-bytes: Provide /proc/sys/vm/dirty_{background_,}bytes for tuning (bnc#727597).\n\n ipmi: Fix deadlock in start_next_msg() (bnc#730749).\n\n cpu-hotplug: release workqueue_mutex properly on CPU hot-remove (bnc#733407).\n\n libiscsi: handle init task failures (bnc#721351).\n\n NFS/sunrpc: do not use a credential with extra groups (bnc#725878).\n\n x86_64: fix reboot hang when 'reboot=b' is passed to the kernel (bnc#721267).\n\n nf_nat: do not add NAT extension for confirmed conntracks (bnc#709213).\n\n xfs: fix memory reclaim recursion deadlock on locked inode buffer (bnc#699355 bnc#699354 bnc#721830).\n\n ipmi: do not grab locks in run-to-completion mode (bnc#717421).\n\n cciss: do not attempt to read from a write-only register (bnc#683101).\n\n qla2xxx: Disable MSI-X initialization (bnc#693513).\n\n Allow balance_dirty_pages to help other filesystems (bnc#709369).\n\n - nfs: fix congestion control (bnc#709369).\n\n - NFS: Separate metadata and page cache revalidation mechanisms (bnc#709369). knfsd: nfsd4: fix laundromat shutdown race (bnc#752556).\n\n x87: Do not synchronize TSCs across cores if they already should be synchronized by HW (bnc#615418 bnc#609220).\n\n reiserfs: Fix int overflow while calculating free space (bnc#795075).\n\n af_unix: limit recursion level (bnc#656153).\n\n bcm43xx: netlink deadlock fix (bnc#850241).\n\n jbd: Issue cache flush after checkpointing (bnc#731770).\n\n cfq: Fix infinite loop in cfq_preempt_queue() (bnc#724692).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2015-05-20T00:00:00", "type": "nessus", "title": "SUSE SLES10 Security Update : kernel (SUSE-SU-2013:1832-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-4020", "CVE-2009-4067", "CVE-2010-3880", "CVE-2010-4249", "CVE-2011-1170", "CVE-2011-1171", "CVE-2011-1172", "CVE-2011-2203", "CVE-2011-2213", "CVE-2011-2484", "CVE-2011-2492", "CVE-2011-2494", "CVE-2011-2525", "CVE-2011-2534", "CVE-2011-2699", "CVE-2011-2928", "CVE-2011-3209", "CVE-2011-3363", "CVE-2011-4077", "CVE-2011-4110", "CVE-2011-4132", "CVE-2011-4324", "CVE-2011-4330", "CVE-2012-2136", "CVE-2012-3510", "CVE-2012-4444", "CVE-2012-4530", "CVE-2012-6537", "CVE-2012-6539", "CVE-2012-6540", "CVE-2012-6541", "CVE-2012-6542", "CVE-2012-6544", "CVE-2012-6545", "CVE-2012-6546", "CVE-2012-6547", "CVE-2012-6549", "CVE-2013-0160", "CVE-2013-0268", "CVE-2013-0871", "CVE-2013-0914", "CVE-2013-1827", "CVE-2013-1928", "CVE-2013-2141", "CVE-2013-2147", "CVE-2013-2164", "CVE-2013-2206", "CVE-2013-2232", "CVE-2013-2234", "CVE-2013-2237", "CVE-2013-3222", "CVE-2013-3223", "CVE-2013-3224", "CVE-2013-3228", "CVE-2013-3229", "CVE-2013-3231", "CVE-2013-3232", "CVE-2013-3234", "CVE-2013-3235"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-bigsmp", "p-cpe:/a:novell:suse_linux:kernel-debug", "p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-kdump", "p-cpe:/a:novell:suse_linux:kernel-kdumppae", "p-cpe:/a:novell:suse_linux:kernel-smp", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-vmi", "p-cpe:/a:novell:suse_linux:kernel-vmipae", "p-cpe:/a:novell:suse_linux:kernel-xen", "p-cpe:/a:novell:suse_linux:kernel-xenpae", "cpe:/o:novell:suse_linux:10"], "id": "SUSE_SU-2013-1832-1.NASL", "href": "https://www.tenable.com/plugins/nessus/83603", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2013:1832-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83603);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2009-4020\", \"CVE-2009-4067\", \"CVE-2010-3880\", \"CVE-2010-4249\", \"CVE-2011-1170\", \"CVE-2011-1171\", \"CVE-2011-1172\", \"CVE-2011-2203\", \"CVE-2011-2213\", \"CVE-2011-2484\", \"CVE-2011-2492\", \"CVE-2011-2494\", \"CVE-2011-2525\", \"CVE-2011-2534\", \"CVE-2011-2699\", \"CVE-2011-2928\", \"CVE-2011-3209\", \"CVE-2011-3363\", \"CVE-2011-4077\", \"CVE-2011-4110\", \"CVE-2011-4132\", \"CVE-2011-4324\", \"CVE-2011-4330\", \"CVE-2012-2136\", \"CVE-2012-3510\", \"CVE-2012-4444\", \"CVE-2012-4530\", \"CVE-2012-6537\", \"CVE-2012-6539\", \"CVE-2012-6540\", \"CVE-2012-6541\", \"CVE-2012-6542\", \"CVE-2012-6544\", \"CVE-2012-6545\", \"CVE-2012-6546\", \"CVE-2012-6547\", \"CVE-2012-6549\", \"CVE-2013-0160\", \"CVE-2013-0268\", \"CVE-2013-0871\", \"CVE-2013-0914\", \"CVE-2013-1827\", \"CVE-2013-1928\", \"CVE-2013-2141\", \"CVE-2013-2147\", \"CVE-2013-2164\", \"CVE-2013-2206\", \"CVE-2013-2232\", \"CVE-2013-2234\", \"CVE-2013-2237\", \"CVE-2013-3222\", \"CVE-2013-3223\", \"CVE-2013-3224\", \"CVE-2013-3228\", \"CVE-2013-3229\", \"CVE-2013-3231\", \"CVE-2013-3232\", \"CVE-2013-3234\", \"CVE-2013-3235\");\n script_bugtraq_id(44665, 45037, 46919, 46921, 48236, 48333, 48383, 48441, 48641, 48687, 48802, 49256, 49626, 50311, 50314, 50370, 50663, 50750, 50755, 50798, 53721, 55144, 55878, 56891, 57176, 57838, 57986, 58383, 58409, 58426, 58906, 58977, 58985, 58986, 58987, 58989, 58990, 58991, 58992, 58993, 58996, 59377, 59380, 59381, 59383, 59389, 59390, 59393, 59394, 59397, 60254, 60280, 60375, 60715, 60874, 60893, 60953);\n\n script_name(english:\"SUSE SLES10 Security Update : kernel (SUSE-SU-2013:1832-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise Server 10 SP3 LTSS kernel received a roll up\nupdate to fix lots of moderate security issues and several bugs.\n\nThe Following security issues have been fixed :\n\nCVE-2012-4530: The load_script function in fs/binfmt_script.c in the\nLinux kernel did not properly handle recursion, which allowed local\nusers to obtain sensitive information from kernel stack memory via a\ncrafted application.\n\nCVE-2011-2494: kernel/taskstats.c in the Linux kernel\nallowed local users to obtain sensitive I/O statistics by\nsending taskstats commands to a netlink socket, as\ndemonstrated by discovering the length of another users\npassword.\n\nCVE-2013-2234: The (1) key_notify_sa_flush and (2)\nkey_notify_policy_flush functions in net/key/af_key.c in the\nLinux kernel did not initialize certain structure members,\nwhich allowed local users to obtain sensitive information\nfrom kernel heap memory by reading a broadcast message from\nthe notify interface of an IPSec key_socket.\n\nCVE-2013-2237: The key_notify_policy_flush function in\nnet/key/af_key.c in the Linux kernel did not initialize a\ncertain structure member, which allowed local users to\nobtain sensitive information from kernel heap memory by\nreading a broadcast message from the notify_policy interface\nof an IPSec key_socket.\n\nCVE-2013-2147: The HP Smart Array controller disk-array\ndriver and Compaq SMART2 controller disk-array driver in the\nLinux kernel did not initialize certain data structures,\nwhich allowed local users to obtain sensitive information\nfrom kernel memory via (1) a crafted IDAGETPCIINFO command\nfor a /dev/ida device, related to the ida_locked_ioctl\nfunction in drivers/block/cpqarray.c or (2) a crafted\nCCISS_PASSTHRU32 command for a /dev/cciss device, related to\nthe cciss_ioctl32_passthru function in\ndrivers/block/cciss.c.\n\nCVE-2013-2141: The do_tkill function in kernel/signal.c in\nthe Linux kernel did not initialize a certain data\nstructure, which allowed local users to obtain sensitive\ninformation from kernel memory via a crafted application\nthat makes a (1) tkill or (2) tgkill system call.\n\nCVE-2013-0160: The Linux kernel allowed local users to\nobtain sensitive information about keystroke timing by using\nthe inotify API on the /dev/ptmx device.\n\nCVE-2012-6537: net/xfrm/xfrm_user.c in the Linux kernel did\nnot initialize certain structures, which allowed local users\nto obtain sensitive information from kernel memory by\nleveraging the CAP_NET_ADMIN capability.\n\nCVE-2013-3222: The vcc_recvmsg function in net/atm/common.c\nin the Linux kernel did not initialize a certain length\nvariable, which allowed local users to obtain sensitive\ninformation from kernel stack memory via a crafted recvmsg\nor recvfrom system call.\n\nCVE-2013-3223: The ax25_recvmsg function in\nnet/ax25/af_ax25.c in the Linux kernel did not initialize a\ncertain data structure, which allowed local users to obtain\nsensitive information from kernel stack memory via a crafted\nrecvmsg or recvfrom system call.\n\nCVE-2013-3224: The bt_sock_recvmsg function in\nnet/bluetooth/af_bluetooth.c in the Linux kernel did not\nproperly initialize a certain length variable, which allowed\nlocal users to obtain sensitive information from kernel\nstack memory via a crafted recvmsg or recvfrom system call.\n\nCVE-2013-3228: The irda_recvmsg_dgram function in\nnet/irda/af_irda.c in the Linux kernel did not initialize a\ncertain length variable, which allowed local users to obtain\nsensitive information from kernel stack memory via a crafted\nrecvmsg or recvfrom system call.\n\nCVE-2013-3229: The iucv_sock_recvmsg function in\nnet/iucv/af_iucv.c in the Linux kernel did not initialize a\ncertain length variable, which allowed local users to obtain\nsensitive information from kernel stack memory via a crafted\nrecvmsg or recvfrom system call.\n\nCVE-2013-3231: The llc_ui_recvmsg function in\nnet/llc/af_llc.c in the Linux kernel did not initialize a\ncertain length variable, which allowed local users to obtain\nsensitive information from kernel stack memory via a crafted\nrecvmsg or recvfrom system call.\n\nCVE-2013-3232: The nr_recvmsg function in\nnet/netrom/af_netrom.c in the Linux kernel did not\ninitialize a certain data structure, which allowed local\nusers to obtain sensitive information from kernel stack\nmemory via a crafted recvmsg or recvfrom system call.\n\nCVE-2013-3234: The rose_recvmsg function in\nnet/rose/af_rose.c in the Linux kernel did not initialize a\ncertain data structure, which allowed local users to obtain\nsensitive information from kernel stack memory via a crafted\nrecvmsg or recvfrom system call.\n\nCVE-2013-3235: net/tipc/socket.c in the Linux kernel did not\ninitialize a certain data structure and a certain length\nvariable, which allowed local users to obtain sensitive\ninformation from kernel stack memory via a crafted recvmsg\nor recvfrom system call.\n\nCVE-2013-1827: net/dccp/ccid.h in the Linux kernel allowed\nlocal users to gain privileges or cause a denial of service\n(NULL pointer dereference and system crash) by leveraging\nthe CAP_NET_ADMIN capability for a certain (1) sender or (2)\nreceiver getsockopt call.\n\nCVE-2012-6549: The isofs_export_encode_fh function in\nfs/isofs/export.c in the Linux kernel did not initialize a\ncertain structure member, which allowed local users to\nobtain sensitive information from kernel heap memory via a\ncrafted application.\n\nCVE-2012-6547: The __tun_chr_ioctl function in\ndrivers/net/tun.c in the Linux kernel did not initialize a\ncertain structure, which allowed local users to obtain\nsensitive information from kernel stack memory via a crafted\napplication.\n\nCVE-2012-6546: The ATM implementation in the Linux kernel\ndid not initialize certain structures, which allowed local\nusers to obtain sensitive information from kernel stack\nmemory via a crafted application.\n\nCVE-2012-6544: The Bluetooth protocol stack in the Linux\nkernel did not properly initialize certain structures, which\nallowed local users to obtain sensitive information from\nkernel stack memory via a crafted application that targets\nthe (1) L2CAP or (2) HCI implementation.\n\nCVE-2012-6545: The Bluetooth RFCOMM implementation in the\nLinux kernel did not properly initialize certain structures,\nwhich allowed local users to obtain sensitive information\nfrom kernel memory via a crafted application.\n\nCVE-2012-6542: The llc_ui_getname function in\nnet/llc/af_llc.c in the Linux kernel had an incorrect return\nvalue in certain circumstances, which allowed local users to\nobtain sensitive information from kernel stack memory via a\ncrafted application that leverages an uninitialized pointer\nargument.\n\nCVE-2012-6541: The ccid3_hc_tx_getsockopt function in\nnet/dccp/ccids/ccid3.c in the Linux kernel did not\ninitialize a certain structure, which allowed local users to\nobtain sensitive information from kernel stack memory via a\ncrafted application.\n\nCVE-2012-6540: The do_ip_vs_get_ctl function in\nnet/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel did not\ninitialize a certain structure for IP_VS_SO_GET_TIMEOUT\ncommands, which allowed local users to obtain sensitive\ninformation from kernel stack memory via a crafted\napplication.\n\nCVE-2013-0914: The flush_signal_handlers function in\nkernel/signal.c in the Linux kernel preserved the value of\nthe sa_restorer field across an exec operation, which made\nit easier for local users to bypass the ASLR protection\nmechanism via a crafted application containing a sigaction\nsystem call.\n\nCVE-2011-2492: The bluetooth subsystem in the Linux kernel\ndid not properly initialize certain data structures, which\nallowed local users to obtain potentially sensitive\ninformation from kernel memory via a crafted getsockopt\nsystem call, related to (1) the l2cap_sock_getsockopt_old\nfunction in net/bluetooth/l2cap_sock.c and (2) the\nrfcomm_sock_getsockopt_old function in\nnet/bluetooth/rfcomm/sock.c.\n\nCVE-2013-2206: The sctp_sf_do_5_2_4_dupcook function in\nnet/sctp/sm_statefuns.c in the SCTP implementation in the\nLinux kernel did not properly handle associations during the\nprocessing of a duplicate COOKIE ECHO chunk, which allowed\nremote attackers to cause a denial of service (NULL pointer\ndereference and system crash) or possibly have unspecified\nother impact via crafted SCTP traffic.\n\nCVE-2012-6539: The dev_ifconf function in net/socket.c in\nthe Linux kernel did not initialize a certain structure,\nwhich allowed local users to obtain sensitive information\nfrom kernel stack memory via a crafted application.\n\nCVE-2013-2232: The ip6_sk_dst_check function in\nnet/ipv6/ip6_output.c in the Linux kernel allowed local\nusers to cause a denial of service (system crash) by using\nan AF_INET6 socket for a connection to an IPv4 interface.\n\nCVE-2013-2164: The mmc_ioctl_cdrom_read_data function in\ndrivers/cdrom/cdrom.c in the Linux kernel allowed local\nusers to obtain sensitive information from kernel memory via\na read operation on a malfunctioning CD-ROM drive.\n\nCVE-2012-4444: The ip6_frag_queue function in\nnet/ipv6/reassembly.c in the Linux kernel allowed remote\nattackers to bypass intended network restrictions via\noverlapping IPv6 fragments.\n\nCVE-2013-1928: The do_video_set_spu_palette function in\nfs/compat_ioctl.c in the Linux kernel on unspecified\narchitectures lacked a certain error check, which might have\nallowed local users to obtain sensitive information from\nkernel stack memory via a crafted VIDEO_SET_SPU_PALETTE\nioctl call on a /dev/dvb device.\n\nCVE-2013-0871: Race condition in the ptrace functionality in\nthe Linux kernel allowed local users to gain privileges via\na PTRACE_SETREGS ptrace system call in a crafted\napplication, as demonstrated by ptrace_death.\n\nCVE-2013-0268: The msr_open function in\narch/x86/kernel/msr.c in the Linux kernel allowed local\nusers to bypass intended capability restrictions by\nexecuting a crafted application as root, as demonstrated by\nmsr32.c.\n\nCVE-2012-3510: Use-after-free vulnerability in the\nxacct_add_tsk function in kernel/tsacct.c in the Linux\nkernel allowed local users to obtain potentially sensitive\ninformation from kernel memory or cause a denial of service\n(system crash) via a taskstats TASKSTATS_CMD_ATTR_PID\ncommand.\n\nCVE-2011-4110: The user_update function in\nsecurity/keys/user_defined.c in the Linux kernel allowed\nlocal users to cause a denial of service (NULL pointer\ndereference and kernel oops) via vectors related to a\nuser-defined key and 'updating a negative key into a fully\ninstantiated key.'\n\nCVE-2012-2136: The sock_alloc_send_pskb function in\nnet/core/sock.c in the Linux kernel did not properly\nvalidate a certain length value, which allowed local users\nto cause a denial of service (heap-based buffer overflow and\nsystem crash) or possibly gain privileges by leveraging\naccess to a TUN/TAP device.\n\nCVE-2009-4020: Stack-based buffer overflow in the hfs\nsubsystem in the Linux kernel allowed remote attackers to\nhave an unspecified impact via a crafted Hierarchical File\nSystem (HFS) filesystem, related to the hfs_readdir function\nin fs/hfs/dir.c.\n\nCVE-2011-2928: The befs_follow_link function in\nfs/befs/linuxvfs.c in the Linux kernel did not validate the\nlength attribute of long symlinks, which allowed local users\nto cause a denial of service (incorrect pointer dereference\nand OOPS) by accessing a long symlink on a malformed Be\nfilesystem.\n\nCVE-2011-4077: Buffer overflow in the xfs_readlink function\nin fs/xfs/xfs_vnodeops.c in XFS in the Linux kernel, when\nCONFIG_XFS_DEBUG is disabled, allowed local users to cause a\ndenial of service (memory corruption and crash) and possibly\nexecute arbitrary code via an XFS image containing a\nsymbolic link with a long pathname.\n\nCVE-2011-4324: The encode_share_access function in\nfs/nfs/nfs4xdr.c in the Linux kernel allowed local users to\ncause a denial of service (BUG and system crash) by using\nthe mknod system call with a pathname on an NFSv4\nfilesystem.\n\nCVE-2011-4330: Stack-based buffer overflow in the\nhfs_mac2asc function in fs/hfs/trans.c in the Linux kernel\nallowed local users to cause a denial of service (crash) and\npossibly execute arbitrary code via an HFS image with a\ncrafted len field.\n\nCVE-2011-1172: net/ipv6/netfilter/ip6_tables.c in the IPv6\nimplementation in the Linux kernel did not place the\nexpected 0 character at the end of string data in the values\nof certain structure members, which allowed local users to\nobtain potentially sensitive information from kernel memory\nby leveraging the CAP_NET_ADMIN capability to issue a\ncrafted request, and then reading the argument to the\nresulting modprobe process.\n\nCVE-2011-2525: The qdisc_notify function in\nnet/sched/sch_api.c in the Linux kernel did not prevent\ntc_fill_qdisc function calls referencing builtin (aka\nCQ_F_BUILTIN) Qdisc structures, which allowed local users to\ncause a denial of service (NULL pointer dereference and\nOOPS) or possibly have unspecified other impact via a\ncrafted call.\n\nCVE-2011-2699: The IPv6 implementation in the Linux kernel\ndid not generate Fragment Identification values separately\nfor each destination, which made it easier for remote\nattackers to cause a denial of service (disrupted\nnetworking) by predicting these values and sending crafted\npackets.\n\nCVE-2011-1171: net/ipv4/netfilter/ip_tables.c in the IPv4\nimplementation in the Linux kernel did not place the\nexpected 0 character at the end of string data in the values\nof certain structure members, which allowed local users to\nobtain potentially sensitive information from kernel memory\nby leveraging the CAP_NET_ADMIN capability to issue a\ncrafted request, and then reading the argument to the\nresulting modprobe process.\n\nCVE-2011-1170: net/ipv4/netfilter/arp_tables.c in the IPv4\nimplementation in the Linux kernel did not place the\nexpected 0 character at the end of string data in the values\nof certain structure members, which allowed local users to\nobtain potentially sensitive information from kernel memory\nby leveraging the CAP_NET_ADMIN capability to issue a\ncrafted request, and then reading the argument to the\nresulting modprobe process.\n\nCVE-2011-3209: The div_long_long_rem implementation in\ninclude/asm-x86/div64.h in the Linux kernel on the x86\nplatform allowed local users to cause a denial of service\n(Divide Error Fault and panic) via a clock_gettime system\ncall.\n\nCVE-2011-2213: The inet_diag_bc_audit function in\nnet/ipv4/inet_diag.c in the Linux kernel did not properly\naudit INET_DIAG bytecode, which allowed local users to cause\na denial of service (kernel infinite loop) via crafted\nINET_DIAG_REQ_BYTECODE instructions in a netlink message, as\ndemonstrated by an INET_DIAG_BC_JMP instruction with a zero\nyes value, a different vulnerability than CVE-2010-3880.\n\nCVE-2011-2534: Buffer overflow in the clusterip_proc_write\nfunction in net/ipv4/netfilter/ipt_CLUSTERIP.c in the Linux\nkernel might have allowed local users to cause a denial of\nservice or have unspecified other impact via a crafted write\noperation, related to string data that lacks a terminating 0\ncharacter.\n\nCVE-2011-2699: The IPv6 implementation in the Linux kernel\ndid not generate Fragment Identification values separately\nfor each destination, which made it easier for remote\nattackers to cause a denial of service (disrupted\nnetworking) by predicting these values and sending crafted\npackets.\n\nCVE-2011-2203: The hfs_find_init function in the Linux\nkernel allowed local users to cause a denial of service\n(NULL pointer dereference and Oops) by mounting an HFS file\nsystem with a malformed MDB extent record.\n\nCVE-2009-4067: A USB string descriptor overflow in the\nauerwald USB driver was fixed, which could be used by\nphysically proximate attackers to cause a kernel crash.\n\nCVE-2011-3363: The setup_cifs_sb function in\nfs/cifs/connect.c in the Linux kernel did not properly\nhandle DFS referrals, which allowed remote CIFS servers to\ncause a denial of service (system crash) by placing a\nreferral at the root of a share.\n\nCVE-2011-2484: The add_del_listener function in\nkernel/taskstats.c in the Linux kernel did not prevent\nmultiple registrations of exit handlers, which allowed local\nusers to cause a denial of service (memory and CPU\nconsumption), and bypass the OOM Killer, via a crafted\napplication.\n\nCVE-2011-4132: The cleanup_journal_tail function in the\nJournaling Block Device (JBD) functionality in the Linux\nkernel allowed local users to cause a denial of service\n(assertion error and kernel oops) via an ext3 or ext4 image\nwith an 'invalid log first block value.'\n\nCVE-2010-4249: The wait_for_unix_gc function in\nnet/unix/garbage.c in the Linux kernel before\n2.6.37-rc3-next-20101125 does not properly select times for\ngarbage collection of inflight sockets, which allows local\nusers to cause a denial of service (system hang) via crafted\nuse of the socketpair and sendmsg system calls for\nSOCK_SEQPACKET sockets.\n\nThe following bugs have been fixed :\n\npatches.fixes/allow-executables-larger-than-2GB.patch: Allow\nexecutables larger than 2GB (bnc#836856).\n\ncio: prevent kernel panic after unexpected I/O interrupt\n(bnc#649868,LTC#67975).\n\n - cio: Add timeouts for internal IO\n (bnc#701550,LTC#72691). kernel: first time swap use\n results in heavy swapping (bnc#701550,LTC#73132).\n\n qla2xxx: Do not be so verbose on underrun detected\n\n patches.arch/i386-run-tsc-calibration-5-times.patch: Fix\n the patch, the logic was wrong (bnc#537165, bnc#826551).\n\n xfs: Do not reclaim new inodes in xfs_sync_inodes()\n (bnc#770980 bnc#811752).\n\n kbuild: Fix gcc -x syntax (bnc#773831).\n\n e1000e: stop cleaning when we reach tx_ring->next_to_use\n (bnc#762825).\n\n Fix race condition about network device name allocation\n (bnc#747576).\n\n kdump: bootmem map over crash reserved region\n (bnc#749168, bnc#722400, bnc#742881).\n\n tcp: fix race condition leading to premature termination\n of sockets in FIN_WAIT2 state and connection being reset\n (bnc#745760)\n\n tcp: drop SYN+FIN messages (bnc#765102).\n\n net/linkwatch: Handle jiffies wrap-around (bnc#740131).\n\n patches.fixes/vm-dirty-bytes: Provide\n /proc/sys/vm/dirty_{background_,}bytes for tuning\n (bnc#727597).\n\n ipmi: Fix deadlock in start_next_msg() (bnc#730749).\n\n cpu-hotplug: release workqueue_mutex properly on CPU\n hot-remove (bnc#733407).\n\n libiscsi: handle init task failures (bnc#721351).\n\n NFS/sunrpc: do not use a credential with extra groups\n (bnc#725878).\n\n x86_64: fix reboot hang when 'reboot=b' is passed to the\n kernel (bnc#721267).\n\n nf_nat: do not add NAT extension for confirmed\n conntracks (bnc#709213).\n\n xfs: fix memory reclaim recursion deadlock on locked\n inode buffer (bnc#699355 bnc#699354 bnc#721830).\n\n ipmi: do not grab locks in run-to-completion mode\n (bnc#717421).\n\n cciss: do not attempt to read from a write-only register\n (bnc#683101).\n\n qla2xxx: Disable MSI-X initialization (bnc#693513).\n\n Allow balance_dirty_pages to help other filesystems\n (bnc#709369).\n\n - nfs: fix congestion control (bnc#709369).\n\n - NFS: Separate metadata and page cache revalidation\n mechanisms (bnc#709369). knfsd: nfsd4: fix laundromat\n shutdown race (bnc#752556).\n\n x87: Do not synchronize TSCs across cores if they\n already should be synchronized by HW (bnc#615418\n bnc#609220).\n\n reiserfs: Fix int overflow while calculating free space\n (bnc#795075).\n\n af_unix: limit recursion level (bnc#656153).\n\n bcm43xx: netlink deadlock fix (bnc#850241).\n\n jbd: Issue cache flush after checkpointing (bnc#731770).\n\n cfq: Fix infinite loop in cfq_preempt_queue()\n (bnc#724692).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://download.suse.com/patch/finder/?keywords=2edd49abdf9ae71916d1b5acb9177a75\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?84146da5\"\n );\n # http://download.suse.com/patch/finder/?keywords=ab3d3594ee8b8099b9bc0f2a2095b6b6\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?63bff963\"\n );\n # http://download.suse.com/patch/finder/?keywords=ffdbcc106c0e9486ae78943c42345dbd\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c83cccb2\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-4020.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-4067.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4249.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1170.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1171.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1172.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2203.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2213.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2484.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2492.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2494.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2525.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2534.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2699.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2928.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-3209.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-3363.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-4077.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-4110.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-4132.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-4324.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-4330.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-2136.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-3510.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-4444.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-4530.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-6537.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-6539.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-6540.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-6541.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-6542.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-6544.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-6545.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-6546.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-6547.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-6549.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-0160.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-0268.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-0871.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-0914.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1827.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1928.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2141.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2147.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2164.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2206.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2232.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2234.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2237.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-3222.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-3223.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-3224.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-3228.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-3229.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-3231.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-3232.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-3234.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-3235.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/537165\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/609220\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/615418\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/649868\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/656153\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/681180\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/681181\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/681185\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/683101\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/693513\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/699354\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/699355\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/699709\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/700879\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/701550\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/702014\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/702037\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/703153\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/703156\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/706375\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/707288\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/709213\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/709369\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/713430\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/717421\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/718028\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/721267\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/721351\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/721830\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/722400\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/724692\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/725878\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/726064\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/726600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/727597\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/730118\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/730749\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/731673\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/731770\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/732613\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/733407\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/734056\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/735612\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/740131\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/742881\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/745760\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/747576\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/749168\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/752556\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/760902\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/762825\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/765102\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/765320\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/770980\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/773831\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/776888\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/786013\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/789831\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/795075\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/797175\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/802642\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/804154\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/808827\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/809889\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/809891\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/809892\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/809893\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/809894\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/809898\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/809899\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/809900\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/809901\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/809903\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/811354\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/811752\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/813735\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/815745\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/816668\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/823260\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/823267\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/824295\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/826102\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/826551\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/827749\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/827750\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/828119\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/836856\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/850241\"\n );\n # https://www.suse.com/support/update/announcement/2013/suse-su-20131832-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a9303456\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-bigsmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-kdumppae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vmi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vmipae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xenpae\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = eregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(SLES10)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES10\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES10\" && (! ereg(pattern:\"^3$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES10 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.16.60-0.113.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-kdump-2.6.16.60-0.113.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-smp-2.6.16.60-0.113.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-xen-2.6.16.60-0.113.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-bigsmp-2.6.16.60-0.113.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-kdumppae-2.6.16.60-0.113.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-vmi-2.6.16.60-0.113.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-vmipae-2.6.16.60-0.113.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-xenpae-2.6.16.60-0.113.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", reference:\"kernel-default-2.6.16.60-0.113.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", reference:\"kernel-source-2.6.16.60-0.113.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", reference:\"kernel-syms-2.6.16.60-0.113.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"i586\", reference:\"kernel-debug-2.6.16.60-0.113.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"i586\", reference:\"kernel-kdump-2.6.16.60-0.113.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"i586\", reference:\"kernel-smp-2.6.16.60-0.113.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"i586\", reference:\"kernel-xen-2.6.16.60-0.113.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"i586\", reference:\"kernel-bigsmp-2.6.16.60-0.113.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"i586\", reference:\"kernel-kdumppae-2.6.16.60-0.113.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"i586\", reference:\"kernel-vmi-2.6.16.60-0.113.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"i586\", reference:\"kernel-vmipae-2.6.16.60-0.113.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"i586\", reference:\"kernel-xenpae-2.6.16.60-0.113.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-18T14:40:20", "description": "The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2013-0039 for details.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2014-11-26T00:00:00", "type": "nessus", "title": "OracleVM 2.2 : kernel (OVMSA-2013-0039)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-6304", "CVE-2007-4567", "CVE-2009-0745", "CVE-2009-0746", "CVE-2009-0747", "CVE-2009-0748", "CVE-2009-1388", "CVE-2009-1389", "CVE-2009-1895", "CVE-2009-2406", "CVE-2009-2407", "CVE-2009-2692", "CVE-2009-2847", "CVE-2009-2848", "CVE-2009-2908", "CVE-2009-3080", "CVE-2009-3286", "CVE-2009-3547", "CVE-2009-3612", "CVE-2009-3620", "CVE-2009-3621", "CVE-2009-3726", "CVE-2009-4020", "CVE-2009-4021", "CVE-2009-4067", "CVE-2009-4138", "CVE-2009-4141", "CVE-2009-4307", "CVE-2009-4308", "CVE-2009-4536", "CVE-2009-4537", "CVE-2009-4538", "CVE-2010-0007", "CVE-2010-0415", "CVE-2010-0437", "CVE-2010-0622", "CVE-2010-0727", "CVE-2010-1083", "CVE-2010-1084", "CVE-2010-1086", "CVE-2010-1087", "CVE-2010-1088", "CVE-2010-1173", "CVE-2010-1188", "CVE-2010-1436", "CVE-2010-1437", "CVE-2010-1641", "CVE-2010-2226", "CVE-2010-2240", "CVE-2010-2248", "CVE-2010-2521", "CVE-2010-2798", "CVE-2010-2942", "CVE-2010-2963", "CVE-2010-3067", "CVE-2010-3078", "CVE-2010-3086", "CVE-2010-3296", "CVE-2010-3432", "CVE-2010-3442", "CVE-2010-3477", "CVE-2010-3858", "CVE-2010-3859", "CVE-2010-3876", "CVE-2010-3877", "CVE-2010-4073", "CVE-2010-4080", "CVE-2010-4081", "CVE-2010-4083", "CVE-2010-4157", "CVE-2010-4158", "CVE-2010-4242", "CVE-2010-4248", "CVE-2010-4249", "CVE-2010-4258", "CVE-2010-4346", "CVE-2010-4649", "CVE-2010-4655", "CVE-2011-0521", "CVE-2011-0726", "CVE-2011-1010", "CVE-2011-1020", "CVE-2011-1044", "CVE-2011-1078", "CVE-2011-1079", "CVE-2011-1080", "CVE-2011-1083", "CVE-2011-1090", "CVE-2011-1093", "CVE-2011-1160", "CVE-2011-1162", "CVE-2011-1163", "CVE-2011-1182", "CVE-2011-1573", "CVE-2011-1577", "CVE-2011-1585", "CVE-2011-1745", "CVE-2011-1746", "CVE-2011-1776", "CVE-2011-1833", "CVE-2011-2022", "CVE-2011-2203", "CVE-2011-2213", "CVE-2011-2482", "CVE-2011-2484", "CVE-2011-2491", "CVE-2011-2496", "CVE-2011-2525", "CVE-2011-3191", "CVE-2011-3637", "CVE-2011-3638", "CVE-2011-4077", "CVE-2011-4086", "CVE-2011-4110", "CVE-2011-4127", "CVE-2011-4324", "CVE-2011-4330", "CVE-2011-4348", "CVE-2012-1583", "CVE-2012-2136"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:kernel", "p-cpe:/a:oracle:vm:kernel-PAE", "p-cpe:/a:oracle:vm:kernel-PAE-devel", "p-cpe:/a:oracle:vm:kernel-devel", "p-cpe:/a:oracle:vm:kernel-ovs", "p-cpe:/a:oracle:vm:kernel-ovs-devel", "cpe:/o:oracle:vm_server:2.2"], "id": "ORACLEVM_OVMSA-2013-0039.NASL", "href": "https://www.tenable.com/plugins/nessus/79507", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2013-0039.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79507);\n script_version(\"1.27\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2006-6304\", \"CVE-2007-4567\", \"CVE-2009-0745\", \"CVE-2009-0746\", \"CVE-2009-0747\", \"CVE-2009-0748\", \"CVE-2009-1388\", \"CVE-2009-1389\", \"CVE-2009-1895\", \"CVE-2009-2406\", \"CVE-2009-2407\", \"CVE-2009-2692\", \"CVE-2009-2847\", \"CVE-2009-2848\", \"CVE-2009-2908\", \"CVE-2009-3080\", \"CVE-2009-3286\", \"CVE-2009-3547\", \"CVE-2009-3612\", \"CVE-2009-3620\", \"CVE-2009-3621\", \"CVE-2009-3726\", \"CVE-2009-4020\", \"CVE-2009-4021\", \"CVE-2009-4067\", \"CVE-2009-4138\", \"CVE-2009-4141\", \"CVE-2009-4307\", \"CVE-2009-4308\", \"CVE-2009-4536\", \"CVE-2009-4537\", \"CVE-2009-4538\", \"CVE-2010-0007\", \"CVE-2010-0415\", \"CVE-2010-0437\", \"CVE-2010-0622\", \"CVE-2010-0727\", \"CVE-2010-1083\", \"CVE-2010-1084\", \"CVE-2010-1086\", \"CVE-2010-1087\", \"CVE-2010-1088\", \"CVE-2010-1173\", \"CVE-2010-1188\", \"CVE-2010-1436\", \"CVE-2010-1437\", \"CVE-2010-1641\", \"CVE-2010-2226\", \"CVE-2010-2240\", \"CVE-2010-2248\", \"CVE-2010-2521\", \"CVE-2010-2798\", \"CVE-2010-2942\", \"CVE-2010-2963\", \"CVE-2010-3067\", \"CVE-2010-3078\", \"CVE-2010-3086\", \"CVE-2010-3296\", \"CVE-2010-3432\", \"CVE-2010-3442\", \"CVE-2010-3477\", \"CVE-2010-3858\", \"CVE-2010-3859\", \"CVE-2010-3876\", \"CVE-2010-3877\", \"CVE-2010-4073\", \"CVE-2010-4080\", \"CVE-2010-4081\", \"CVE-2010-4083\", \"CVE-2010-4157\", \"CVE-2010-4158\", \"CVE-2010-4242\", \"CVE-2010-4248\", \"CVE-2010-4249\", \"CVE-2010-4258\", \"CVE-2010-4346\", \"CVE-2010-4649\", \"CVE-2010-4655\", \"CVE-2011-0521\", \"CVE-2011-0726\", \"CVE-2011-1010\", \"CVE-2011-1020\", \"CVE-2011-1044\", \"CVE-2011-1078\", \"CVE-2011-1079\", \"CVE-2011-1080\", \"CVE-2011-1083\", \"CVE-2011-1090\", \"CVE-2011-1093\", \"CVE-2011-1160\", \"CVE-2011-1162\", \"CVE-2011-1163\", \"CVE-2011-1182\", \"CVE-2011-1573\", \"CVE-2011-1577\", \"CVE-2011-1585\", \"CVE-2011-1745\", \"CVE-2011-1746\", \"CVE-2011-1776\", \"CVE-2011-1833\", \"CVE-2011-2022\", \"CVE-2011-2203\", \"CVE-2011-2213\", \"CVE-2011-2482\", \"CVE-2011-2484\", \"CVE-2011-2491\", \"CVE-2011-2496\", \"CVE-2011-2525\", \"CVE-2011-3191\", \"CVE-2011-3637\", \"CVE-2011-3638\", \"CVE-2011-4077\", \"CVE-2011-4086\", \"CVE-2011-4110\", \"CVE-2011-4127\", \"CVE-2011-4324\", \"CVE-2011-4330\", \"CVE-2011-4348\", \"CVE-2012-1583\", \"CVE-2012-2136\");\n script_bugtraq_id(35281, 35647, 35850, 35851, 35930, 36038, 36472, 36639, 36723, 36824, 36827, 36901, 36936, 37068, 37069, 37339, 37519, 37521, 37523, 37762, 37806, 38144, 38165, 38185, 38479, 38898, 39016, 39042, 39044, 39101, 39569, 39715, 39719, 39794, 40356, 40920, 42124, 42242, 42249, 42505, 42529, 43022, 43221, 43353, 43480, 43787, 43809, 44242, 44301, 44354, 44630, 44648, 44754, 44758, 45014, 45028, 45037, 45058, 45063, 45073, 45159, 45323, 45972, 45986, 46073, 46488, 46492, 46567, 46616, 46630, 46766, 46793, 46866, 46878, 47003, 47308, 47321, 47343, 47381, 47534, 47535, 47791, 47796, 47843, 48236, 48333, 48383, 48641, 48687, 49108, 49141, 49295, 49373, 50322, 50370, 50750, 50755, 50764, 50798, 51176, 51361, 51363, 51945, 53139, 53721);\n\n script_name(english:\"OracleVM 2.2 : kernel (OVMSA-2013-0039)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates : please see Oracle VM Security Advisory\nOVMSA-2013-0039 for details.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/oraclevm-errata/2013-May/000153.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux Kernel Sendpage Local Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(16, 20, 119, 189, 200, 264, 362, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-PAE-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-ovs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-ovs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:2.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/12/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/05/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"2\\.2\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 2.2\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS2.2\", reference:\"kernel-2.6.18-128.2.1.5.10.el5\")) flag++;\nif (rpm_check(release:\"OVS2.2\", reference:\"kernel-PAE-2.6.18-128.2.1.5.10.el5\")) flag++;\nif (rpm_check(release:\"OVS2.2\", reference:\"kernel-PAE-devel-2.6.18-128.2.1.5.10.el5\")) flag++;\nif (rpm_check(release:\"OVS2.2\", reference:\"kernel-devel-2.6.18-128.2.1.5.10.el5\")) flag++;\nif (rpm_check(release:\"OVS2.2\", reference:\"kernel-ovs-2.6.18-128.2.1.5.10.el5\")) flag++;\nif (rpm_check(release:\"OVS2.2\", reference:\"kernel-ovs-devel-2.6.18-128.2.1.5.10.el5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-PAE / kernel-PAE-devel / kernel-devel / kernel-ovs / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2017-07-27T10:55:05", "description": "Check for the Version of Red Hat Enterprise Linux 5.7 kernel", "cvss3": {}, "published": "2011-07-22T00:00:00", "type": "openvas", "title": "RedHat Update for Red Hat Enterprise Linux 5.7 kernel RHSA-2011:1065-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1780", "CVE-2011-2689", "CVE-2011-2525"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:870454", "href": "http://plugins.openvas.org/nasl.php?oid=870454", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for Red Hat Enterprise Linux 5.7 kernel RHSA-2011:1065-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n This update fixes the following security issues:\n \n * A flaw was found in the way the Xen hypervisor implementation handled\n instruction emulation during virtual machine exits. A malicious user-space\n process running in an SMP guest could trick the emulator into reading a\n different instruction than the one that caused the virtual machine to exit.\n An unprivileged guest user could trigger this flaw to crash the host. This\n only affects systems with both an AMD x86 processor and the AMD\n Virtualization (AMD-V) extensions enabled. (CVE-2011-1780, Important)\n \n * A flaw allowed the tc_fill_qdisc() function in the Linux kernel's packet\n scheduler API implementation to be called on built-in qdisc structures. A\n local, unprivileged user could use this flaw to trigger a NULL pointer\n dereference, resulting in a denial of service. (CVE-2011-2525, Moderate)\n \n * A flaw was found in the way space was allocated in the Linux kernel's\n Global File System 2 (GFS2) implementation. If the file system was almost\n full, and a local, unprivileged user made an fallocate() request, it could\n result in a denial of service. Note: Setting quotas to prevent users from\n using all available disk space would prevent exploitation of this flaw.\n (CVE-2011-2689, Moderate)\n \n These updated kernel packages include a number of bug fixes and\n enhancements. Space precludes documenting all of these changes in this\n advisory. Refer to the Red Hat Enterprise Linux 5.7 Technical Notes for\n information about the most significant bug fixes and enhancements included\n in this update:\n\n https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/5.7_Technical_Notes/kernel.html#RHSA-2011-1065\n \n \n All Red Hat Enterprise Linux 5 users are advised to install these updated\n packages, which correct these issues. The system must be rebooted for this\n update to take effect.\";\n\ntag_affected = \"Red Hat Enterprise Linux 5.7 kernel on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2011-July/msg00025.html\");\n script_id(870454);\n script_version(\"$Revision: 6685 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:44:46 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-07-22 14:44:51 +0200 (Fri, 22 Jul 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2011:1065-01\");\n script_cve_id(\"CVE-2011-1780\", \"CVE-2011-2525\", \"CVE-2011-2689\");\n script_name(\"RedHat Update for Red Hat Enterprise Linux 5.7 kernel RHSA-2011:1065-01\");\n\n script_summary(\"Check for the Version of Red Hat Enterprise Linux 5.7 kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.18~274.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.18~274.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE-debuginfo\", rpm:\"kernel-PAE-debuginfo~2.6.18~274.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.18~274.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.18~274.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.18~274.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.18~274.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.18~274.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common\", rpm:\"kernel-debuginfo-common~2.6.18~274.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.18~274.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.18~274.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.18~274.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-debuginfo\", rpm:\"kernel-xen-debuginfo~2.6.18~274.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.18~274.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.18~274.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:03", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for kernel CESA-2011:1065 centos5 x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1780", "CVE-2011-2689", "CVE-2011-2525"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310881313", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881313", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kernel CESA-2011:1065 centos5 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.881313\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:21:19 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-1780\", \"CVE-2011-2525\", \"CVE-2011-2689\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2011:1065\");\n script_name(\"CentOS Update for kernel CESA-2011:1065 centos5 x86_64\");\n\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2011-September/017865.html\");\n script_xref(name:\"URL\", value:\"https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/5.7_Technical_Notes/kernel.html#RHSA-2011-1065\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"kernel on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n This update fixes the following security issues:\n\n * A flaw was found in the way the Xen hypervisor implementation handled\n instruction emulation during virtual machine exits. A malicious user-space\n process running in an SMP guest could trick the emulator into reading a\n different instruction than the one that caused the virtual machine to exit.\n An unprivileged guest user could trigger this flaw to crash the host. This\n only affects systems with both an AMD x86 processor and the AMD\n Virtualization (AMD-V) extensions enabled. (CVE-2011-1780, Important)\n\n * A flaw allowed the tc_fill_qdisc() function in the Linux kernel's packet\n scheduler API implementation to be called on built-in qdisc structures. A\n local, unprivileged user could use this flaw to trigger a NULL pointer\n dereference, resulting in a denial of service. (CVE-2011-2525, Moderate)\n\n * A flaw was found in the way space was allocated in the Linux kernel's\n Global File System 2 (GFS2) implementation. If the file system was almost\n full, and a local, unprivileged user made an fallocate() request, it could\n result in a denial of service. Note: Setting quotas to prevent users from\n using all available disk space would prevent exploitation of this flaw.\n (CVE-2011-2689, Moderate)\n\n These updated kernel packages include a number of bug fixes and\n enhancements. Space precludes documenting all of these changes in this\n advisory. Refer to the linked Red Hat Enterprise Linux 5.7 Technical Notes for\n information about the most significant bug fixes and enhancements included\n in this update.\n\n All Red Hat Enterprise Linux 5 users are advised to install these updated\n packages, which correct these issues. The system must be rebooted for this\n update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.18~274.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.18~274.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.18~274.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.18~274.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.18~274.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.18~274.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.18~274.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.18~274.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:37", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-09-23T00:00:00", "type": "openvas", "title": "CentOS Update for kernel CESA-2011:1065 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1780", "CVE-2011-2689", "CVE-2011-2525"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310880988", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880988", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kernel CESA-2011:1065 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.880988\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-23 16:39:49 +0200 (Fri, 23 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2011:1065\");\n script_cve_id(\"CVE-2011-1780\", \"CVE-2011-2525\", \"CVE-2011-2689\");\n script_name(\"CentOS Update for kernel CESA-2011:1065 centos5 i386\");\n\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2011-September/017864.html\");\n script_xref(name:\"URL\", value:\"https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/5.7_Technical_Notes/kernel.html#RHSA-2011-1065\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"kernel on CentOS 5\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n This update fixes the following security issues:\n\n * A flaw was found in the way the Xen hypervisor implementation handled\n instruction emulation during virtual machine exits. A malicious user-space\n process running in an SMP guest could trick the emulator into reading a\n different instruction than the one that caused the virtual machine to exit.\n An unprivileged guest user could trigger this flaw to crash the host. This\n only affects systems with both an AMD x86 processor and the AMD\n Virtualization (AMD-V) extensions enabled. (CVE-2011-1780, Important)\n\n * A flaw allowed the tc_fill_qdisc() function in the Linux kernel's packet\n scheduler API implementation to be called on built-in qdisc structures. A\n local, unprivileged user could use this flaw to trigger a NULL pointer\n dereference, resulting in a denial of service. (CVE-2011-2525, Moderate)\n\n * A flaw was found in the way space was allocated in the Linux kernel's\n Global File System 2 (GFS2) implementation. If the file system was almost\n full, and a local, unprivileged user made an fallocate() request, it could\n result in a denial of service. Note: Setting quotas to prevent users from\n using all available disk space would prevent exploitation of this flaw.\n (CVE-2011-2689, Moderate)\n\n These updated kernel packages include a number of bug fixes and\n enhancements. Space precludes documenting all of these changes in this\n advisory. Refer to the linked Red Hat Enterprise Linux 5.7 Technical Notes for\n information about the most significant bug fixes and enhancements included\n in this update.\n\n All Red Hat Enterprise Linux 5 users are advised to install these updated\n packages, which correct these issues. The system must be rebooted for this\n update to take effect.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.18~274.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.18~274.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.18~274.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.18~274.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.18~274.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.18~274.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.18~274.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.18~274.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.18~274.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.18~274.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:20", "description": "Oracle Linux Local Security Checks ELSA-2011-1065", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2011-1065", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1780", "CVE-2011-2689", "CVE-2011-2525"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122122", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122122", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2011-1065.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122122\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:13:26 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2011-1065\");\n script_tag(name:\"insight\", value:\"ELSA-2011-1065 - Oracle Linux 5.7 kernel security and bug fix update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2011-1065\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2011-1065.html\");\n script_cve_id(\"CVE-2011-1780\", \"CVE-2011-2525\", \"CVE-2011-2689\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.18~274.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.18~274.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.18~274.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.18~274.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.18~274.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.18~274.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.18~274.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.18~274.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.18~274.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.18~274.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ocfs2\", rpm:\"ocfs2~2.6.18~274.el5~1.4.8~2.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ocfs2\", rpm:\"ocfs2~2.6.18~274.el5PAE~1.4.8~2.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ocfs2\", rpm:\"ocfs2~2.6.18~274.el5debug~1.4.8~2.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ocfs2\", rpm:\"ocfs2~2.6.18~274.el5xen~1.4.8~2.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"oracleasm\", rpm:\"oracleasm~2.6.18~274.el5~2.0.5~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"oracleasm\", rpm:\"oracleasm~2.6.18~274.el5PAE~2.0.5~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"oracleasm\", rpm:\"oracleasm~2.6.18~274.el5debug~2.0.5~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"oracleasm\", rpm:\"oracleasm~2.6.18~274.el5xen~2.0.5~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-02T10:57:40", "description": "Check for the Version of kernel", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for kernel CESA-2011:1065 centos5 x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1780", "CVE-2011-2689", "CVE-2011-2525"], "modified": "2018-01-01T00:00:00", "id": "OPENVAS:881313", "href": "http://plugins.openvas.org/nasl.php?oid=881313", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kernel CESA-2011:1065 centos5 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n This update fixes the following security issues:\n \n * A flaw was found in the way the Xen hypervisor implementation handled\n instruction emulation during virtual machine exits. A malicious user-space\n process running in an SMP guest could trick the emulator into reading a\n different instruction than the one that caused the virtual machine to exit.\n An unprivileged guest user could trigger this flaw to crash the host. This\n only affects systems with both an AMD x86 processor and the AMD\n Virtualization (AMD-V) extensions enabled. (CVE-2011-1780, Important)\n \n * A flaw allowed the tc_fill_qdisc() function in the Linux kernel's packet\n scheduler API implementation to be called on built-in qdisc structures. A\n local, unprivileged user could use this flaw to trigger a NULL pointer\n dereference, resulting in a denial of service. (CVE-2011-2525, Moderate)\n \n * A flaw was found in the way space was allocated in the Linux kernel's\n Global File System 2 (GFS2) implementation. If the file system was almost\n full, and a local, unprivileged user made an fallocate() request, it could\n result in a denial of service. Note: Setting quotas to prevent users from\n using all available disk space would prevent exploitation of this flaw.\n (CVE-2011-2689, Moderate)\n \n These updated kernel packages include a number of bug fixes and\n enhancements. Space precludes documenting all of these changes in this\n advisory. Refer to the Red Hat Enterprise Linux 5.7 Technical Notes for\n information about the most significant bug fixes and enhancements included\n in this update:\n \n <a rel= &qt nofollow &qt href= &qt https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/5.7_Tech &qt >https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/5.7_Tech</a>\n nical_Notes/kernel.html#RHSA-2011-1065\n \n All Red Hat Enterprise Linux 5 users are advised to install these updated\n packages, which correct these issues. The system must be rebooted for this\n update to take effect.\";\n\ntag_affected = \"kernel on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-September/017865.html\");\n script_id(881313);\n script_version(\"$Revision: 8265 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-01 07:29:23 +0100 (Mon, 01 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:21:19 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-1780\", \"CVE-2011-2525\", \"CVE-2011-2689\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2011:1065\");\n script_name(\"CentOS Update for kernel CESA-2011:1065 centos5 x86_64\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.18~274.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.18~274.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.18~274.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.18~274.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.18~274.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.18~274.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.18~274.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.18~274.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:55:55", "description": "Check for the Version of kernel", "cvss3": {}, "published": "2011-09-23T00:00:00", "type": "openvas", "title": "CentOS Update for kernel CESA-2011:1065 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1780", "CVE-2011-2689", "CVE-2011-2525"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880988", "href": "http://plugins.openvas.org/nasl.php?oid=880988", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kernel CESA-2011:1065 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n This update fixes the following security issues:\n \n * A flaw was found in the way the Xen hypervisor implementation handled\n instruction emulation during virtual machine exits. A malicious user-space\n process running in an SMP guest could trick the emulator into reading a\n different instruction than the one that caused the virtual machine to exit.\n An unprivileged guest user could trigger this flaw to crash the host. This\n only affects systems with both an AMD x86 processor and the AMD\n Virtualization (AMD-V) extensions enabled. (CVE-2011-1780, Important)\n \n * A flaw allowed the tc_fill_qdisc() function in the Linux kernel's packet\n scheduler API implementation to be called on built-in qdisc structures. A\n local, unprivileged user could use this flaw to trigger a NULL pointer\n dereference, resulting in a denial of service. (CVE-2011-2525, Moderate)\n \n * A flaw was found in the way space was allocated in the Linux kernel's\n Global File System 2 (GFS2) implementation. If the file system was almost\n full, and a local, unprivileged user made an fallocate() request, it could\n result in a denial of service. Note: Setting quotas to prevent users from\n using all available disk space would prevent exploitation of this flaw.\n (CVE-2011-2689, Moderate)\n \n These updated kernel packages include a number of bug fixes and\n enhancements. Space precludes documenting all of these changes in this\n advisory. Refer to the Red Hat Enterprise Linux 5.7 Technical Notes for\n information about the most significant bug fixes and enhancements included\n in this update:\n https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/5.7_Technical_Notes/kernel.html#RHSA-2011-1065\n \n All Red Hat Enterprise Linux 5 users are advised to install these updated\n packages, which correct these issues. The system must be rebooted for this\n update to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"kernel on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-September/017864.html\");\n script_id(880988);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-23 16:39:49 +0200 (Fri, 23 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2011:1065\");\n script_cve_id(\"CVE-2011-1780\", \"CVE-2011-2525\", \"CVE-2011-2689\");\n script_name(\"CentOS Update for kernel CESA-2011:1065 centos5 i386\");\n\n script_summary(\"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.18~274.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.18~274.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.18~274.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.18~274.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.18~274.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.18~274.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.18~274.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.18~274.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.18~274.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.18~274.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:55:11", "description": "Check for the Version of kernel", "cvss3": {}, "published": "2011-08-19T00:00:00", "type": "openvas", "title": "RedHat Update for kernel RHSA-2011:1163-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1780", "CVE-2011-2525"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:870470", "href": "http://plugins.openvas.org/nasl.php?oid=870470", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for kernel RHSA-2011:1163-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n This update includes backported fixes for two security issues. These issues\n only affected users of Red Hat Enterprise Linux 5.6 Extended Update\n Support, as they have already been addressed for users of Red Hat\n Enterprise Linux 5 in the 5.7 update, RHSA-2011:1065.\n \n This update fixes the following security issues:\n \n * A flaw was found in the way the Xen hypervisor implementation handled\n instruction emulation during virtual machine exits. A malicious user-space\n process running in an SMP guest could trick the emulator into reading a\n different instruction than the one that caused the virtual machine to exit.\n An unprivileged guest user could trigger this flaw to crash the host. This\n only affects systems with both an AMD x86 processor and the AMD\n Virtualization (AMD-V) extensions enabled. (CVE-2011-1780, Important)\n \n * A flaw allowed the tc_fill_qdisc() function in the Linux kernel's packet\n scheduler API implementation to be called on built-in qdisc structures. A\n local, unprivileged user could use this flaw to trigger a NULL pointer\n dereference, resulting in a denial of service. (CVE-2011-2525, Moderate)\n \n This update also fixes the following bugs:\n \n * A bug was found in the way the x86_emulate() function handled the IMUL\n instruction in the Xen hypervisor. On systems without support for hardware\n assisted paging (HAP), such as those running CPUs that do not have support\n for (or those that have it disabled) Intel Extended Page Tables (EPT) or\n AMD Virtualization (AMD-V) Rapid Virtualization Indexing (RVI), this bug\n could cause fully-virtualized guests to crash or lead to silent memory\n corruption. In reported cases, this issue occurred when booting\n fully-virtualized Red Hat Enterprise Linux 6.1 guests with memory cgroups\n enabled. (BZ#712884)\n \n * A bug in the way the ibmvscsi driver handled interrupts may have\n prevented automatic path recovery for multipath devices. This bug only\n affected 64-bit PowerPC systems. (BZ#720929)\n \n * The RHSA-2009:1243 update introduced a regression in the way file locking\n on NFS (Network File System) was handled. This caused applications to hang\n if they made a lock request on a file on an NFS version 2 or 3 file system\n that was mounted with the &quot;sec=krb5&quot; option. With this update, the original\n behavior of using mixed RPC authentication flavors for NFS and locking\n requests has been restored. (BZ#722854)\n \n Users should upgrade to these updated packages, which contain backported\n patches to resolve these issues. The system must be rebooted for this\n update to take effect.\";\n\ntag_affected = \"kernel on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2011-August/msg00012.html\");\n script_id(870470);\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 6685 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:44:46 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-19 15:17:22 +0200 (Fri, 19 Aug 2011)\");\n script_xref(name: \"RHSA\", value: \"2011:1163-01\");\n script_cve_id(\"CVE-2011-1780\", \"CVE-2011-2525\");\n script_name(\"RedHat Update for kernel RHSA-2011:1163-01\");\n\n script_summary(\"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.18~238.21.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.18~238.21.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE-debuginfo\", rpm:\"kernel-PAE-debuginfo~2.6.18~238.21.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.18~238.21.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.18~238.21.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.18~238.21.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.18~238.21.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.18~238.21.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common\", rpm:\"kernel-debuginfo-common~2.6.18~238.21.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.18~238.21.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.18~238.21.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.18~238.21.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-debuginfo\", rpm:\"kernel-xen-debuginfo~2.6.18~238.21.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.18~238.21.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.18~238.21.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:31", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-08-19T00:00:00", "type": "openvas", "title": "RedHat Update for kernel RHSA-2011:1163-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1780", "CVE-2011-2525"], "modified": "2019-03-12T00:00:00", "id": "OPENVAS:1361412562310870470", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870470", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for kernel RHSA-2011:1163-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2011-August/msg00012.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870470\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 14114 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-12 12:48:52 +0100 (Tue, 12 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-19 15:17:22 +0200 (Fri, 19 Aug 2011)\");\n script_xref(name:\"RHSA\", value:\"2011:1163-01\");\n script_cve_id(\"CVE-2011-1780\", \"CVE-2011-2525\");\n script_name(\"RedHat Update for kernel RHSA-2011:1163-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_5\");\n script_tag(name:\"affected\", value:\"kernel on Red Hat Enterprise Linux (v. 5 server)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n This update includes backported fixes for two security issues. These issues\n only affected users of Red Hat Enterprise Linux 5.6 Extended Update\n Support, as they have already been addressed for users of Red Hat\n Enterprise Linux 5 in the 5.7 update, RHSA-2011:1065.\n\n This update fixes the following security issues:\n\n * A flaw was found in the way the Xen hypervisor implementation handled\n instruction emulation during virtual machine exits. A malicious user-space\n process running in an SMP guest could trick the emulator into reading a\n different instruction than the one that caused the virtual machine to exit.\n An unprivileged guest user could trigger this flaw to crash the host. This\n only affects systems with both an AMD x86 processor and the AMD\n Virtualization (AMD-V) extensions enabled. (CVE-2011-1780, Important)\n\n * A flaw allowed the tc_fill_qdisc() function in the Linux kernel's packet\n scheduler API implementation to be called on built-in qdisc structures. A\n local, unprivileged user could use this flaw to trigger a NULL pointer\n dereference, resulting in a denial of service. (CVE-2011-2525, Moderate)\n\n This update also fixes the following bugs:\n\n * A bug was found in the way the x86_emulate() function handled the IMUL\n instruction in the Xen hypervisor. On systems without support for hardware\n assisted paging (HAP), such as those running CPUs that do not have support\n for (or those that have it disabled) Intel Extended Page Tables (EPT) or\n AMD Virtualization (AMD-V) Rapid Virtualization Indexing (RVI), this bug\n could cause fully-virtualized guests to crash or lead to silent memory\n corruption. In reported cases, this issue occurred when booting\n fully-virtualized Red Hat Enterprise Linux 6.1 guests with memory cgroups\n enabled. (BZ#712884)\n\n * A bug in the way the ibmvscsi driver handled interrupts may have\n prevented automatic path recovery for multipath devices. This bug only\n affected 64-bit PowerPC systems. (BZ#720929)\n\n * The RHSA-2009:1243 update introduced a regression in the way file locking\n on NFS (Network File System) was handled. This caused applications to hang\n if they made a lock request on a file on an NFS version 2 or 3 file system\n that was mounted with the 'sec=krb5' option. With this update, the original\n behavior of using mixed RPC authentication flavors for NFS and locking\n requests has been restored. (BZ#722854)\n\n Users should upgrade to these updated packages, which contain backported\n patches to resolve these issues. The system must be rebooted for this\n update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.18~238.21.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.18~238.21.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE-debuginfo\", rpm:\"kernel-PAE-debuginfo~2.6.18~238.21.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.18~238.21.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.18~238.21.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.18~238.21.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.18~238.21.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.18~238.21.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common\", rpm:\"kernel-debuginfo-common~2.6.18~238.21.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.18~238.21.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.18~238.21.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.18~238.21.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-debuginfo\", rpm:\"kernel-xen-debuginfo~2.6.18~238.21.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.18~238.21.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.18~238.21.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-12-04T11:27:37", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1274-1", "cvss3": {}, "published": "2011-11-25T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-mvl-dove USN-1274-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2491", "CVE-2011-2517", "CVE-2011-2525", "CVE-2011-2496"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840816", "href": "http://plugins.openvas.org/nasl.php?oid=840816", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1274_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for linux-mvl-dove USN-1274-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Vasily Averin discovered that the NFS Lock Manager (NLM) incorrectly\n handled unlock requests. A local attacker could exploit this to cause a\n denial of service. (CVE-2011-2491)\n\n Robert Swiecki discovered that mapping extensions were incorrectly handled.\n A local attacker could exploit this to crash the system, leading to a\n denial of service. (CVE-2011-2496)\n\n It was discovered that the wireless stack incorrectly verified SSID\n lengths. A local attacker could exploit this to cause a denial of service\n or gain root privileges. (CVE-2011-2517)\n\n Ben Pfaff discovered that Classless Queuing Disciplines (qdiscs) were being\n incorrectly handled. A local attacker could exploit this to crash the\n system, leading to a denial of service. (CVE-2011-2525)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1274-1\";\ntag_affected = \"linux-mvl-dove on Ubuntu 10.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1274-1/\");\n script_id(840816);\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-25 12:01:58 +0530 (Fri, 25 Nov 2011)\");\n script_xref(name: \"USN\", value: \"1274-1\");\n script_cve_id(\"CVE-2011-2491\", \"CVE-2011-2496\", \"CVE-2011-2517\", \"CVE-2011-2525\");\n script_name(\"Ubuntu Update for linux-mvl-dove USN-1274-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-420-dove\", ver:\"2.6.32-420.38\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:26:51", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1269-1", "cvss3": {}, "published": "2011-11-25T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-ec2 USN-1269-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2491", "CVE-2011-2517", "CVE-2011-2525", "CVE-2011-2496"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840823", "href": "http://plugins.openvas.org/nasl.php?oid=840823", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1269_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for linux-ec2 USN-1269-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Vasily Averin discovered that the NFS Lock Manager (NLM) incorrectly\n handled unlock requests. A local attacker could exploit this to cause a\n denial of service. (CVE-2011-2491)\n\n Robert Swiecki discovered that mapping extensions were incorrectly handled.\n A local attacker could exploit this to crash the system, leading to a\n denial of service. (CVE-2011-2496)\n\n It was discovered that the wireless stack incorrectly verified SSID\n lengths. A local attacker could exploit this to cause a denial of service\n or gain root privileges. (CVE-2011-2517)\n\n Ben Pfaff discovered that Classless Queuing Disciplines (qdiscs) were being\n incorrectly handled. A local attacker could exploit this to crash the\n system, leading to a denial of service. (CVE-2011-2525)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1269-1\";\ntag_affected = \"linux-ec2 on Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1269-1/\");\n script_id(840823);\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-25 12:03:55 +0530 (Fri, 25 Nov 2011)\");\n script_xref(name: \"USN\", value: \"1269-1\");\n script_cve_id(\"CVE-2011-2491\", \"CVE-2011-2496\", \"CVE-2011-2517\", \"CVE-2011-2525\");\n script_name(\"Ubuntu Update for linux-ec2 USN-1269-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-340-ec2\", ver:\"2.6.32-340.40\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:51", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1274-1", "cvss3": {}, "published": "2011-11-25T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-mvl-dove USN-1274-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2491", "CVE-2011-2517", "CVE-2011-2525", "CVE-2011-2496"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840816", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840816", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1274_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux-mvl-dove USN-1274-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1274-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840816\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-25 12:01:58 +0530 (Fri, 25 Nov 2011)\");\n script_xref(name:\"USN\", value:\"1274-1\");\n script_cve_id(\"CVE-2011-2491\", \"CVE-2011-2496\", \"CVE-2011-2517\", \"CVE-2011-2525\");\n script_name(\"Ubuntu Update for linux-mvl-dove USN-1274-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU10\\.10\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1274-1\");\n script_tag(name:\"affected\", value:\"linux-mvl-dove on Ubuntu 10.10\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Vasily Averin discovered that the NFS Lock Manager (NLM) incorrectly\n handled unlock requests. A local attacker could exploit this to cause a\n denial of service. (CVE-2011-2491)\n\n Robert Swiecki discovered that mapping extensions were incorrectly handled.\n A local attacker could exploit this to crash the system, leading to a\n denial of service. (CVE-2011-2496)\n\n It was discovered that the wireless stack incorrectly verified SSID\n lengths. A local attacker could exploit this to cause a denial of service\n or gain root privileges. (CVE-2011-2517)\n\n Ben Pfaff discovered that Classless Queuing Disciplines (qdiscs) were being\n incorrectly handled. A local attacker could exploit this to crash the\n system, leading to a denial of service. (CVE-2011-2525)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-420-dove\", ver:\"2.6.32-420.38\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:32", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1269-1", "cvss3": {}, "published": "2011-11-25T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-ec2 USN-1269-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2491", "CVE-2011-2517", "CVE-2011-2525", "CVE-2011-2496"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840823", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840823", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1269_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux-ec2 USN-1269-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1269-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840823\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-25 12:03:55 +0530 (Fri, 25 Nov 2011)\");\n script_xref(name:\"USN\", value:\"1269-1\");\n script_cve_id(\"CVE-2011-2491\", \"CVE-2011-2496\", \"CVE-2011-2517\", \"CVE-2011-2525\");\n script_name(\"Ubuntu Update for linux-ec2 USN-1269-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU10\\.04 LTS\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1269-1\");\n script_tag(name:\"affected\", value:\"linux-ec2 on Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Vasily Averin discovered that the NFS Lock Manager (NLM) incorrectly\n handled unlock requests. A local attacker could exploit this to cause a\n denial of service. (CVE-2011-2491)\n\n Robert Swiecki discovered that mapping extensions were incorrectly handled.\n A local attacker could exploit this to crash the system, leading to a\n denial of service. (CVE-2011-2496)\n\n It was discovered that the wireless stack incorrectly verified SSID\n lengths. A local attacker could exploit this to cause a denial of service\n or gain root privileges. (CVE-2011-2517)\n\n Ben Pfaff discovered that Classless Queuing Disciplines (qdiscs) were being\n incorrectly handled. A local attacker could exploit this to crash the\n system, leading to a denial of service. (CVE-2011-2525)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-340-ec2\", ver:\"2.6.32-340.40\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-12-04T11:26:28", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1211-1", "cvss3": {}, "published": "2011-09-23T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-1211-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2918", "CVE-2011-2492", "CVE-2011-2699", "CVE-2011-1833", "CVE-2011-1020", "CVE-2011-1493", "CVE-2011-2689"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840749", "href": "http://plugins.openvas.org/nasl.php?oid=840749", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1211_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for linux USN-1211-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that the /proc filesystem did not correctly handle\n permission changes when programs executed. A local attacker could hold open\n files to examine details about programs running with higher privileges,\n potentially increasing the chances of exploiting additional\n vulnerabilities. (CVE-2011-1020)\n\n Dan Rosenberg discovered that the X.25 Rose network stack did not correctly\n handle certain fields. If a system was running with Rose enabled, a remote\n attacker could send specially crafted traffic to gain root privileges.\n (CVE-2011-1493)\n \n Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not\n correctly check the origin of mount points. A local attacker could exploit\n this to trick the system into unmounting arbitrary mount points, leading to\n a denial of service. (CVE-2011-1833)\n \n It was discovered that Bluetooth l2cap and rfcomm did not correctly\n initialize structures. A local attacker could exploit this to read portions\n of the kernel stack, leading to a loss of privacy. (CVE-2011-2492)\n \n It was discovered that GFS2 did not correctly check block sizes. A local\n attacker could exploit this to crash the system, leading to a denial of\n service. (CVE-2011-2689)\n \n Fernando Gont discovered that the IPv6 stack used predictable fragment\n identification numbers. A remote attacker could exploit this to exhaust\n network resources, leading to a denial of service. (CVE-2011-2699)\n \n The performance counter subsystem did not correctly handle certain\n counters. A local attacker could exploit this to crash the system, leading\n to a denial of service. (CVE-2011-2918)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1211-1\";\ntag_affected = \"linux on Ubuntu 11.04\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1211-1/\");\n script_id(840749);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-23 16:39:49 +0200 (Fri, 23 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"USN\", value: \"1211-1\");\n script_cve_id(\"CVE-2011-1020\", \"CVE-2011-1493\", \"CVE-2011-1833\", \"CVE-2011-2492\", \"CVE-2011-2689\", \"CVE-2011-2699\", \"CVE-2011-2918\");\n script_name(\"Ubuntu Update for linux USN-1211-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-11-generic\", ver:\"2.6.38-11.50\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-11-generic-pae\", ver:\"2.6.38-11.50\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-11-omap\", ver:\"2.6.38-11.50\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-11-powerpc\", ver:\"2.6.38-11.50\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-11-powerpc-smp\", ver:\"2.6.38-11.50\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-11-powerpc64-smp\", ver:\"2.6.38-11.50\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-11-server\", ver:\"2.6.38-11.50\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-11-versatile\", ver:\"2.6.38-11.50\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-11-virtual\", ver:\"2.6.38-11.50\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:31", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1211-1", "cvss3": {}, "published": "2011-09-23T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-1211-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2918", "CVE-2011-2492", "CVE-2011-2699", "CVE-2011-1833", "CVE-2011-1020", "CVE-2011-1493", "CVE-2011-2689"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840749", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840749", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1211_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux USN-1211-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1211-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840749\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-23 16:39:49 +0200 (Fri, 23 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name:\"USN\", value:\"1211-1\");\n script_cve_id(\"CVE-2011-1020\", \"CVE-2011-1493\", \"CVE-2011-1833\", \"CVE-2011-2492\", \"CVE-2011-2689\", \"CVE-2011-2699\", \"CVE-2011-2918\");\n script_name(\"Ubuntu Update for linux USN-1211-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU11\\.04\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1211-1\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 11.04\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"It was discovered that the /proc filesystem did not correctly handle\n permission changes when programs executed. A local attacker could hold open\n files to examine details about programs running with higher privileges,\n potentially increasing the chances of exploiting additional\n vulnerabilities. (CVE-2011-1020)\n\n Dan Rosenberg discovered that the X.25 Rose network stack did not correctly\n handle certain fields. If a system was running with Rose enabled, a remote\n attacker could send specially crafted traffic to gain root privileges.\n (CVE-2011-1493)\n\n Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not\n correctly check the origin of mount points. A local attacker could exploit\n this to trick the system into unmounting arbitrary mount points, leading to\n a denial of service. (CVE-2011-1833)\n\n It was discovered that Bluetooth l2cap and rfcomm did not correctly\n initialize structures. A local attacker could exploit this to read portions\n of the kernel stack, leading to a loss of privacy. (CVE-2011-2492)\n\n It was discovered that GFS2 did not correctly check block sizes. A local\n attacker could exploit this to crash the system, leading to a denial of\n service. (CVE-2011-2689)\n\n Fernando Gont discovered that the IPv6 stack used predictable fragment\n identification numbers. A remote attacker could exploit this to exhaust\n network resources, leading to a denial of service. (CVE-2011-2699)\n\n The performance counter subsystem did not correctly handle certain\n counters. A local attacker could exploit this to crash the system, leading\n to a denial of service. (CVE-2011-2918)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-11-generic\", ver:\"2.6.38-11.50\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-11-generic-pae\", ver:\"2.6.38-11.50\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-11-omap\", ver:\"2.6.38-11.50\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-11-powerpc\", ver:\"2.6.38-11.50\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-11-powerpc-smp\", ver:\"2.6.38-11.50\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-11-powerpc64-smp\", ver:\"2.6.38-11.50\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-11-server\", ver:\"2.6.38-11.50\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-11-versatile\", ver:\"2.6.38-11.50\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-11-virtual\", ver:\"2.6.38-11.50\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2017-12-04T11:27:11", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1268-1", "cvss3": {}, "published": "2011-11-25T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-1268-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1768", "CVE-2011-2491", "CVE-2011-1767", "CVE-2011-3209", "CVE-2011-2525", "CVE-2011-1585", "CVE-2011-2496"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840811", "href": "http://plugins.openvas.org/nasl.php?oid=840811", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1268_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for linux USN-1268-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that CIFS incorrectly handled authentication. When a user\n had a CIFS share mounted that required authentication, a local user could\n mount the same share without knowing the correct password. (CVE-2011-1585)\n\n It was discovered that the GRE protocol incorrectly handled netns\n initialization. A remote attacker could send a packet while the ip_gre\n module was loading, and crash the system, leading to a denial of service.\n (CVE-2011-1767)\n\n It was discovered that the IP/IP protocol incorrectly handled netns\n initialization. A remote attacker could send a packet while the ipip module\n was loading, and crash the system, leading to a denial of service.\n (CVE-2011-1768)\n\n Vasily Averin discovered that the NFS Lock Manager (NLM) incorrectly\n handled unlock requests. A local attacker could exploit this to cause a\n denial of service. (CVE-2011-2491)\n\n Robert Swiecki discovered that mapping extensions were incorrectly handled.\n A local attacker could exploit this to crash the system, leading to a\n denial of service. (CVE-2011-2496)\n\n Ben Pfaff discovered that Classless Queuing Disciplines (qdiscs) were being\n incorrectly handled. A local attacker could exploit this to crash the\n system, leading to a denial of service. (CVE-2011-2525)\n\n Yasuaki Ishimatsu discovered a flaw in the kernel's clock implementation. A\n local unprivileged attacker could exploit this causing a denial of service.\n (CVE-2011-3209)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1268-1\";\ntag_affected = \"linux on Ubuntu 8.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1268-1/\");\n script_id(840811);\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-25 12:00:25 +0530 (Fri, 25 Nov 2011)\");\n script_xref(name: \"USN\", value: \"1268-1\");\n script_cve_id(\"CVE-2011-1585\", \"CVE-2011-1767\", \"CVE-2011-1768\", \"CVE-2011-2491\", \"CVE-2011-2496\", \"CVE-2011-2525\", \"CVE-2011-3209\");\n script_name(\"Ubuntu Update for linux USN-1268-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-30-386\", ver:\"2.6.24-30.96\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-30-generic\", ver:\"2.6.24-30.96\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-30-hppa32\", ver:\"2.6.24-30.96\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-30-hppa64\", ver:\"2.6.24-30.96\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-30-itanium\", ver:\"2.6.24-30.96\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-30-lpia\", ver:\"2.6.24-30.96\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-30-lpiacompat\", ver:\"2.6.24-30.96\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-30-mckinley\", ver:\"2.6.24-30.96\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-30-openvz\", ver:\"2.6.24-30.96\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-30-powerpc\", ver:\"2.6.24-30.96\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-30-powerpc-smp\", ver:\"2.6.24-30.96\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-30-powerpc64-smp\", ver:\"2.6.24-30.96\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-30-rt\", ver:\"2.6.24-30.96\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-30-server\", ver:\"2.6.24-30.96\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-30-sparc64\", ver:\"2.6.24-30.96\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-30-sparc64-smp\", ver:\"2.6.24-30.96\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-30-virtual\", ver:\"2.6.24-30.96\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-30-xen\", ver:\"2.6.24-30.96\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:33", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1268-1", "cvss3": {}, "published": "2011-11-25T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-1268-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1768", "CVE-2011-2491", "CVE-2011-1767", "CVE-2011-3209", "CVE-2011-2525", "CVE-2011-1585", "CVE-2011-2496"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840811", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840811", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1268_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux USN-1268-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1268-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840811\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-25 12:00:25 +0530 (Fri, 25 Nov 2011)\");\n script_xref(name:\"USN\", value:\"1268-1\");\n script_cve_id(\"CVE-2011-1585\", \"CVE-2011-1767\", \"CVE-2011-1768\", \"CVE-2011-2491\", \"CVE-2011-2496\", \"CVE-2011-2525\", \"CVE-2011-3209\");\n script_name(\"Ubuntu Update for linux USN-1268-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU8\\.04 LTS\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1268-1\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 8.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"It was discovered that CIFS incorrectly handled authentication. When a user\n had a CIFS share mounted that required authentication, a local user could\n mount the same share without knowing the correct password. (CVE-2011-1585)\n\n It was discovered that the GRE protocol incorrectly handled netns\n initialization. A remote attacker could send a packet while the ip_gre\n module was loading, and crash the system, leading to a denial of service.\n (CVE-2011-1767)\n\n It was discovered that the IP/IP protocol incorrectly handled netns\n initialization. A remote attacker could send a packet while the ipip module\n was loading, and crash the system, leading to a denial of service.\n (CVE-2011-1768)\n\n Vasily Averin discovered that the NFS Lock Manager (NLM) incorrectly\n handled unlock requests. A local attacker could exploit this to cause a\n denial of service. (CVE-2011-2491)\n\n Robert Swiecki discovered that mapping extensions were incorrectly handled.\n A local attacker could exploit this to crash the system, leading to a\n denial of service. (CVE-2011-2496)\n\n Ben Pfaff discovered that Classless Queuing Disciplines (qdiscs) were being\n incorrectly handled. A local attacker could exploit this to crash the\n system, leading to a denial of service. (CVE-2011-2525)\n\n Yasuaki Ishimatsu discovered a flaw in the kernel's clock implementation. A\n local unprivileged attacker could exploit this causing a denial of service.\n (CVE-2011-3209)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-30-386\", ver:\"2.6.24-30.96\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-30-generic\", ver:\"2.6.24-30.96\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-30-hppa32\", ver:\"2.6.24-30.96\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-30-hppa64\", ver:\"2.6.24-30.96\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-30-itanium\", ver:\"2.6.24-30.96\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-30-lpia\", ver:\"2.6.24-30.96\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-30-lpiacompat\", ver:\"2.6.24-30.96\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-30-mckinley\", ver:\"2.6.24-30.96\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-30-openvz\", ver:\"2.6.24-30.96\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-30-powerpc\", ver:\"2.6.24-30.96\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-30-powerpc-smp\", ver:\"2.6.24-30.96\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-30-powerpc64-smp\", ver:\"2.6.24-30.96\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-30-rt\", ver:\"2.6.24-30.96\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-30-server\", ver:\"2.6.24-30.96\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-30-sparc64\", ver:\"2.6.24-30.96\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-30-sparc64-smp\", ver:\"2.6.24-30.96\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-30-virtual\", ver:\"2.6.24-30.96\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-30-xen\", ver:\"2.6.24-30.96\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-12-04T11:27:22", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1286-1", "cvss3": {}, "published": "2011-12-05T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-1286-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2491", "CVE-2011-2517", "CVE-2011-4132", "CVE-2011-4330", "CVE-2011-4077", "CVE-2011-4326", "CVE-2011-4081", "CVE-2011-2525", "CVE-2011-2496"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840828", "href": "http://plugins.openvas.org/nasl.php?oid=840828", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1286_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for linux USN-1286-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Vasily Averin discovered that the NFS Lock Manager (NLM) incorrectly\n handled unlock requests. A local attacker could exploit this to cause a\n denial of service. (CVE-2011-2491)\n\n Robert Swiecki discovered that mapping extensions were incorrectly handled.\n A local attacker could exploit this to crash the system, leading to a\n denial of service. (CVE-2011-2496)\n\n It was discovered that the wireless stack incorrectly verified SSID\n lengths. A local attacker could exploit this to cause a denial of service\n or gain root privileges. (CVE-2011-2517)\n\n Ben Pfaff discovered that Classless Queuing Disciplines (qdiscs) were being\n incorrectly handled. A local attacker could exploit this to crash the\n system, leading to a denial of service. (CVE-2011-2525)\n\n A bug was discovered in the XFS filesystem's handling of pathnames. A local\n attacker could exploit this to crash the system, leading to a denial of\n service, or gain root privileges. (CVE-2011-4077)\n\n Nick Bowler discovered the kernel GHASH message digest algorithm\n incorrectly handled error conditions. A local attacker could exploit this\n to cause a kernel oops. (CVE-2011-4081)\n\n A flaw was found in the Journaling Block Device (JBD). A local attacker\n able to mount ext3 or ext4 file systems could exploit this to crash the\n system, leading to a denial of service. (CVE-2011-4132)\n\n A bug was found in the way headroom check was performed in\n udp6_ufo_fragment() function. A remote attacker could use this flaw to\n crash the system. (CVE-2011-4326)\n\n Clement Lecigne discovered a bug in the HFS file system bounds checking.\n When a malformed HFS file system is mounted a local user could crash the\n system or gain root privileges. (CVE-2011-4330)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1286-1\";\ntag_affected = \"linux on Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1286-1/\");\n script_id(840828);\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-12-05 12:39:55 +0530 (Mon, 05 Dec 2011)\");\n script_xref(name: \"USN\", value: \"1286-1\");\n script_cve_id(\"CVE-2011-2491\", \"CVE-2011-2496\", \"CVE-2011-2517\", \"CVE-2011-2525\",\n \"CVE-2011-4077\", \"CVE-2011-4081\", \"CVE-2011-4132\", \"CVE-2011-4326\",\n \"CVE-2011-4330\");\n script_name(\"Ubuntu Update for linux USN-1286-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-36-386\", ver:\"2.6.32-36.79\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-36-generic\", ver:\"2.6.32-36.79\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-36-generic-pae\", ver:\"2.6.32-36.79\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-36-ia64\", ver:\"2.6.32-36.79\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-36-lpia\", ver:\"2.6.32-36.79\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-36-powerpc\", ver:\"2.6.32-36.79\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-36-powerpc-smp\", ver:\"2.6.32-36.79\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-36-powerpc64-smp\", ver:\"2.6.32-36.79\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-36-preempt\", ver:\"2.6.32-36.79\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-36-server\", ver:\"2.6.32-36.79\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-36-sparc64\", ver:\"2.6.32-36.79\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-36-sparc64-smp\", ver:\"2.6.32-36.79\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-36-versatile\", ver:\"2.6.32-36.79\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-36-virtual\", ver:\"2.6.32-36.79\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:36:43", "description": "Oracle Linux Local Security Checks ELSA-2011-2037", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2011-2037", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4110", "CVE-2011-2707", "CVE-2011-2495", "CVE-2011-4330", "CVE-2011-1020", "CVE-2011-3638", "CVE-2011-2525", "CVE-2011-1585", "CVE-2011-1577"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122029", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122029", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2011-2037.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122029\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:11:55 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2011-2037\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2011-2037\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2011-2037.html\");\n script_cve_id(\"CVE-2011-1020\", \"CVE-2011-1577\", \"CVE-2011-1585\", \"CVE-2011-2495\", \"CVE-2011-2525\", \"CVE-2011-3638\", \"CVE-2011-4110\", \"CVE-2011-4330\", \"CVE-2011-2707\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(5|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"kernel-uek\", rpm:\"kernel-uek~2.6.32~300.3.1.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug\", rpm:\"kernel-uek-debug~2.6.32~300.3.1.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug-devel\", rpm:\"kernel-uek-debug-devel~2.6.32~300.3.1.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-devel\", rpm:\"kernel-uek-devel~2.6.32~300.3.1.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-doc\", rpm:\"kernel-uek-doc~2.6.32~300.3.1.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-firmware\", rpm:\"kernel-uek-firmware~2.6.32~300.3.1.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-headers\", rpm:\"kernel-uek-headers~2.6.32~300.3.1.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ofa\", rpm:\"ofa~2.6.32~300.3.1.el5uek~1.5.1~4.0.53\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ofa\", rpm:\"ofa~2.6.32~300.3.1.el5uekdebug~1.5.1~4.0.53\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"kernel-uek\", rpm:\"kernel-uek~2.6.32~300.3.1.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug\", rpm:\"kernel-uek-debug~2.6.32~300.3.1.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug-devel\", rpm:\"kernel-uek-debug-devel~2.6.32~300.3.1.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-devel\", rpm:\"kernel-uek-devel~2.6.32~300.3.1.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-doc\", rpm:\"kernel-uek-doc~2.6.32~300.3.1.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-firmware\", rpm:\"kernel-uek-firmware~2.6.32~300.3.1.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-headers\", rpm:\"kernel-uek-headers~2.6.32~300.3.1.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ofa\", rpm:\"ofa~2.6.32~300.3.1.el6uek~1.5.1~4.0.47\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ofa\", rpm:\"ofa~2.6.32~300.3.1.el6uekdebug~1.5.1~4.0.47\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:53", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1286-1", "cvss3": {}, "published": "2011-12-05T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-1286-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2491", "CVE-2011-2517", "CVE-2011-4132", "CVE-2011-4330", "CVE-2011-4077", "CVE-2011-4326", "CVE-2011-4081", "CVE-2011-2525", "CVE-2011-2496"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840828", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840828", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1286_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux USN-1286-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1286-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840828\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-12-05 12:39:55 +0530 (Mon, 05 Dec 2011)\");\n script_xref(name:\"USN\", value:\"1286-1\");\n script_cve_id(\"CVE-2011-2491\", \"CVE-2011-2496\", \"CVE-2011-2517\", \"CVE-2011-2525\",\n \"CVE-2011-4077\", \"CVE-2011-4081\", \"CVE-2011-4132\", \"CVE-2011-4326\",\n \"CVE-2011-4330\");\n script_name(\"Ubuntu Update for linux USN-1286-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU10\\.04 LTS\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1286-1\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Vasily Averin discovered that the NFS Lock Manager (NLM) incorrectly\n handled unlock requests. A local attacker could exploit this to cause a\n denial of service. (CVE-2011-2491)\n\n Robert Swiecki discovered that mapping extensions were incorrectly handled.\n A local attacker could exploit this to crash the system, leading to a\n denial of service. (CVE-2011-2496)\n\n It was discovered that the wireless stack incorrectly verified SSID\n lengths. A local attacker could exploit this to cause a denial of service\n or gain root privileges. (CVE-2011-2517)\n\n Ben Pfaff discovered that Classless Queuing Disciplines (qdiscs) were being\n incorrectly handled. A local attacker could exploit this to crash the\n system, leading to a denial of service. (CVE-2011-2525)\n\n A bug was discovered in the XFS filesystem's handling of pathnames. A local\n attacker could exploit this to crash the system, leading to a denial of\n service, or gain root privileges. (CVE-2011-4077)\n\n Nick Bowler discovered the kernel GHASH message digest algorithm\n incorrectly handled error conditions. A local attacker could exploit this\n to cause a kernel oops. (CVE-2011-4081)\n\n A flaw was found in the Journaling Block Device (JBD). A local attacker\n able to mount ext3 or ext4 file systems could exploit this to crash the\n system, leading to a denial of service. (CVE-2011-4132)\n\n A bug was found in the way headroom check was performed in\n udp6_ufo_fragment() function. A remote attacker could use this flaw to\n crash the system. (CVE-2011-4326)\n\n Clement Lecigne discovered a bug in the HFS file system bounds checking.\n When a malformed HFS file system is mounted a local user could crash the\n system or gain root privileges. (CVE-2011-4330)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-36-386\", ver:\"2.6.32-36.79\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-36-generic\", ver:\"2.6.32-36.79\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-36-generic-pae\", ver:\"2.6.32-36.79\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-36-ia64\", ver:\"2.6.32-36.79\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-36-lpia\", ver:\"2.6.32-36.79\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-36-powerpc\", ver:\"2.6.32-36.79\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-36-powerpc-smp\", ver:\"2.6.32-36.79\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-36-powerpc64-smp\", ver:\"2.6.32-36.79\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-36-preempt\", ver:\"2.6.32-36.79\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-36-server\", ver:\"2.6.32-36.79\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-36-sparc64\", ver:\"2.6.32-36.79\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-36-sparc64-smp\", ver:\"2.6.32-36.79\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-36-versatile\", ver:\"2.6.32-36.79\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-36-virtual\", ver:\"2.6.32-36.79\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-08T12:57:33", "description": "Check for the Version of kernel", "cvss3": {}, "published": "2012-08-02T00:00:00", "type": "openvas", "title": "SuSE Update for kernel openSUSE-SU-2012:0206-1 (kernel)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4604", "CVE-2011-2723", "CVE-2011-1478", "CVE-2011-1576", "CVE-2011-2699", "CVE-2011-1770", "CVE-2010-3880", "CVE-2011-2203", "CVE-2011-2898", "CVE-2011-2213", "CVE-2011-2534", "CVE-2011-4081", "CVE-2011-2525"], "modified": "2018-01-08T00:00:00", "id": "OPENVAS:850253", "href": "http://plugins.openvas.org/nasl.php?oid=850253", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2012_0206_1.nasl 8313 2018-01-08 07:02:11Z teissa $\n#\n# SuSE Update for kernel openSUSE-SU-2012:0206-1 (kernel)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The openSUSE 11.3 kernel was updated to fix various bugs\n and security issues.\n\n Following security issues have been fixed: CVE-2011-4604:\n If root does read() on a specific socket, it's possible to\n corrupt (kernel) memory over network, with an ICMP packet,\n if the B.A.T.M.A.N. mesh protocol is used.\n\n CVE-2011-2525: A flaw allowed the tc_fill_qdisc() function\n in the Linux kernels packet scheduler API implementation to\n be called on built-in qdisc structures. A local,\n unprivileged user could have used this flaw to trigger a\n NULL pointer dereference, resulting in a denial of service.\n\n CVE-2011-2699: Fernando Gont discovered that the IPv6 stack\n used predictable fragment identification numbers. A remote\n attacker could exploit this to exhaust network resources,\n leading to a denial of service.\n\n CVE-2011-2213: The inet_diag_bc_audit function in\n net/ipv4/inet_diag.c in the Linux kernel did not properly\n audit INET_DIAG bytecode, which allowed local users to\n cause a denial of service (kernel infinite loop) via\n crafted INET_DIAG_REQ_BYTECODE instructions in a netlink\n message, as demonstrated by an INET_DIAG_BC_JMP instruction\n with a zero yes value, a different vulnerability than\n CVE-2010-3880.\n\n CVE-2011-1576: The Generic Receive Offload (GRO)\n implementation in the Linux kernel allowed remote attackers\n to cause a denial of service via crafted VLAN packets that\n are processed by the napi_reuse_skb function, leading to\n (1) a memory leak or (2) memory corruption, a different\n vulnerability than CVE-2011-1478.\n\n CVE-2011-2534: Buffer overflow in the clusterip_proc_write\n function in net/ipv4/netfilter/ipt_CLUSTERIP.c in the Linux\n kernel might have allowed local users to cause a denial of\n service or have unspecified other impact via a crafted\n write operation, related to string data that lacks a\n terminating '\\0' character.\n\n CVE-2011-1770: Integer underflow in the dccp_parse_options\n function (net/dccp/options.c) in the Linux kernel allowed\n remote attackers to cause a denial of service via a\n Datagram Congestion Control Protocol (DCCP) packet with an\n invalid feature options length, which triggered a buffer\n over-read.\n\n CVE-2011-2723: The skb_gro_header_slow function in\n include/linux/netdevice.h in the Linux kernel, when Generic\n Receive Offload (GRO) is enabled, reset certain fields in\n incorrect situations, which allowed remote attackers to\n cause a denial of service (system crash) via crafted\n network traffic.\n\n CVE-2011-2898: A kernel information leak in the AF_PACKET\n protocol was fixed which might have allowed local attackers\n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"kernel on openSUSE 11.3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_id(850253);\n script_version(\"$Revision: 8313 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-08 08:02:11 +0100 (Mon, 08 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-02 22:52:42 +0530 (Thu, 02 Aug 2012)\");\n script_cve_id(\"CVE-2011-1576\", \"CVE-2011-1770\", \"CVE-2011-2203\", \"CVE-2011-2213\",\n \"CVE-2011-2525\", \"CVE-2011-2534\", \"CVE-2011-2699\", \"CVE-2011-2723\",\n \"CVE-2011-2898\", \"CVE-2011-4081\", \"CVE-2011-4604\", \"CVE-2010-3880\",\n \"CVE-2011-1478\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"openSUSE-SU\", value: \"2012:0206_1\");\n script_name(\"SuSE Update for kernel openSUSE-SU-2012:0206-1 (kernel)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE11.3\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-base\", rpm:\"kernel-debug-base~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-default-devel\", rpm:\"kernel-default-devel~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-desktop\", rpm:\"kernel-desktop~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-desktop-base\", rpm:\"kernel-desktop-base~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-desktop-devel\", rpm:\"kernel-desktop-devel~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-ec2\", rpm:\"kernel-ec2~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-ec2-base\", rpm:\"kernel-ec2-base~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-ec2-devel\", rpm:\"kernel-ec2-devel~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-ec2-extra\", rpm:\"kernel-ec2-extra~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-trace\", rpm:\"kernel-trace~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-trace-base\", rpm:\"kernel-trace-base~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-trace-devel\", rpm:\"kernel-trace-devel~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-vanilla\", rpm:\"kernel-vanilla~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-vanilla-base\", rpm:\"kernel-vanilla-base~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-vanilla-devel\", rpm:\"kernel-vanilla-devel~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-base\", rpm:\"kernel-xen-base~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"preload-kmp-default\", rpm:\"preload-kmp-default~1.1_k2.6.34.10_0.6~19.1.37\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"preload-kmp-desktop\", rpm:\"preload-kmp-desktop~1.1_k2.6.34.10_0.6~19.1.37\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-source-vanilla\", rpm:\"kernel-source-vanilla~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-pae\", rpm:\"kernel-pae~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-pae-base\", rpm:\"kernel-pae-base~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-pae-devel\", rpm:\"kernel-pae-devel~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-vmi\", rpm:\"kernel-vmi~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-vmi-base\", rpm:\"kernel-vmi-base~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-vmi-devel\", rpm:\"kernel-vmi-devel~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2020-01-31T18:41:25", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-08-02T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for kernel (openSUSE-SU-2012:0206-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4604", "CVE-2011-2723", "CVE-2011-1478", "CVE-2011-1576", "CVE-2011-2699", "CVE-2011-1770", "CVE-2010-3880", "CVE-2011-2203", "CVE-2011-2898", "CVE-2011-2213", "CVE-2011-2534", "CVE-2011-4081", "CVE-2011-2525"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310850253", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850253", "sourceData": "# Copyright (C) 2012 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850253\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2012-08-02 22:52:42 +0530 (Thu, 02 Aug 2012)\");\n script_cve_id(\"CVE-2011-1576\", \"CVE-2011-1770\", \"CVE-2011-2203\", \"CVE-2011-2213\",\n \"CVE-2011-2525\", \"CVE-2011-2534\", \"CVE-2011-2699\", \"CVE-2011-2723\",\n \"CVE-2011-2898\", \"CVE-2011-4081\", \"CVE-2011-4604\", \"CVE-2010-3880\",\n \"CVE-2011-1478\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name:\"openSUSE-SU\", value:\"2012:0206-1\");\n script_name(\"openSUSE: Security Advisory for kernel (openSUSE-SU-2012:0206-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE11\\.3\");\n\n script_tag(name:\"affected\", value:\"kernel on openSUSE 11.3\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"insight\", value:\"The openSUSE 11.3 kernel was updated to fix various bugs\n and security issues.\n\n The following security issues have been fixed: CVE-2011-4604:\n If root does read() on a specific socket, it's possible to\n corrupt (kernel) memory over network, with an ICMP packet,\n if the B.A.T.M.A.N. mesh protocol is used.\n\n CVE-2011-2525: A flaw allowed the tc_fill_qdisc() function\n in the Linux kernels packet scheduler API implementation to\n be called on built-in qdisc structures. A local,\n unprivileged user could have used this flaw to trigger a\n NULL pointer dereference, resulting in a denial of service.\n\n CVE-2011-2699: Fernando Gont discovered that the IPv6 stack\n used predictable fragment identification numbers. A remote\n attacker could exploit this to exhaust network resources,\n leading to a denial of service.\n\n CVE-2011-2213: The inet_diag_bc_audit function in\n net/ipv4/inet_diag.c in the Linux kernel did not properly\n audit INET_DIAG bytecode, which allowed local users to\n cause a denial of service (kernel infinite loop) via\n crafted INET_DIAG_REQ_BYTECODE instructions in a netlink\n message, as demonstrated by an INET_DIAG_BC_JMP instruction\n with a zero yes value, a different vulnerability than\n CVE-2010-3880.\n\n CVE-2011-1576: The Generic Receive Offload (GRO)\n implementation in the Linux kernel allowed remote attackers\n to cause a denial of service via crafted VLAN packets that\n are processed by the napi_reuse_skb function, leading to\n (1) a memory leak or (2) memory corruption, a different\n vulnerability than CVE-2011-1478.\n\n CVE-2011-2534: Buffer overflow in the clusterip_proc_write\n function in net/ipv4/netfilter/ipt_CLUSTERIP.c in the Linux\n kernel might have allowed local users to cause a denial of\n service or have unspecified other impact via a crafted\n write operation, related to string data that lacks a\n terminating '\\0' character.\n\n CVE-2011-1770: Integer underflow in the dccp_parse_options\n function (net/dccp/options.c) in the Linux kernel allowed\n remote attackers to cause a denial of service via a\n Datagram Congestion Control Protocol (DCCP) packet with an\n invalid feature options length, which triggered a buffer\n over-read.\n\n CVE-2011-2723: The skb_gro_header_slow function in\n include/linux/netdevice.h in the Linux kernel, when Generic\n Receive Offload (GRO) is enabled, reset certain fields in\n incorrect situations, which allowed remote attackers to\n cause a denial of service (system crash) via crafted\n network traffic.\n\n CVE-2011-2898: A kernel information leak in the AF_PACKET\n protocol was fixed which might have allowed local attackers\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE11.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base\", rpm:\"kernel-debug-base~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-devel\", rpm:\"kernel-default-devel~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop\", rpm:\"kernel-desktop~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop-base\", rpm:\"kernel-desktop-base~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop-devel\", rpm:\"kernel-desktop-devel~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2\", rpm:\"kernel-ec2~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-base\", rpm:\"kernel-ec2-base~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-devel\", rpm:\"kernel-ec2-devel~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-extra\", rpm:\"kernel-ec2-extra~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-trace\", rpm:\"kernel-trace~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-trace-base\", rpm:\"kernel-trace-base~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-trace-devel\", rpm:\"kernel-trace-devel~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla\", rpm:\"kernel-vanilla~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-base\", rpm:\"kernel-vanilla-base~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-devel\", rpm:\"kernel-vanilla-devel~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-base\", rpm:\"kernel-xen-base~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"preload-kmp-default\", rpm:\"preload-kmp-default~1.1_k2.6.34.10_0.6~19.1.37\", rls:\"openSUSE11.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"preload-kmp-desktop\", rpm:\"preload-kmp-desktop~1.1_k2.6.34.10_0.6~19.1.37\", rls:\"openSUSE11.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source-vanilla\", rpm:\"kernel-source-vanilla~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae\", rpm:\"kernel-pae~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-base\", rpm:\"kernel-pae-base~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-devel\", rpm:\"kernel-pae-devel~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vmi\", rpm:\"kernel-vmi~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vmi-base\", rpm:\"kernel-vmi-base~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vmi-devel\", rpm:\"kernel-vmi-devel~2.6.34.10~0.6.1\", rls:\"openSUSE11.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:38:48", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-07-09T00:00:00", "type": "openvas", "title": "RedHat Update for kernel RHSA-2011:1189-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2491", "CVE-2011-1776", "CVE-2011-2517", "CVE-2011-1576", "CVE-2011-2492", "CVE-2011-2495", "CVE-2011-1593", "CVE-2011-1898", "CVE-2011-2213", "CVE-2011-2497", "CVE-2011-2689", "CVE-2011-2695", "CVE-2011-1182", "CVE-2011-2183"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310870646", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870646", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for kernel RHSA-2011:1189-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2011-August/msg00018.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870646\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-09 10:39:18 +0530 (Mon, 09 Jul 2012)\");\n script_cve_id(\"CVE-2011-1182\", \"CVE-2011-1576\", \"CVE-2011-1593\", \"CVE-2011-1776\",\n \"CVE-2011-1898\", \"CVE-2011-2183\", \"CVE-2011-2213\", \"CVE-2011-2491\",\n \"CVE-2011-2492\", \"CVE-2011-2495\", \"CVE-2011-2497\", \"CVE-2011-2517\",\n \"CVE-2011-2689\", \"CVE-2011-2695\");\n script_tag(name:\"cvss_base\", value:\"8.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"RHSA\", value:\"2011:1189-01\");\n script_name(\"RedHat Update for kernel RHSA-2011:1189-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n script_tag(name:\"affected\", value:\"kernel on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Security issues:\n\n * Using PCI passthrough without interrupt remapping support allowed KVM\n guests to generate MSI interrupts and thus potentially inject traps. A\n privileged guest user could use this flaw to crash the host or possibly\n escalate their privileges on the host. The fix for this issue can prevent\n PCI passthrough working and guests starting. Refer to Red Hat Bugzilla bug\n 715555 for details. (CVE-2011-1898, Important)\n\n * Flaw in the client-side NLM implementation could allow a local,\n unprivileged user to cause a denial of service. (CVE-2011-2491, Important)\n\n * Integer underflow in the Bluetooth implementation could allow a remote\n attacker to cause a denial of service or escalate their privileges by\n sending a specially-crafted request to a target system via Bluetooth.\n (CVE-2011-2497, Important)\n\n * Buffer overflows in the netlink-based wireless configuration interface\n implementation could allow a local user, who has the CAP_NET_ADMIN\n capability, to cause a denial of service or escalate their privileges on\n systems that have an active wireless interface. (CVE-2011-2517, Important)\n\n * Flaw in the way the maximum file offset was handled for ext4 file systems\n could allow a local, unprivileged user to cause a denial of service.\n (CVE-2011-2695, Important)\n\n * Flaw allowed napi_reuse_skb() to be called on VLAN packets. An attacker\n on the local network could use this flaw to send crafted packets to a\n target, possibly causing a denial of service. (CVE-2011-1576, Moderate)\n\n * Integer signedness error in next_pidmap() could allow a local,\n unprivileged user to cause a denial of service. (CVE-2011-1593, Moderate)\n\n * Race condition in the memory merging support (KSM) could allow a local,\n unprivileged user to cause a denial of service. KSM is off by default, but\n on systems running VDSM, or on KVM hosts, it is likely turned on by the\n ksm/ksmtuned services. (CVE-2011-2183, Moderate)\n\n * Flaw in inet_diag_bc_audit() could allow a local, unprivileged user to\n cause a denial of service. (CVE-2011-2213, Moderate)\n\n * Flaw in the way space was allocated in the Global File System 2 (GFS2)\n implementation. If the file system was almost full, and a local,\n unprivileged user made an fallocate() request, it could result in a denial\n of service. Setting quotas to prevent users from using all available disk\n space would prevent exploitation of this flaw. (CVE-2011-2689, Moderate)\n\n * Local, unprivileged users could sen ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.32~131.12.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.32~131.12.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.32~131.12.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.32~131.12.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.32~131.12.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common-i686\", rpm:\"kernel-debuginfo-common-i686~2.6.32~131.12.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.32~131.12.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.32~131.12.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~2.6.32~131.12.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf-debuginfo\", rpm:\"perf-debuginfo~2.6.32~131.12.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.32~131.12.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.32~131.12.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~2.6.32~131.12.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:59", "description": "Oracle Linux Local Security Checks ELSA-2011-1189", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2011-1189", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2491", "CVE-2011-1776", "CVE-2011-2517", "CVE-2011-1576", "CVE-2011-2492", "CVE-2011-2495", "CVE-2011-1593", "CVE-2011-1898", "CVE-2011-2213", "CVE-2011-2497", "CVE-2011-2689", "CVE-2011-2695", "CVE-2011-1182", "CVE-2011-2183"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122103", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122103", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2011-1189.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122103\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:13:08 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2011-1189\");\n script_tag(name:\"insight\", value:\"ELSA-2011-1189 - kernel security, bug fix, and enhancement update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2011-1189\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2011-1189.html\");\n script_cve_id(\"CVE-2011-1182\", \"CVE-2011-1576\", \"CVE-2011-1593\", \"CVE-2011-1776\", \"CVE-2011-1898\", \"CVE-2011-2183\", \"CVE-2011-2213\", \"CVE-2011-2491\", \"CVE-2011-2492\", \"CVE-2011-2495\", \"CVE-2011-2497\", \"CVE-2011-2517\", \"CVE-2011-2689\", \"CVE-2011-2695\");\n script_tag(name:\"cvss_base\", value:\"8.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.32~131.12.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.32~131.12.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.32~131.12.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.32~131.12.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.32~131.12.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.32~131.12.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.32~131.12.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~2.6.32~131.12.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-06T13:07:54", "description": "Check for the Version of kernel", "cvss3": {}, "published": "2012-07-09T00:00:00", "type": "openvas", "title": "RedHat Update for kernel RHSA-2011:1189-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2491", "CVE-2011-1776", "CVE-2011-2517", "CVE-2011-1576", "CVE-2011-2492", "CVE-2011-2495", "CVE-2011-1593", "CVE-2011-1898", "CVE-2011-2213", "CVE-2011-2497", "CVE-2011-2689", "CVE-2011-2695", "CVE-2011-1182", "CVE-2011-2183"], "modified": "2018-01-05T00:00:00", "id": "OPENVAS:870646", "href": "http://plugins.openvas.org/nasl.php?oid=870646", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for kernel RHSA-2011:1189-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Security issues:\n\n * Using PCI passthrough without interrupt remapping support allowed KVM\n guests to generate MSI interrupts and thus potentially inject traps. A\n privileged guest user could use this flaw to crash the host or possibly\n escalate their privileges on the host. The fix for this issue can prevent\n PCI passthrough working and guests starting. Refer to Red Hat Bugzilla bug\n 715555 for details. (CVE-2011-1898, Important)\n\n * Flaw in the client-side NLM implementation could allow a local,\n unprivileged user to cause a denial of service. (CVE-2011-2491, Important)\n\n * Integer underflow in the Bluetooth implementation could allow a remote\n attacker to cause a denial of service or escalate their privileges by\n sending a specially-crafted request to a target system via Bluetooth.\n (CVE-2011-2497, Important)\n\n * Buffer overflows in the netlink-based wireless configuration interface\n implementation could allow a local user, who has the CAP_NET_ADMIN\n capability, to cause a denial of service or escalate their privileges on\n systems that have an active wireless interface. (CVE-2011-2517, Important)\n\n * Flaw in the way the maximum file offset was handled for ext4 file systems\n could allow a local, unprivileged user to cause a denial of service.\n (CVE-2011-2695, Important)\n\n * Flaw allowed napi_reuse_skb() to be called on VLAN packets. An attacker\n on the local network could use this flaw to send crafted packets to a\n target, possibly causing a denial of service. (CVE-2011-1576, Moderate)\n\n * Integer signedness error in next_pidmap() could allow a local,\n unprivileged user to cause a denial of service. (CVE-2011-1593, Moderate)\n\n * Race condition in the memory merging support (KSM) could allow a local,\n unprivileged user to cause a denial of service. KSM is off by default, but\n on systems running VDSM, or on KVM hosts, it is likely turned on by the\n ksm/ksmtuned services. (CVE-2011-2183, Moderate)\n\n * Flaw in inet_diag_bc_audit() could allow a local, unprivileged user to\n cause a denial of service. (CVE-2011-2213, Moderate)\n\n * Flaw in the way space was allocated in the Global File System 2 (GFS2)\n implementation. If the file system was almost full, and a local,\n unprivileged user made an fallocate() request, it could result in a denial\n of service. Setting quotas to prevent users from using all available disk\n space would prevent exploitation of this flaw. (CVE-2011-2689, Moderate)\n\n * Local, unprivileged users could sen ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"kernel on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2011-August/msg00018.html\");\n script_id(870646);\n script_version(\"$Revision: 8295 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-05 07:29:18 +0100 (Fri, 05 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-09 10:39:18 +0530 (Mon, 09 Jul 2012)\");\n script_cve_id(\"CVE-2011-1182\", \"CVE-2011-1576\", \"CVE-2011-1593\", \"CVE-2011-1776\",\n \"CVE-2011-1898\", \"CVE-2011-2183\", \"CVE-2011-2213\", \"CVE-2011-2491\",\n \"CVE-2011-2492\", \"CVE-2011-2495\", \"CVE-2011-2497\", \"CVE-2011-2517\",\n \"CVE-2011-2689\", \"CVE-2011-2695\");\n script_tag(name:\"cvss_base\", value:\"8.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2011:1189-01\");\n script_name(\"RedHat Update for kernel RHSA-2011:1189-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.32~131.12.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.32~131.12.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.32~131.12.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.32~131.12.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.32~131.12.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common-i686\", rpm:\"kernel-debuginfo-common-i686~2.6.32~131.12.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.32~131.12.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.32~131.12.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~2.6.32~131.12.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf-debuginfo\", rpm:\"perf-debuginfo~2.6.32~131.12.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.32~131.12.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.32~131.12.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~2.6.32~131.12.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 8.3, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-12-19T16:08:49", "description": "The remote ESXi is missing one or more security related Updates from VMSA-2012-0001.", "cvss3": {}, "published": "2012-03-15T00:00:00", "type": "openvas", "title": "VMware ESXi/ESX updates to third party library and ESX Service Console (VMSA-2012-0001)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0547", "CVE-2010-3493", "CVE-2011-1746", "CVE-2011-1678", "CVE-2011-0695", "CVE-2011-1521", "CVE-2011-1078", "CVE-2011-1494", "CVE-2011-2491", "CVE-2010-4649", "CVE-2010-2059", "CVE-2011-1776", "CVE-2011-2517", "CVE-2011-1576", "CVE-2011-1573", "CVE-2011-2492", "CVE-2011-1780", "CVE-2011-2495", "CVE-2011-1166", "CVE-2011-0711", "CVE-2011-2901", "CVE-2011-2022", "CVE-2011-1079", "CVE-2011-1044", "CVE-2011-1495", "CVE-2010-0787", "CVE-2011-1163", "CVE-2011-2519", "CVE-2010-2089", "CVE-2011-1093", "CVE-2011-1593", "CVE-2011-2522", "CVE-2011-1170", "CVE-2011-1936", "CVE-2011-2482", "CVE-2011-1172", "CVE-2011-1171", "CVE-2011-2213", "CVE-2011-1015", "CVE-2011-2689", "CVE-2009-3720", "CVE-2011-3378", "CVE-2010-1634", "CVE-2009-3560", "CVE-2011-0726", "CVE-2011-1745", "CVE-2011-1182", "CVE-2011-1763", "CVE-2011-2525", "CVE-2011-1080", "CVE-2011-2694", "CVE-2011-1577", "CVE-2011-2192"], "modified": "2019-12-18T00:00:00", "id": "OPENVAS:1361412562310103448", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310103448", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# VMSA-2012-0001 VMware ESXi and ESX updates to third party library and ESX Service Console\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.103448\");\n script_cve_id(\"CVE-2009-3560\", \"CVE-2009-3720\", \"CVE-2010-0547\", \"CVE-2010-0787\", \"CVE-2010-1634\", \"CVE-2010-2059\", \"CVE-2010-2089\", \"CVE-2010-3493\", \"CVE-2010-4649\", \"CVE-2011-0695\", \"CVE-2011-0711\", \"CVE-2011-0726\", \"CVE-2011-1015\", \"CVE-2011-1044\", \"CVE-2011-1078\", \"CVE-2011-1079\", \"CVE-2011-1080\", \"CVE-2011-1093\", \"CVE-2011-1163\", \"CVE-2011-1166\", \"CVE-2011-1170\", \"CVE-2011-1171\", \"CVE-2011-1172\", \"CVE-2011-1182\", \"CVE-2011-1494\", \"CVE-2011-1495\", \"CVE-2011-1521\", \"CVE-2011-1573\", \"CVE-2011-1576\", \"CVE-2011-1577\", \"CVE-2011-1593\", \"CVE-2011-1678\", \"CVE-2011-1745\", \"CVE-2011-1746\", \"CVE-2011-1763\", \"CVE-2011-1776\", \"CVE-2011-1780\", \"CVE-2011-1936\", \"CVE-2011-2022\", \"CVE-2011-2192\", \"CVE-2011-2213\", \"CVE-2011-2482\", \"CVE-2011-2491\", \"CVE-2011-2492\", \"CVE-2011-2495\", \"CVE-2011-2517\", \"CVE-2011-2519\", \"CVE-2011-2522\", \"CVE-2011-2525\", \"CVE-2011-2689\", \"CVE-2011-2694\", \"CVE-2011-2901\", \"CVE-2011-3378\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_version(\"2019-12-18T11:13:08+0000\");\n script_name(\"VMware ESXi/ESX updates to third party library and ESX Service Console (VMSA-2012-0001)\");\n script_tag(name:\"last_modification\", value:\"2019-12-18 11:13:08 +0000 (Wed, 18 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2012-03-15 14:13:01 +0100 (Thu, 15 Mar 2012)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"VMware Local Security Checks\");\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_dependencies(\"gb_vmware_esxi_init.nasl\");\n script_mandatory_keys(\"VMware/ESXi/LSC\", \"VMware/ESX/version\");\n\n script_xref(name:\"URL\", value:\"http://www.vmware.com/security/advisories/VMSA-2012-0001.html\");\n\n script_tag(name:\"solution\", value:\"Apply the missing patch(es).\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if the target host is missing one or more patch(es).\");\n\n script_tag(name:\"summary\", value:\"The remote ESXi is missing one or more security related Updates from VMSA-2012-0001.\");\n\n script_tag(name:\"affected\", value:\"ESXi 4.1 without patch ESXi410-201201401-SG\n\n ESXi 5.0 without patch ESXi500-201203101-SG\n\n ESXi 4.0 without patch ESXi400-201203401-SG\n\n ESX 4.1 without patches ESX410-201201401-SG, ESX410-201201402-SG,\n ESX410-201201404-SG, ESX410-201201405-SG, ESX410-201201406-SG,\n ESX410-201201407-SG\");\n\n script_tag(name:\"insight\", value:\"VMware ESXi and ESX updates to third party library and ESX Service Console address\n several security issues.\n\n a. ESX third party update for Service Console kernel\n\n The ESX Service Console Operating System (COS) kernel is updated to kernel-2.6.18-274.3.1.el5\n to fix multiple security issues in the COS kernel.\n\n b. ESX third party update for Service Console cURL RPM\n\n The ESX Service Console (COS) curl RPM is updated to cURL-7.15.5.9 resolving a security issue.\n\n c. ESX third party update for Service Console nspr and nss RPMs\n\n The ESX Service Console (COS) nspr and nss RPMs are updated to nspr-4.8.8-1.el5_7 and\n nss-3.12.10-4.el5_7 respectively resolving a security issue.\n\n A Certificate Authority (CA) issued fraudulent SSL certificates and Netscape\n Portable Runtime (NSPR) and Network Security Services (NSS) contain the\n built-in tokens of this fraudulent Certificate Authority. This update renders\n all SSL certificates signed by the fraudulent CA as untrusted for all uses.\n\n d. ESX third party update for Service Console rpm RPMs\n\n The ESX Service Console Operating System (COS) rpm packages are updated to\n popt-1.10.2.3-22.el5_7.2, rpm-4.4.2.3-22.el5_7.2, rpm-libs-4.4.2.3-22.el5_7.2\n and rpm-python-4.4.2.3-22.el5_7.2 which fixes multiple security issues.\n\n e. ESX third party update for Service Console samba RPMs\n\n The ESX Service Console Operating System (COS) samba packages are updated to\n samba-client-3.0.33-3.29.el5_7.4, samba-common-3.0.33-3.29.el5_7.4 and\n libsmbclient-3.0.33-3.29.el5_7.4 which fixes multiple security issues in the\n Samba client.\n\n f. ESX third party update for Service Console python package\n\n The ESX Service Console (COS) python package is updated to 2.4.3-44 which fixes\n multiple security issues.\n\n g. ESXi update to third party component python\n\n The python third party library is updated to python 2.5.6 which fixes multiple\n security issues.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"vmware_esx.inc\");\ninclude(\"version_func.inc\");\n\nif(!get_kb_item(\"VMware/ESXi/LSC\"))\n exit(0);\n\nif(!esxVersion = get_kb_item(\"VMware/ESX/version\"))\n exit(0);\n\npatches = make_array(\"4.1.0\", \"ESXi410-201201401-SG\",\n \"4.0.0\", \"ESXi400-201203401-SG\",\n \"5.0.0\", \"VIB:esx-base:5.0.0-0.10.608089\");\n\nif(!patches[esxVersion])\n exit(99);\n\nif(report = esxi_patch_missing(esxi_version:esxVersion, patch:patches[esxVersion])) {\n security_message(port:0, data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-02T21:10:29", "description": "The remote ESXi is missing one or more security related Updates from VMSA-2012-0001.\n\nSummary\n\nVMware ESXi and ESX updates to third party library and ESX Service Console address\nseveral security issues.\n\nRelevant releases:\n\nESXi 4.1 without patch ESXi410-201201401-SG\nESXi 5.0 without patch ESXi500-201203101-SG\nESXi 4.0 without patch ESXi400-201203401-SG\n\nESX 4.1 without patches ESX410-201201401-SG, ESX410-201201402-SG,\nESX410-201201404-SG, ESX410-201201405-SG, ESX410-201201406-SG,\nESX410-201201407-SG.\n \nProblem Description\n\na. ESX third party update for Service Console kernel\n\n The ESX Service Console Operating System (COS) kernel is updated to kernel-2.6.18-274.3.1.el5\n to fix multiple security issues in the COS kernel.\n \nb. ESX third party update for Service Console cURL RPM\n\n The ESX Service Console (COS) curl RPM is updated to cURL-7.15.5.9 resolving a security issue.\n\nc. ESX third party update for Service Console nspr and nss RPMs\n\n The ESX Service Console (COS) nspr and nss RPMs are updated to nspr-4.8.8-1.el5_7 and\n nss-3.12.10-4.el5_7 respectively resolving a security issue.\n\n A Certificate Authority (CA) issued fraudulent SSL certificates and Netscape\n Portable Runtime (NSPR) and Network Security Services (NSS) contain the\n built-in tokens of this fraudulent Certificate Authority. This update renders\n all SSL certificates signed by the fraudulent CA as untrusted for all uses.\n\nd. ESX third party update for Service Console rpm RPMs\n\n The ESX Service Console Operating System (COS) rpm packages are updated to\n popt-1.10.2.3-22.el5_7.2, rpm-4.4.2.3-22.el5_7.2, rpm-libs-4.4.2.3-22.el5_7.2\n and rpm-python-4.4.2.3-22.el5_7.2 which fixes multiple security issues.\n\ne. ESX third party update for Service Console samba RPMs\n\n The ESX Service Console Operating System (COS) samba packages are updated to\n samba-client-3.0.33-3.29.el5_7.4, samba-common-3.0.33-3.29.el5_7.4 and\n libsmbclient-3.0.33-3.29.el5_7.4 which fixes multiple security issues in the\n Samba client.\n\nf. ESX third party update for Service Console python package\n\n The ESX Service Console (COS) python package is updated to 2.4.3-44 which fixes\n multiple security issues.\n\ng. ESXi update to third party component python\n\n The python third party library is updated to python 2.5.6 which fixes multiple\n security issues.", "cvss3": {}, "published": "2012-03-15T00:00:00", "type": "openvas", "title": "VMSA-2012-0001 VMware ESXi and ESX updates to third party library and ESX Service Console", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0547", "CVE-2010-3493", "CVE-2011-1746", "CVE-2011-1678", "CVE-2011-0695", "CVE-2011-1521", "CVE-2011-1078", "CVE-2011-1494", "CVE-2011-2491", "CVE-2010-4649", "CVE-2010-2059", "CVE-2011-1776", "CVE-2011-2517", "CVE-2011-1576", "CVE-2011-1573", "CVE-2011-2492", "CVE-2011-1780", "CVE-2011-2495", "CVE-2011-1166", "CVE-2011-0711", "CVE-2011-2901", "CVE-2011-2022", "CVE-2011-1079", "CVE-2011-1044", "CVE-2011-1495", "CVE-2010-0787", "CVE-2011-1163", "CVE-2011-2519", "CVE-2010-2089", "CVE-2011-1093", "CVE-2011-1593", "CVE-2011-2522", "CVE-2011-1170", "CVE-2011-1936", "CVE-2011-2482", "CVE-2011-1172", "CVE-2011-1171", "CVE-2011-2213", "CVE-2011-1015", "CVE-2011-2689", "CVE-2009-3720", "CVE-2011-3378", "CVE-2010-1634", "CVE-2009-3560", "CVE-2011-0726", "CVE-2011-1745", "CVE-2011-1182", "CVE-2011-1763", "CVE-2011-2525", "CVE-2011-1080", "CVE-2011-2694", "CVE-2011-1577", "CVE-2011-2192"], "modified": "2017-04-19T00:00:00", "id": "OPENVAS:103448", "href": "http://plugins.openvas.org/nasl.php?oid=103448", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_VMSA-2012-0001.nasl 5977 2017-04-19 09:02:22Z teissa $\n#\n# VMSA-2012-0001 VMware ESXi and ESX updates to third party library and ESX Service Console\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_summary = \"The remote ESXi is missing one or more security related Updates from VMSA-2012-0001.\n\nSummary\n\nVMware ESXi and ESX updates to third party library and ESX Service Console address\nseveral security issues.\n\nRelevant releases:\n\nESXi 4.1 without patch ESXi410-201201401-SG\nESXi 5.0 without patch ESXi500-201203101-SG\nESXi 4.0 without patch ESXi400-201203401-SG\n\nESX 4.1 without patches ESX410-201201401-SG, ESX410-201201402-SG,\nESX410-201201404-SG, ESX410-201201405-SG, ESX410-201201406-SG,\nESX410-201201407-SG.\n \nProblem Description\n\na. ESX third party update for Service Console kernel\n\n The ESX Service Console Operating System (COS) kernel is updated to kernel-2.6.18-274.3.1.el5\n to fix multiple security issues in the COS kernel.\n \nb. ESX third party update for Service Console cURL RPM\n\n The ESX Service Console (COS) curl RPM is updated to cURL-7.15.5.9 resolving a security issue.\n\nc. ESX third party update for Service Console nspr and nss RPMs\n\n The ESX Service Console (COS) nspr and nss RPMs are updated to nspr-4.8.8-1.el5_7 and\n nss-3.12.10-4.el5_7 respectively resolving a security issue.\n\n A Certificate Authority (CA) issued fraudulent SSL certificates and Netscape\n Portable Runtime (NSPR) and Network Security Services (NSS) contain the\n built-in tokens of this fraudulent Certificate Authority. This update renders\n all SSL certificates signed by the fraudulent CA as untrusted for all uses.\n\nd. ESX third party update for Service Console rpm RPMs\n\n The ESX Service Console Operating System (COS) rpm packages are updated to\n popt-1.10.2.3-22.el5_7.2, rpm-4.4.2.3-22.el5_7.2, rpm-libs-4.4.2.3-22.el5_7.2\n and rpm-python-4.4.2.3-22.el5_7.2 which fixes multiple security issues.\n\ne. ESX third party update for Service Console samba RPMs\n\n The ESX Service Console Operating System (COS) samba packages are updated to\n samba-client-3.0.33-3.29.el5_7.4, samba-common-3.0.33-3.29.el5_7.4 and\n libsmbclient-3.0.33-3.29.el5_7.4 which fixes multiple security issues in the\n Samba client.\n\nf. ESX third party update for Service Console python package\n\n The ESX Service Console (COS) python package is updated to 2.4.3-44 which fixes\n multiple security issues.\n\ng. ESXi update to third party component python\n\n The python third party library is updated to python 2.5.6 which fixes multiple\n security issues.\";\n\ntag_solution = \"Apply the missing patch(es).\";\n\nif (description)\n{\n script_id(103448);\n script_cve_id(\"CVE-2009-3560\", \"CVE-2009-3720\", \"CVE-2010-0547\", \"CVE-2010-0787\", \"CVE-2010-1634\", \"CVE-2010-2059\", \"CVE-2010-2089\", \"CVE-2010-3493\", \"CVE-2010-4649\", \"CVE-2011-0695\", \"CVE-2011-0711\", \"CVE-2011-0726\", \"CVE-2011-1015\", \"CVE-2011-1044\", \"CVE-2011-1078\", \"CVE-2011-1079\", \"CVE-2011-1080\", \"CVE-2011-1093\", \"CVE-2011-1163\", \"CVE-2011-1166\", \"CVE-2011-1170\", \"CVE-2011-1171\", \"CVE-2011-1172\", \"CVE-2011-1182\", \"CVE-2011-1494\", \"CVE-2011-1495\", \"CVE-2011-1521\", \"CVE-2011-1573\", \"CVE-2011-1576\", \"CVE-2011-1577\", \"CVE-2011-1593\", \"CVE-2011-1678\", \"CVE-2011-1745\", \"CVE-2011-1746\", \"CVE-2011-1763\", \"CVE-2011-1776\", \"CVE-2011-1780\", \"CVE-2011-1936\", \"CVE-2011-2022\", \"CVE-2011-2192\", \"CVE-2011-2213\", \"CVE-2011-2482\", \"CVE-2011-2491\", \"CVE-2011-2492\", \"CVE-2011-2495\", \"CVE-2011-2517\", \"CVE-2011-2519\", \"CVE-2011-2522\", \"CVE-2011-2525\", \"CVE-2011-2689\", \"CVE-2011-2694\", \"CVE-2011-2901\", \"CVE-2011-3378\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_version (\"$Revision: 5977 $\");\n script_name(\"VMSA-2012-0001 VMware ESXi and ESX updates to third party library and ESX Service Console\");\n\n\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-19 11:02:22 +0200 (Wed, 19 Apr 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-15 14:13:01 +0100 (Thu, 15 Mar 2012)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"VMware Local Security Checks\");\n script_copyright(\"This script is Copyright (C) 2012 Greenbone Networks GmbH\");\n script_dependencies(\"gb_vmware_esxi_init.nasl\");\n script_mandatory_keys(\"VMware/ESXi/LSC\",\"VMware/ESX/version\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://www.vmware.com/security/advisories/VMSA-2012-0001.html\");\n exit(0);\n}\n\ninclude(\"vmware_esx.inc\");\ninclude(\"version_func.inc\");\n\nif(!get_kb_item('VMware/ESXi/LSC'))exit(0);\nif(! esxVersion = get_kb_item(\"VMware/ESX/version\"))exit(0);\n\npatches = make_array(\"4.1.0\", \"ESXi410-201201401-SG\",\n \"4.0.0\", \"ESXi400-201203401-SG\",\n \"5.0.0\", \"VIB:esx-base:5.0.0-0.10.608089\");\n\nif(!patches[esxVersion])exit(0);\n\nif(_esxi_patch_missing(esxi_version:esxVersion, patch:patches[esxVersion])) {\n\n security_message(port:0);\n exit(0);\n\n}\n\nexit(99);\n\n\n\n\n\n\n\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:27:35", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1241-1", "cvss3": {}, "published": "2011-10-31T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-fsl-imx51 USN-1241-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3188", "CVE-2011-2723", "CVE-2011-1776", "CVE-2011-2517", "CVE-2011-1576", "CVE-2011-1573", "CVE-2011-2928", "CVE-2011-2495", "CVE-2011-2909", "CVE-2011-2494", "CVE-2011-3363", "CVE-2011-2905", "CVE-2011-2213", "CVE-2011-2497", "CVE-2011-2695", "CVE-2011-2525", "CVE-2011-3191", "CVE-2011-2496"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840790", "href": "http://plugins.openvas.org/nasl.php?oid=840790", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1241_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for linux-fsl-imx51 USN-1241-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that the Stream Control Transmission Protocol (SCTP)\n implementation incorrectly calculated lengths. If the net.sctp.addip_enable\n variable was turned on, a remote attacker could send specially crafted\n traffic to crash the system. (CVE-2011-1573)\n\n Ryan Sweat discovered that the kernel incorrectly handled certain VLAN\n packets. On some systems, a remote attacker could send specially crafted\n traffic to crash the system, leading to a denial of service.\n (CVE-2011-1576)\n \n Timo Warns discovered that the EFI GUID partition table was not correctly\n parsed. A physically local attacker that could insert mountable devices\n could exploit this to crash the system or possibly gain root privileges.\n (CVE-2011-1776)\n \n Dan Rosenberg discovered that the IPv4 diagnostic routines did not\n correctly validate certain requests. A local attacker could exploit this to\n consume CPU resources, leading to a denial of service. (CVE-2011-2213)\n \n Vasiliy Kulikov discovered that taskstats did not enforce access\n restrictions. A local attacker could exploit this to read certain\n information, leading to a loss of privacy. (CVE-2011-2494)\n \n Vasiliy Kulikov discovered that /proc/PID/io did not enforce access\n restrictions. A local attacker could exploit this to read certain\n information, leading to a loss of privacy. (CVE-2011-2495)\n \n Robert Swiecki discovered that mapping extensions were incorrectly handled.\n A local attacker could exploit this to crash the system, leading to a\n denial of service. (CVE-2011-2496)\n \n Dan Rosenberg discovered that the Bluetooth stack incorrectly handled\n certain L2CAP requests. If a system was using Bluetooth, a remote attacker\n could send specially crafted traffic to crash the system or gain root\n privileges. (CVE-2011-2497)\n \n It was discovered that the wireless stack incorrectly verified SSID\n lengths. A local attacker could exploit this to cause a denial of service\n or gain root privileges. (CVE-2011-2517)\n \n Ben Pfaff discovered that Classless Queuing Disciplines (qdiscs) were being\n incorrectly handled. A local attacker could exploit this to crash the\n system, leading to a denial of service. (CVE-2011-2525)\n \n It was discovered that the EXT4 filesystem contained multiple off-by-one\n flaws. A local attacker could exploit this to crash the system, leading to\n a denial of service. (CVE-2011-2695)\n \n Herbert Xu discovered that certain fields were incorrectly handled when\n Generic Receive Offload (CVE-2011-2723)\n \n Christian Ohm discovered that the perf command looks for configuration\n files in the curre ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1241-1\";\ntag_affected = \"linux-fsl-imx51 on Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1241-1/\");\n script_id(840790);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-31 13:45:00 +0100 (Mon, 31 Oct 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"1241-1\");\n script_cve_id(\"CVE-2011-1573\", \"CVE-2011-1576\", \"CVE-2011-1776\", \"CVE-2011-2213\",\n \"CVE-2011-2494\", \"CVE-2011-2495\", \"CVE-2011-2496\", \"CVE-2011-2497\",\n \"CVE-2011-2517\", \"CVE-2011-2525\", \"CVE-2011-2695\", \"CVE-2011-2723\",\n \"CVE-2011-2905\", \"CVE-2011-2909\", \"CVE-2011-2928\", \"CVE-2011-3188\",\n \"CVE-2011-3191\", \"CVE-2011-3363\");\n script_name(\"Ubuntu Update for linux-fsl-imx51 USN-1241-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.31-611-imx51\", ver:\"2.6.31-611.29\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-08-01T16:18:33", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1241-1", "cvss3": {}, "published": "2011-10-31T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-fsl-imx51 USN-1241-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3188", "CVE-2011-2723", "CVE-2011-1776", "CVE-2011-2517", "CVE-2011-1576", "CVE-2011-1573", "CVE-2011-2928", "CVE-2011-2495", "CVE-2011-2909", "CVE-2011-2494", "CVE-2011-3363", "CVE-2011-2905", "CVE-2011-2213", "CVE-2011-2497", "CVE-2011-2695", "CVE-2011-2525", "CVE-2011-3191", "CVE-2011-2496"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840790", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840790", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1241_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux-fsl-imx51 USN-1241-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1241-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840790\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-31 13:45:00 +0100 (Mon, 31 Oct 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"USN\", value:\"1241-1\");\n script_cve_id(\"CVE-2011-1573\", \"CVE-2011-1576\", \"CVE-2011-1776\", \"CVE-2011-2213\",\n \"CVE-2011-2494\", \"CVE-2011-2495\", \"CVE-2011-2496\", \"CVE-2011-2497\",\n \"CVE-2011-2517\", \"CVE-2011-2525\", \"CVE-2011-2695\", \"CVE-2011-2723\",\n \"CVE-2011-2905\", \"CVE-2011-2909\", \"CVE-2011-2928\", \"CVE-2011-3188\",\n \"CVE-2011-3191\", \"CVE-2011-3363\");\n script_name(\"Ubuntu Update for linux-fsl-imx51 USN-1241-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU10\\.04 LTS\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1241-1\");\n script_tag(name:\"affected\", value:\"linux-fsl-imx51 on Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"It was discovered that the Stream Control Transmission Protocol (SCTP)\n implementation incorrectly calculated lengths. If the net.sctp.addip_enable\n variable was turned on, a remote attacker could send specially crafted\n traffic to crash the system. (CVE-2011-1573)\n\n Ryan Sweat discovered that the kernel incorrectly handled certain VLAN\n packets. On some systems, a remote attacker could send specially crafted\n traffic to crash the system, leading to a denial of service.\n (CVE-2011-1576)\n\n Timo Warns discovered that the EFI GUID partition table was not correctly\n parsed. A physically local attacker that could insert mountable devices\n could exploit this to crash the system or possibly gain root privileges.\n (CVE-2011-1776)\n\n Dan Rosenberg discovered that the IPv4 diagnostic routines did not\n correctly validate certain requests. A local attacker could exploit this to\n consume CPU resources, leading to a denial of service. (CVE-2011-2213)\n\n Vasiliy Kulikov discovered that taskstats did not enforce access\n restrictions. A local attacker could exploit this to read certain\n information, leading to a loss of privacy. (CVE-2011-2494)\n\n Vasiliy Kulikov discovered that /proc/PID/io did not enforce access\n restrictions. A local attacker could exploit this to read certain\n information, leading to a loss of privacy. (CVE-2011-2495)\n\n Robert Swiecki discovered that mapping extensions were incorrectly handled.\n A local attacker could exploit this to crash the system, leading to a\n denial of service. (CVE-2011-2496)\n\n Dan Rosenberg discovered that the Bluetooth stack incorrectly handled\n certain L2CAP requests. If a system was using Bluetooth, a remote attacker\n could send specially crafted traffic to crash the system or gain root\n privileges. (CVE-2011-2497)\n\n It was discovered that the wireless stack incorrectly verified SSID\n lengths. A local attacker could exploit this to cause a denial of service\n or gain root privileges. (CVE-2011-2517)\n\n Ben Pfaff discovered that Classless Queuing Disciplines (qdiscs) were being\n incorrectly handled. A local attacker could exploit this to crash the\n system, leading to a denial of service. (CVE-2011-2525)\n\n It was discovered that the EXT4 filesystem contained multiple off-by-one\n flaws. A local attacker could exploit this to crash the system, leading to\n a denial of service. (CVE-2011-2695)\n\n Herbert Xu discovered that certain fields were incorrectly handled when\n Generic Receive Offload (CVE-2011-2723)\n\n Christian Ohm discovered that the perf command looks for configuration\n files in the curre ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.31-611-imx51\", ver:\"2.6.31-611.29\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-01T16:16:35", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1256-1", "cvss3": {}, "published": "2011-11-11T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-lts-backport-natty USN-1256-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1768", "CVE-2011-2918", "CVE-2011-2942", "CVE-2011-3188", "CVE-2011-2723", "CVE-2011-1160", "CVE-2011-1078", "CVE-2011-2493", "CVE-2011-2491", "CVE-2011-1478", "CVE-2011-1776", "CVE-2011-1767", "CVE-2011-2517", "CVE-2011-1771", "CVE-2011-1576", "CVE-2011-1573", "CVE-2011-2492", "CVE-2011-2928", "CVE-2011-2699", "CVE-2011-2495", "CVE-2011-2484", "CVE-2011-2909", "CVE-2011-3209", "CVE-2011-1180", "CVE-2011-1079", "CVE-2011-1581", "CVE-2011-2494", "CVE-2011-3363", "CVE-2011-1833", "CVE-2011-2700", "CVE-2010-4250", "CVE-2011-1093", "CVE-2011-1020", "CVE-2011-2479", "CVE-2011-2905", "CVE-2011-2213", "CVE-2011-2497", "CVE-2011-1493", "CVE-2011-2689", "CVE-2011-2695", "CVE-2011-1479", "CVE-2011-2183", "CVE-2011-2525", "CVE-2011-3191", "CVE-2011-1080", "CVE-2011-1585", "CVE-2011-1577", "CVE-2011-2496"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840802", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840802", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1256_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux-lts-backport-natty USN-1256-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1256-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840802\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-11 09:55:49 +0530 (Fri, 11 Nov 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"USN\", value:\"1256-1\");\n script_cve_id(\"CVE-2011-1020\", \"CVE-2011-1078\", \"CVE-2011-1079\", \"CVE-2011-1080\",\n \"CVE-2011-1093\", \"CVE-2011-1160\", \"CVE-2011-1180\", \"CVE-2011-1478\",\n \"CVE-2010-4250\", \"CVE-2011-1479\", \"CVE-2011-1493\", \"CVE-2011-1573\",\n \"CVE-2011-1576\", \"CVE-2011-1577\", \"CVE-2011-1581\", \"CVE-2011-1585\",\n \"CVE-2011-1767\", \"CVE-2011-1768\", \"CVE-2011-1771\", \"CVE-2011-1776\",\n \"CVE-2011-1833\", \"CVE-2011-2183\", \"CVE-2011-2213\", \"CVE-2011-2479\",\n \"CVE-2011-2484\", \"CVE-2011-2491\", \"CVE-2011-2492\", \"CVE-2011-2493\",\n \"CVE-2011-2494\", \"CVE-2011-2495\", \"CVE-2011-2496\", \"CVE-2011-2497\",\n \"CVE-2011-2517\", \"CVE-2011-2525\", \"CVE-2011-2689\", \"CVE-2011-2695\",\n \"CVE-2011-2699\", \"CVE-2011-2700\", \"CVE-2011-2723\", \"CVE-2011-2905\",\n \"CVE-2011-2909\", \"CVE-2011-2918\", \"CVE-2011-2928\", \"CVE-2011-2942\",\n \"CVE-2011-3188\", \"CVE-2011-3191\", \"CVE-2011-3209\", \"CVE-2011-3363\");\n script_name(\"Ubuntu Update for linux-lts-backport-natty USN-1256-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU10\\.04 LTS\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1256-1\");\n script_tag(name:\"affected\", value:\"linux-lts-backport-natty on Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"It was discovered that the /proc filesystem did not correctly handle\n permission changes when programs executed. A local attacker could hold open\n files to examine details about programs running with higher privileges,\n potentially increasing the chances of exploiting additional\n vulnerabilities. (CVE-2011-1020)\n\n Vasiliy Kulikov discovered that the Bluetooth stack did not correctly clear\n memory. A local attacker could exploit this to read kernel stack memory,\n leading to a loss of privacy. (CVE-2011-1078)\n\n Vasiliy Kulikov discovered that the Bluetooth stack did not correctly check\n that device name strings were NULL terminated. A local attacker could\n exploit this to crash the system, leading to a denial of service, or leak\n contents of kernel stack memory, leading to a loss of privacy.\n (CVE-2011-1079)\n\n Vasiliy Kulikov discovered that bridge network filtering did not check that\n name fields were NULL terminated. A local attacker could exploit this to\n leak contents of kernel stack memory, leading to a loss of privacy.\n (CVE-2011-1080)\n\n Johan Hovold discovered that the DCCP network stack did not correctly\n handle certain packet combinations. A remote attacker could send specially\n crafted network traffic that would crash the system, leading to a denial of\n service. (CVE-2011-1093)\n\n Peter Huewe discovered that the TPM device did not correctly initialize\n memory. A local attacker could exploit this to read kernel heap memory\n contents, leading to a loss of privacy. (CVE-2011-1160)\n\n Dan Rosenberg discovered that the IRDA subsystem did not correctly check\n certain field sizes. If a system was using IRDA, a remote attacker could\n send specially crafted traffic to crash the system or gain root privileges.\n (CVE-2011-1180)\n\n Ryan Sweat discovered that the GRO code did not correctly validate memory.\n In some configurations on systems using VLANs, a remote attacker could send\n specially crafted traffic to crash the system, leading to a denial of\n service. (CVE-2011-1478)\n\n It was discovered that the security fix for CVE-2010-4250 introduced a\n regression. A remote attacker could exploit this to crash the system,\n leading to a denial of service. (CVE-2011-1479)\n\n Dan Rosenberg discovered that the X.25 Rose network stack did not correctly\n handle certain fields. If a system was running with Rose enabled, a remote\n attacker could send specially crafted traffic to gain root privileges.\n (CVE-2011-1493)\n\n It was discovered that the Stream Control Transmission Protocol (SCTP)\n implementation incorrectly calculated length ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-12-generic\", ver:\"2.6.38-12.51~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-12-generic-pae\", ver:\"2.6.38-12.51~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-12-server\", ver:\"2.6.38-12.51~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-12-virtual\", ver:\"2.6.38-12.51~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2017-12-04T11:27:24", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1256-1", "cvss3": {}, "published": "2011-11-11T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-lts-backport-natty USN-1256-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1768", "CVE-2011-2918", "CVE-2011-2942", "CVE-2011-3188", "CVE-2011-2723", "CVE-2011-1160", "CVE-2011-1078", "CVE-2011-2493", "CVE-2011-2491", "CVE-2011-1478", "CVE-2011-1776", "CVE-2011-1767", "CVE-2011-2517", "CVE-2011-1771", "CVE-2011-1576", "CVE-2011-1573", "CVE-2011-2492", "CVE-2011-2928", "CVE-2011-2699", "CVE-2011-2495", "CVE-2011-2484", "CVE-2011-2909", "CVE-2011-3209", "CVE-2011-1180", "CVE-2011-1079", "CVE-2011-1581", "CVE-2011-2494", "CVE-2011-3363", "CVE-2011-1833", "CVE-2011-2700", "CVE-2010-4250", "CVE-2011-1093", "CVE-2011-1020", "CVE-2011-2479", "CVE-2011-2905", "CVE-2011-2213", "CVE-2011-2497", "CVE-2011-1493", "CVE-2011-2689", "CVE-2011-2695", "CVE-2011-1479", "CVE-2011-2183", "CVE-2011-2525", "CVE-2011-3191", "CVE-2011-1080", "CVE-2011-1585", "CVE-2011-1577", "CVE-2011-2496"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840802", "href": "http://plugins.openvas.org/nasl.php?oid=840802", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1256_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for linux-lts-backport-natty USN-1256-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that the /proc filesystem did not correctly handle\n permission changes when programs executed. A local attacker could hold open\n files to examine details about programs running with higher privileges,\n potentially increasing the chances of exploiting additional\n vulnerabilities. (CVE-2011-1020)\n\n Vasiliy Kulikov discovered that the Bluetooth stack did not correctly clear\n memory. A local attacker could exploit this to read kernel stack memory,\n leading to a loss of privacy. (CVE-2011-1078)\n\n Vasiliy Kulikov discovered that the Bluetooth stack did not correctly check\n that device name strings were NULL terminated. A local attacker could\n exploit this to crash the system, leading to a denial of service, or leak\n contents of kernel stack memory, leading to a loss of privacy.\n (CVE-2011-1079)\n\n Vasiliy Kulikov discovered that bridge network filtering did not check that\n name fields were NULL terminated. A local attacker could exploit this to\n leak contents of kernel stack memory, leading to a loss of privacy.\n (CVE-2011-1080)\n\n Johan Hovold discovered that the DCCP network stack did not correctly\n handle certain packet combinations. A remote attacker could send specially\n crafted network traffic that would crash the system, leading to a denial of\n service. (CVE-2011-1093)\n\n Peter Huewe discovered that the TPM device did not correctly initialize\n memory. A local attacker could exploit this to read kernel heap memory\n contents, leading to a loss of privacy. (CVE-2011-1160)\n\n Dan Rosenberg discovered that the IRDA subsystem did not correctly check\n certain field sizes. If a system was using IRDA, a remote attacker could\n send specially crafted traffic to crash the system or gain root privileges.\n (CVE-2011-1180)\n\n Ryan Sweat discovered that the GRO code did not correctly validate memory.\n In some configurations on systems using VLANs, a remote attacker could send\n specially crafted traffic to crash the system, leading to a denial of\n service. (CVE-2011-1478)\n\n It was discovered that the security fix for CVE-2010-4250 introduced a\n regression. A remote attacker could exploit this to crash the system,\n leading to a denial of service. (CVE-2011-1479)\n\n Dan Rosenberg discovered that the X.25 Rose network stack did not correctly\n handle certain fields. If a system was running with Rose enabled, a remote\n attacker could send specially crafted traffic to gain root privileges.\n (CVE-2011-1493)\n\n It was discovered that the Stream Control Transmission Protocol (SCTP)\n implementation incorrectly calculated length ...\n\n Description truncated, for more information please check the Reference URL\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1256-1\";\ntag_affected = \"linux-lts-backport-natty on Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1256-1/\");\n script_id(840802);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-11 09:55:49 +0530 (Fri, 11 Nov 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"1256-1\");\n script_cve_id(\"CVE-2011-1020\", \"CVE-2011-1078\", \"CVE-2011-1079\", \"CVE-2011-1080\",\n \"CVE-2011-1093\", \"CVE-2011-1160\", \"CVE-2011-1180\", \"CVE-2011-1478\",\n \"CVE-2010-4250\", \"CVE-2011-1479\", \"CVE-2011-1493\", \"CVE-2011-1573\",\n \"CVE-2011-1576\", \"CVE-2011-1577\", \"CVE-2011-1581\", \"CVE-2011-1585\",\n \"CVE-2011-1767\", \"CVE-2011-1768\", \"CVE-2011-1771\", \"CVE-2011-1776\",\n \"CVE-2011-1833\", \"CVE-2011-2183\", \"CVE-2011-2213\", \"CVE-2011-2479\",\n \"CVE-2011-2484\", \"CVE-2011-2491\", \"CVE-2011-2492\", \"CVE-2011-2493\",\n \"CVE-2011-2494\", \"CVE-2011-2495\", \"CVE-2011-2496\", \"CVE-2011-2497\",\n \"CVE-2011-2517\", \"CVE-2011-2525\", \"CVE-2011-2689\", \"CVE-2011-2695\",\n \"CVE-2011-2699\", \"CVE-2011-2700\", \"CVE-2011-2723\", \"CVE-2011-2905\",\n \"CVE-2011-2909\", \"CVE-2011-2918\", \"CVE-2011-2928\", \"CVE-2011-2942\",\n \"CVE-2011-3188\", \"CVE-2011-3191\", \"CVE-2011-3209\", \"CVE-2011-3363\");\n script_name(\"Ubuntu Update for linux-lts-backport-natty USN-1256-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-12-generic\", ver:\"2.6.38-12.51~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-12-generic-pae\", ver:\"2.6.38-12.51~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-12-server\", ver:\"2.6.38-12.51~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-12-virtual\", ver:\"2.6.38-12.51~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-07-30T14:10:05", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1212-1", "cvss3": {}, "published": "2011-09-23T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-ti-omap4 USN-1212-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1017", "CVE-2011-2918", "CVE-2011-1746", "CVE-2011-1160", "CVE-2011-1078", "CVE-2011-2493", "CVE-2011-1494", "CVE-2011-1771", "CVE-2011-1598", "CVE-2011-2492", "CVE-2011-1173", "CVE-2011-2699", "CVE-2011-0463", "CVE-2011-2484", "CVE-2011-2022", "CVE-2011-1180", "CVE-2011-1079", "CVE-2011-1581", "CVE-2011-1770", "CVE-2011-1495", "CVE-2011-1833", "CVE-2011-1020", "CVE-2011-1593", "CVE-2011-1170", "CVE-2011-1172", "CVE-2011-1748", "CVE-2011-1171", "CVE-2011-1493", "CVE-2011-2689", "CVE-2011-2534", "CVE-2011-1745", "CVE-2011-1182", "CVE-2011-1080", "CVE-2011-1577"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840748", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840748", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1212_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux-ti-omap4 USN-1212-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1212-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840748\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-23 16:39:49 +0200 (Fri, 23 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name:\"USN\", value:\"1212-1\");\n script_cve_id(\"CVE-2011-0463\", \"CVE-2011-1017\", \"CVE-2011-1020\", \"CVE-2011-1078\", \"CVE-2011-1079\", \"CVE-2011-1080\", \"CVE-2011-1160\", \"CVE-2011-1170\", \"CVE-2011-1171\", \"CVE-2011-1172\", \"CVE-2011-2534\", \"CVE-2011-1173\", \"CVE-2011-1180\", \"CVE-2011-1182\", \"CVE-2011-1493\", \"CVE-2011-1494\", \"CVE-2011-1495\", \"CVE-2011-1577\", \"CVE-2011-1581\", \"CVE-2011-1593\", \"CVE-2011-1598\", \"CVE-2011-1748\", \"CVE-2011-1745\", \"CVE-2011-2022\", \"CVE-2011-1746\", \"CVE-2011-1770\", \"CVE-2011-1771\", \"CVE-2011-1833\", \"CVE-2011-2484\", \"CVE-2011-2492\", \"CVE-2011-2493\", \"CVE-2011-2689\", \"CVE-2011-2699\", \"CVE-2011-2918\");\n script_name(\"Ubuntu Update for linux-ti-omap4 USN-1212-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU11\\.04\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1212-1\");\n script_tag(name:\"affected\", value:\"linux-ti-omap4 on Ubuntu 11.04\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Goldwyn Rodrigues discovered that the OCFS2 filesystem did not correctly\n clear memory when writing certain file holes. A local attacker could\n exploit this to read uninitialized data from the disk, leading to a loss of\n privacy. (CVE-2011-0463)\n\n Timo Warns discovered that the LDM disk partition handling code did not\n correctly handle certain values. By inserting a specially crafted disk\n device, a local attacker could exploit this to gain root privileges.\n (CVE-2011-1017)\n\n It was discovered that the /proc filesystem did not correctly handle\n permission changes when programs executed. A local attacker could hold open\n files to examine details about programs running with higher privileges,\n potentially increasing the chances of exploiting additional\n vulnerabilities. (CVE-2011-1020)\n\n Vasiliy Kulikov discovered that the Bluetooth stack did not correctly clear\n memory. A local attacker could exploit this to read kernel stack memory,\n leading to a loss of privacy. (CVE-2011-1078)\n\n Vasiliy Kulikov discovered that the Bluetooth stack did not correctly check\n that device name strings were NULL terminated. A local attacker could\n exploit this to crash the system, leading to a denial of service, or leak\n contents of kernel stack memory, leading to a loss of privacy.\n (CVE-2011-1079)\n\n Vasiliy Kulikov discovered that bridge network filtering did not check that\n name fields were NULL terminated. A local attacker could exploit this to\n leak contents of kernel stack memory, leading to a loss of privacy.\n (CVE-2011-1080)\n\n Peter Huewe discovered that the TPM device did not correctly initialize\n memory. A local attacker could exploit this to read kernel heap memory\n contents, leading to a loss of privacy. (CVE-2011-1160)\n\n Vasiliy Kulikov discovered that the netfilter code did not check certain\n strings copied from userspace. A local attacker with netfilter access could\n exploit this to read kernel memory or crash the system, leading to a denial\n of service. (CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, CVE-2011-2534)\n\n Vasiliy Kulikov discovered that the Acorn Universal Networking driver did\n not correctly initialize memory. A remote attacker could send specially\n crafted traffic to read kernel stack memory, leading to a loss of privacy.\n (CVE-2011-1173)\n\n Dan Rosenberg discovered that the IRDA subsystem did not correctly check\n certain field sizes. If a system was using IRDA, a remote attacker could\n send specially crafted traffic to crash the system or gain root privileges.\n (CVE-2011-1180)\n\n Julien Tinnes discovered that the kernel d ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-1209-omap4\", ver:\"2.6.38-1209.15\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2017-12-04T11:27:24", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1212-1", "cvss3": {}, "published": "2011-09-23T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-ti-omap4 USN-1212-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1017", "CVE-2011-2918", "CVE-2011-1746", "CVE-2011-1160", "CVE-2011-1078", "CVE-2011-2493", "CVE-2011-1494", "CVE-2011-1771", "CVE-2011-1598", "CVE-2011-2492", "CVE-2011-1173", "CVE-2011-2699", "CVE-2011-0463", "CVE-2011-2484", "CVE-2011-2022", "CVE-2011-1180", "CVE-2011-1079", "CVE-2011-1581", "CVE-2011-1770", "CVE-2011-1495", "CVE-2011-1833", "CVE-2011-1020", "CVE-2011-1593", "CVE-2011-1170", "CVE-2011-1172", "CVE-2011-1748", "CVE-2011-1171", "CVE-2011-1493", "CVE-2011-2689", "CVE-2011-2534", "CVE-2011-1745", "CVE-2011-1182", "CVE-2011-1080", "CVE-2011-1577"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840748", "href": "http://plugins.openvas.org/nasl.php?oid=840748", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1212_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for linux-ti-omap4 USN-1212-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Goldwyn Rodrigues discovered that the OCFS2 filesystem did not correctly\n clear memory when writing certain file holes. A local attacker could\n exploit this to read uninitialized data from the disk, leading to a loss of\n privacy. (CVE-2011-0463)\n\n Timo Warns discovered that the LDM disk partition handling code did not\n correctly handle certain values. By inserting a specially crafted disk\n device, a local attacker could exploit this to gain root privileges.\n (CVE-2011-1017)\n \n It was discovered that the /proc filesystem did not correctly handle\n permission changes when programs executed. A local attacker could hold open\n files to examine details about programs running with higher privileges,\n potentially increasing the chances of exploiting additional\n vulnerabilities. (CVE-2011-1020)\n \n Vasiliy Kulikov discovered that the Bluetooth stack did not correctly clear\n memory. A local attacker could exploit this to read kernel stack memory,\n leading to a loss of privacy. (CVE-2011-1078)\n \n Vasiliy Kulikov discovered that the Bluetooth stack did not correctly check\n that device name strings were NULL terminated. A local attacker could\n exploit this to crash the system, leading to a denial of service, or leak\n contents of kernel stack memory, leading to a loss of privacy.\n (CVE-2011-1079)\n \n Vasiliy Kulikov discovered that bridge network filtering did not check that\n name fields were NULL terminated. A local attacker could exploit this to\n leak contents of kernel stack memory, leading to a loss of privacy.\n (CVE-2011-1080)\n \n Peter Huewe discovered that the TPM device did not correctly initialize\n memory. A local attacker could exploit this to read kernel heap memory\n contents, leading to a loss of privacy. (CVE-2011-1160)\n \n Vasiliy Kulikov discovered that the netfilter code did not check certain\n strings copied from userspace. A local attacker with netfilter access could\n exploit this to read kernel memory or crash the system, leading to a denial\n of service. (CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, CVE-2011-2534)\n \n Vasiliy Kulikov discovered that the Acorn Universal Networking driver did\n not correctly initialize memory. A remote attacker could send specially\n crafted traffic to read kernel stack memory, leading to a loss of privacy.\n (CVE-2011-1173)\n \n Dan Rosenberg discovered that the IRDA subsystem did not correctly check\n certain field sizes. If a system was using IRDA, a remote attacker could\n send specially crafted traffic to crash the system or gain root privileges.\n (CVE-2011-1180)\n \n Julien Tinnes discovered that the kernel d ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1212-1\";\ntag_affected = \"linux-ti-omap4 on Ubuntu 11.04\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1212-1/\");\n script_id(840748);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-23 16:39:49 +0200 (Fri, 23 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"USN\", value: \"1212-1\");\n script_cve_id(\"CVE-2011-0463\", \"CVE-2011-1017\", \"CVE-2011-1020\", \"CVE-2011-1078\", \"CVE-2011-1079\", \"CVE-2011-1080\", \"CVE-2011-1160\", \"CVE-2011-1170\", \"CVE-2011-1171\", \"CVE-2011-1172\", \"CVE-2011-2534\", \"CVE-2011-1173\", \"CVE-2011-1180\", \"CVE-2011-1182\", \"CVE-2011-1493\", \"CVE-2011-1494\", \"CVE-2011-1495\", \"CVE-2011-1577\", \"CVE-2011-1581\", \"CVE-2011-1593\", \"CVE-2011-1598\", \"CVE-2011-1748\", \"CVE-2011-1745\", \"CVE-2011-2022\", \"CVE-2011-1746\", \"CVE-2011-1770\", \"CVE-2011-1771\", \"CVE-2011-1833\", \"CVE-2011-2484\", \"CVE-2011-2492\", \"CVE-2011-2493\", \"CVE-2011-2689\", \"CVE-2011-2699\", \"CVE-2011-2918\");\n script_name(\"Ubuntu Update for linux-ti-omap4 USN-1212-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-1209-omap4\", ver:\"2.6.38-1209.15\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2021-10-21T04:42:55", "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues:\n\n* A flaw was found in the way the Xen hypervisor implementation handled\ninstruction emulation during virtual machine exits. A malicious user-space\nprocess running in an SMP guest could trick the emulator into reading a\ndifferent instruction than the one that caused the virtual machine to exit.\nAn unprivileged guest user could trigger this flaw to crash the host. This\nonly affects systems with both an AMD x86 processor and the AMD\nVirtualization (AMD-V) extensions enabled. (CVE-2011-1780, Important)\n\n* A flaw allowed the tc_fill_qdisc() function in the Linux kernel's packet\nscheduler API implementation to be called on built-in qdisc structures. A\nlocal, unprivileged user could use this flaw to trigger a NULL pointer\ndereference, resulting in a denial of service. (CVE-2011-2525, Moderate)\n\n* A flaw was found in the way space was allocated in the Linux kernel's\nGlobal File System 2 (GFS2) implementation. If the file system was almost\nfull, and a local, unprivileged user made an fallocate() request, it could\nresult in a denial of service. Note: Setting quotas to prevent users from\nusing all available disk space would prevent exploitation of this flaw.\n(CVE-2011-2689, Moderate)\n\nThese updated kernel packages include a number of bug fixes and\nenhancements. Space precludes documenting all of these changes in this\nadvisory. Refer to the Red Hat Enterprise Linux 5.7 Technical Notes for\ninformation about the most significant bug fixes and enhancements included\nin this update:\n\nhttps://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/5.7_Technical_Notes/kernel.html#RHSA-2011-1065\n\nAll Red Hat Enterprise Linux 5 users are advised to install these updated\npackages, which correct these issues. The system must be rebooted for this\nupdate to take effect.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2011-07-21T00:00:00", "type": "redhat", "title": "(RHSA-2011:1065) Important: Red Hat Enterprise Linux 5.7 kernel security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1780", "CVE-2011-2525", "CVE-2011-2689"], "modified": "2017-09-08T08:07:11", "id": "RHSA-2011:1065", "href": "https://access.redhat.com/errata/RHSA-2011:1065", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-21T04:46:32", "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update includes backported fixes for two security issues. These issues\nonly affected users of Red Hat Enterprise Linux 5.6 Extended Update\nSupport, as they have already been addressed for users of Red Hat\nEnterprise Linux 5 in the 5.7 update, RHSA-2011:1065.\n\nThis update fixes the following security issues:\n\n* A flaw was found in the way the Xen hypervisor implementation handled\ninstruction emulation during virtual machine exits. A malicious user-space\nprocess running in an SMP guest could trick the emulator into reading a\ndifferent instruction than the one that caused the virtual machine to exit.\nAn unprivileged guest user could trigger this flaw to crash the host. This\nonly affects systems with both an AMD x86 processor and the AMD\nVirtualization (AMD-V) extensions enabled. (CVE-2011-1780, Important)\n\n* A flaw allowed the tc_fill_qdisc() function in the Linux kernel's packet\nscheduler API implementation to be called on built-in qdisc structures. A\nlocal, unprivileged user could use this flaw to trigger a NULL pointer\ndereference, resulting in a denial of service. (CVE-2011-2525, Moderate)\n\nThis update also fixes the following bugs:\n\n* A bug was found in the way the x86_emulate() function handled the IMUL\ninstruction in the Xen hypervisor. On systems without support for hardware\nassisted paging (HAP), such as those running CPUs that do not have support\nfor (or those that have it disabled) Intel Extended Page Tables (EPT) or\nAMD Virtualization (AMD-V) Rapid Virtualization Indexing (RVI), this bug\ncould cause fully-virtualized guests to crash or lead to silent memory\ncorruption. In reported cases, this issue occurred when booting\nfully-virtualized Red Hat Enterprise Linux 6.1 guests with memory cgroups\nenabled. (BZ#712884)\n\n* A bug in the way the ibmvscsi driver handled interrupts may have\nprevented automatic path recovery for multipath devices. This bug only\naffected 64-bit PowerPC systems. (BZ#720929)\n\n* The RHSA-2009:1243 update introduced a regression in the way file locking\non NFS (Network File System) was handled. This caused applications to hang\nif they made a lock request on a file on an NFS version 2 or 3 file system\nthat was mounted with the \"sec=krb5\" option. With this update, the original\nbehavior of using mixed RPC authentication flavors for NFS and locking\nrequests has been restored. (BZ#722854)\n\nUsers should upgrade to these updated packages, which contain backported\npatches to resolve these issues. The system must be rebooted for this\nupdate to take effect.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2011-08-16T00:00:00", "type": "redhat", "title": "(RHSA-2011:1163) Important: kernel security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1780", "CVE-2011-2525"], "modified": "2017-09-08T08:06:34", "id": "RHSA-2011:1163", "href": "https://access.redhat.com/errata/RHSA-2011:1163", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-19T20:41:03", "description": "The rhev-hypervisor package provides a Red Hat Enterprise Virtualization\nHypervisor ISO disk image. The Red Hat Enterprise Virtualization\nHypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor.\nIt includes everything necessary to run and manage virtual machines: A\nsubset of the Red Hat Enterprise Linux operating environment and the Red\nHat Enterprise Virtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for\nthe Intel 64 and AMD64 architectures with virtualization extensions.\n\nA flaw was found that allowed napi_reuse_skb() to be called on VLAN\n(virtual LAN) packets. An attacker on the local network could trigger this\nflaw by sending specially-crafted packets to a target system, possibly\ncausing a denial of service. (CVE-2011-1576)\n\nRed Hat would like to thank Ryan Sweat for reporting CVE-2011-1576.\n\nThis updated package provides updated components that include fixes for\nsecurity issues; however, these issues have no security impact for Red Hat\nEnterprise Virtualization Hypervisor. These fixes are for bash issue\nCVE-2008-5374; curl issue CVE-2011-2192; kernel issues CVE-2010-4649,\nCVE-2011-0695, CVE-2011-0711, CVE-2011-1044, CVE-2011-1182, CVE-2011-1573,\nCVE-2011-1593, CVE-2011-1745, CVE-2011-1746, CVE-2011-1776, CVE-2011-1780,\nCVE-2011-1936, CVE-2011-2022, CVE-2011-2213, CVE-2011-2492, CVE-2011-2525,\nand CVE-2011-2689; libvirt issue CVE-2011-2511; and rsync issue\nCVE-2007-6200.\n\nThis update also fixes several bugs. Documentation for these bug fixes will\nbe available shortly from the Technical Notes document linked to in the\nReferences section.\n\nAs Red Hat Enterprise Virtualization Hypervisor is based on KVM, the bug\nfixes from the KVM update RHBA-2011:1068 have been included in this update:\n\nhttps://rhn.redhat.com/errata/RHBA-2011-1068.html\n\nUsers of Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to this updated package, which resolves this issue and fixes the\nbugs noted in the Technical Notes.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2011-07-27T00:00:00", "type": "redhat", "title": "(RHSA-2011:1090) Moderate: rhev-hypervisor security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6200", "CVE-2008-5374", "CVE-2010-4649", "CVE-2011-0695", "CVE-2011-0711", "CVE-2011-1044", "CVE-2011-1182", "CVE-2011-1573", "CVE-2011-1576", "CVE-2011-1593", "CVE-2011-1745", "CVE-2011-1746", "CVE-2011-1776", "CVE-2011-1780", "CVE-2011-1936", "CVE-2011-2022", "CVE-2011-2192", "CVE-2011-2213", "CVE-2011-2492", "CVE-2011-2511", "CVE-2011-2525", "CVE-2011-2689"], "modified": "2019-03-22T19:43:59", "id": "RHSA-2011:1090", "href": "https://access.redhat.com/errata/RHSA-2011:1090", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-19T18:39:54", "description": "Security issues:\n\n* Using PCI passthrough without interrupt remapping support allowed KVM\nguests to generate MSI interrupts and thus potentially inject traps. A\nprivileged guest user could use this flaw to crash the host or possibly\nescalate their privileges on the host. The fix for this issue can prevent\nPCI passthrough working and guests starting. Refer to Red Hat Bugzilla bug\n715555 for details. (CVE-2011-1898, Important)\n\n* Flaw in the client-side NLM implementation could allow a local,\nunprivileged user to cause a denial of service. (CVE-2011-2491, Important)\n\n* Integer underflow in the Bluetooth implementation could allow a remote\nattacker to cause a denial of service or escalate their privileges by\nsending a specially-crafted request to a target system via Bluetooth.\n(CVE-2011-2497, Important)\n\n* Buffer overflows in the netlink-based wireless configuration interface\nimplementation could allow a local user, who has the CAP_NET_ADMIN\ncapability, to cause a denial of service or escalate their privileges on\nsystems that have an active wireless interface. (CVE-2011-2517, Important)\n\n* Flaw in the way the maximum file offset was handled for ext4 file systems\ncould allow a local, unprivileged user to cause a denial of service.\n(CVE-2011-2695, Important)\n\n* Flaw allowed napi_reuse_skb() to be called on VLAN packets. An attacker\non the local network could use this flaw to send crafted packets to a\ntarget, possibly causing a denial of service. (CVE-2011-1576, Moderate)\n\n* Integer signedness error in next_pidmap() could allow a local,\nunprivileged user to cause a denial of service. (CVE-2011-1593, Moderate)\n\n* Race condition in the memory merging support (KSM) could allow a local,\nunprivileged user to cause a denial of service. KSM is off by default, but\non systems running VDSM, or on KVM hosts, it is likely turned on by the\nksm/ksmtuned services. (CVE-2011-2183, Moderate)\n\n* Flaw in inet_diag_bc_audit() could allow a local, unprivileged user to\ncause a denial of service. (CVE-2011-2213, Moderate)\n\n* Flaw in the way space was allocated in the Global File System 2 (GFS2)\nimplementation. If the file system was almost full, and a local,\nunprivileged user made an fallocate() request, it could result in a denial\nof service. Setting quotas to prevent users from using all available disk\nspace would prevent exploitation of this flaw. (CVE-2011-2689, Moderate)\n\n* Local, unprivileged users could send signals via the sigqueueinfo system\ncall, with si_code set to SI_TKILL and with spoofed process and user IDs,\nto other processes. This flaw does not allow existing permission checks to\nbe bypassed; signals can only be sent if your privileges allow you to\nalready do so. (CVE-2011-1182, Low)\n\n* Heap overflow in the EFI GUID Partition Table (GPT) implementation could\nallow a local attacker to cause a denial of service by mounting a disk\ncontaining crafted partition tables. (CVE-2011-1776, Low)\n\n* Structure padding in two structures in the Bluetooth implementation was\nnot initialized properly before being copied to user-space, possibly\nallowing local, unprivileged users to leak kernel stack memory to\nuser-space. (CVE-2011-2492, Low)\n\n* /proc/[PID]/io is world-readable by default. Previously, these files\ncould be read without any further restrictions. A local, unprivileged user\ncould read these files, belonging to other, possibly privileged processes\nto gather confidential information, such as the length of a password used\nin a process. (CVE-2011-2495, Low)\n\nRed Hat would like to thank Vasily Averin for reporting CVE-2011-2491; Dan\nRosenberg for reporting CVE-2011-2497 and CVE-2011-2213; Ryan Sweat for\nreporting CVE-2011-1576; Robert Swiecki for reporting CVE-2011-1593; Andrea\nRighi for reporting CVE-2011-2183; Julien Tinnes of the Google Security\nTeam for reporting CVE-2011-1182; Timo Warns for reporting CVE-2011-1776;\nMarek Kroemeke and Filip Palian for reporting CVE-2011-2492; and Vasiliy\nKulikov of Openwall for reporting CVE-2011-2495.\n", "cvss3": {"exploitabilityScore": 0.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.2}, "published": "2011-08-23T00:00:00", "type": "redhat", "title": "(RHSA-2011:1189) Important: kernel security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1182", "CVE-2011-1576", "CVE-2011-1593", "CVE-2011-1776", "CVE-2011-1898", "CVE-2011-2183", "CVE-2011-2213", "CVE-2011-2491", "CVE-2011-2492", "CVE-2011-2495", "CVE-2011-2497", "CVE-2011-2517", "CVE-2011-2689", "CVE-2011-2695"], "modified": "2018-06-06T16:24:23", "id": "RHSA-2011:1189", "href": "https://access.redhat.com/errata/RHSA-2011:1189", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2023-01-01T04:46:57", "description": "**CentOS Errata and Security Advisory** CESA-2011:1065\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues:\n\n* A flaw was found in the way the Xen hypervisor implementation handled\ninstruction emulation during virtual machine exits. A malicious user-space\nprocess running in an SMP guest could trick the emulator into reading a\ndifferent instruction than the one that caused the virtual machine to exit.\nAn unprivileged guest user could trigger this flaw to crash the host. This\nonly affects systems with both an AMD x86 processor and the AMD\nVirtualization (AMD-V) extensions enabled. (CVE-2011-1780, Important)\n\n* A flaw allowed the tc_fill_qdisc() function in the Linux kernel's packet\nscheduler API implementation to be called on built-in qdisc structures. A\nlocal, unprivileged user could use this flaw to trigger a NULL pointer\ndereference, resulting in a denial of service. (CVE-2011-2525, Moderate)\n\n* A flaw was found in the way space was allocated in the Linux kernel's\nGlobal File System 2 (GFS2) implementation. If the file system was almost\nfull, and a local, unprivileged user made an fallocate() request, it could\nresult in a denial of service. Note: Setting quotas to prevent users from\nusing all available disk space would prevent exploitation of this flaw.\n(CVE-2011-2689, Moderate)\n\nThese updated kernel packages include a number of bug fixes and\nenhancements. Space precludes documenting all of these changes in this\nadvisory. Refer to the Red Hat Enterprise Linux 5.7 Technical Notes for\ninformation about the most significant bug fixes and enhancements included\nin this update:\n\nhttps://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/5.7_Technical_Notes/kernel.html#RHSA-2011-1065\n\nAll Red Hat Enterprise Linux 5 users are advised to install these updated\npackages, which correct these issues. The system must be rebooted for this\nupdate to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2011-September/067339.html\nhttps://lists.centos.org/pipermail/centos-announce/2011-September/067340.html\nhttps://lists.centos.org/pipermail/centos-cr-announce/2011-September/019646.html\nhttps://lists.centos.org/pipermail/centos-cr-announce/2011-September/019647.html\n\n**Affected packages:**\nkernel\nkernel-PAE\nkernel-PAE-devel\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-headers\nkernel-xen\nkernel-xen-devel\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2011:1065", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2011-09-01T16:11:24", "type": "centos", "title": "kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1780", "CVE-2011-2525", "CVE-2011-2689"], "modified": "2011-09-22T10:00:51", "id": "CESA-2011:1065", "href": "https://lists.centos.org/pipermail/centos-cr-announce/2011-September/019646.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntucve": [{"lastseen": "2022-08-04T14:22:50", "description": "The instruction emulation in Xen 3.0.3 allows local SMP guest users to\ncause a denial of service (host crash) by replacing the instruction that\ncauses the VM to exit in one thread with a different instruction in a\ndifferent thread.\n\n#### Bugs\n\n * <https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-1780>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | didn't affect upstream xen\n", "cvss3": {}, "published": "2014-01-07T00:00:00", "type": "ubuntucve", "title": "CVE-2011-1780", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 6.1, "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1780"], "modified": "2014-01-07T00:00:00", "id": "UB:CVE-2011-1780", "href": "https://ubuntu.com/security/CVE-2011-1780", "cvss": {"score": 6.1, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-08-04T14:32:59", "description": "The gfs2_fallocate function in fs/gfs2/file.c in the Linux kernel before\n3.0-rc1 does not ensure that the size of a chunk allocation is a multiple\nof the block size, which allows local users to cause a denial of service\n(BUG and system crash) by arranging for all resource groups to have too\nlittle free space.\n\n#### Bugs\n\n * <https://launchpad.net/bugs/819572>\n", "cvss3": {}, "published": "2011-07-28T00:00:00", "type": "ubuntucve", "title": "CVE-2011-2689", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2689"], "modified": "2011-07-28T00:00:00", "id": "UB:CVE-2011-2689", "href": "https://ubuntu.com/security/CVE-2011-2689", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-08-04T14:32:15", "description": "The qdisc_notify function in net/sched/sch_api.c in the Linux kernel before\n2.6.35 does not prevent tc_fill_qdisc function calls referencing builtin\n(aka CQ_F_BUILTIN) Qdisc structures, which allows local users to cause a\ndenial of service (NULL pointer dereference and OOPS) or possibly have\nunspecified other impact via a crafted call.\n\n#### Bugs\n\n * <https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2525>\n * <https://launchpad.net/bugs/869250>\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2011-10-06T00:00:00", "type": "ubuntucve", "title": "CVE-2011-2525", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2525"], "modified": "2011-10-06T00:00:00", "id": "UB:CVE-2011-2525", "href": "https://ubuntu.com/security/CVE-2011-2525", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2022-03-23T11:59:06", "description": "The instruction emulation in Xen 3.0.3 allows local SMP guest users to cause a denial of service (host crash) by replacing the instruction that causes the VM to exit in one thread with a different instruction in a different thread.", "cvss3": {}, "published": "2014-01-07T19:55:00", "type": "cve", "title": "CVE-2011-1780", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 6.1, "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1780"], "modified": "2014-01-08T17:46:00", "cpe": ["cpe:/o:xen:xen:3.0.3"], "id": "CVE-2011-1780", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1780", "cvss": {"score": 6.1, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:xen:xen:3.0.3:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:14:21", "description": "The gfs2_fallocate function in fs/gfs2/file.c in the Linux kernel before 3.0-rc1 does not ensure that the size of a chunk allocation is a multiple of the block size, which allows local users to cause a denial of service (BUG and system crash) by arranging for all resource groups to have too little free space.", "cvss3": {}, "published": "2011-07-28T22:55:00", "type": "cve", "title": "CVE-2011-2689", "cwe": ["CWE-400"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2689"], "modified": "2020-07-31T19:53:00", "cpe": ["cpe:/o:redhat:enterprise_linux_desktop:5.0", "cpe:/o:linux:linux_kernel:3.0", "cpe:/o:redhat:enterprise_linux_server:5.0", "cpe:/o:redhat:enterprise_linux_workstation:5.0"], "id": "CVE-2011-2689", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2689", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:3.0:-:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc1:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:11:55", "description": "The qdisc_notify function in net/sched/sch_api.c in the Linux kernel before 2.6.35 does not prevent tc_fill_qdisc function calls referencing builtin (aka CQ_F_BUILTIN) Qdisc structures, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via a crafted call.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2012-02-02T04:09:00", "type": "cve", "title": "CVE-2011-2525", "cwe": ["CWE-476"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2525"], "modified": "2020-08-04T15:13:00", "cpe": ["cpe:/o:redhat:enterprise_linux:4.0"], "id": "CVE-2011-2525", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2525", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux:4.0:*:*:*:*:*:*:*"]}], "veracode": [{"lastseen": "2022-07-27T10:18:14", "description": "kernel is vulnerable to denial of service. A flaw was found in the way the Xen hypervisor implementation handled instruction emulation during virtual machine exits. A malicious user-space process running in an SMP guest could trick the emulator into reading a different instruction than the one that caused the virtual machine to exit. An unprivileged guest user could trigger this flaw to crash the host. This only affects systems with both an AMD x86 processor and the AMD Virtualization (AMD-V) extensions enabled. \n", "cvss3": {}, "published": "2020-04-10T01:01:50", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 6.1, "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1780"], "modified": "2022-04-19T18:23:37", "id": "VERACODE:24694", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-24694/summary", "cvss": {"score": 6.1, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-07-27T10:32:10", "description": "kernel is vulnerable to denial of service (DoS). The vulnerability exists as a flaw was found in the way space was allocated in the Linux kernel's Global File System 2 (GFS2) implementation. If the file system was almost full, and a local, unprivileged user made an fallocate() request, it could result in a denial of service. Note: Setting quotas to prevent users from using all available disk space would prevent exploitation of this flaw.\n", "cvss3": {}, "published": "2020-04-10T01:05:39", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2689"], "modified": "2020-04-21T06:27:06", "id": "VERACODE:24797", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-24797/summary", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-07-27T10:11:52", "description": "kernel is vulnerable to denial of service. A flaw allowed the tc_fill_qdisc() function in the Linux kernel's packet scheduler API implementation to be called on built-in qdisc structures. A local, unprivileged user could use this flaw to trigger a NULL pointer dereference, resulting in a denial of service.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-04-10T01:01:52", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2525"], "modified": "2020-04-21T07:18:59", "id": "VERACODE:24695", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-24695/summary", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "seebug": [{"lastseen": "2017-11-19T18:01:10", "description": "CVE ID: CVE-2011-2689\r\n\r\nLinux Kernel\u662fLinux\u64cd\u4f5c\u7cfb\u7edf\u7684\u5185\u6838\u3002\r\n\r\nLinux Kernel\u5728 &quot;gfs2_fallocate()&quot;\u51fd\u6570\u7684\u5b9e\u73b0\u4e0a\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u6076\u610f\u672c\u5730\u7528\u6237\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002\r\n\r\n\u6b64\u6f0f\u6d1e\u6e90\u4e8efs/gfs2/file.c\u4e2d\u7684&quot;gfs2_fallocate()&quot;\u51fd\u6570\u6ca1\u6709\u6b63\u786e\u786e\u4fdd\u534f\u8c03\u597d\u4e86\u5df2\u5206\u914d\u7684\u5b57\u8282\uff0c\u53ef\u88ab\u5229\u7528\u9020\u6210&quot;BUG()&quot;\u3002\n\nLinux kernel 2.6.x\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nLinux\r\n-----\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://www.kernel.org/", "published": "2011-07-17T00:00:00", "title": "Linux Kernel GFS2 &quot;gfs2_fallocate()&quot; \u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2011-2689"], "modified": "2011-07-17T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-20738", "id": "SSV:20738", "sourceData": "", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "sourceHref": ""}, {"lastseen": "2017-11-19T18:00:24", "description": "BUGTRAQ ID: 48641\r\nCVE ID: CVE-2011-2525\r\n\r\nLinux Kernel\u662fLinux\u64cd\u4f5c\u7cfb\u7edf\u7684\u5185\u6838\u3002\r\n\r\nLinux Kernel\u5728qdisc_dev()\u5f15\u7528\u7684\u5b9e\u73b0\u4e0a\u5b58\u5728\u8fdc\u7a0b\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u9020\u6210\u5185\u6838\u5d29\u6e83\u3002\r\n\r\n\u4e0d\u5e94\u4e3a\u5185\u5efaqdisc\u8c03\u7528tc_fill_qdisc()\u6216\u4f7f\u5176\u5f15\u7528\u7a7a\u6307\u9488\u4ee5\u83b7\u53d6\u8bbe\u5907ifindex\u3002\n\nLinux kernel 2.6.x\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nLinux\r\n-----\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://www.kernel.org/", "published": "2011-08-18T00:00:00", "title": "Linux Kernel OOPS &quot;qdisc_dev()&quot;\u5f15\u7528\u8fdc\u7a0b\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2011-2525"], "modified": "2011-08-18T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-20865", "id": "SSV:20865", "sourceData": "", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": ""}], "ubuntu": [{"lastseen": "2023-01-26T13:38:00", "description": "## Releases\n\n * Ubuntu 10.04 \n\n## Packages\n\n * linux \\- Linux kernel\n\nVasily Averin discovered that the NFS Lock Manager (NLM) incorrectly \nhandled unlock requests. A local attacker could exploit this to cause a \ndenial of service. (CVE-2011-2491)\n\nRobert Swiecki discovered that mapping extensions were incorrectly handled. \nA local attacker could exploit this to crash the system, leading to a \ndenial of service. (CVE-2011-2496)\n\nIt was discovered that the wireless stack incorrectly verified SSID \nlengths. A local attacker could exploit this to cause a denial of service \nor gain root privileges. (CVE-2011-2517)\n\nBen Pfaff discovered that Classless Queuing Disciplines (qdiscs) were being \nincorrectly handled. A local attacker could exploit this to crash the \nsystem, leading to a denial of service. (CVE-2011-2525)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2011-12-03T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2491", "CVE-2011-2496", "CVE-2011-2517", "CVE-2011-2525"], "modified": "2011-12-03T00:00:00", "id": "USN-1286-1", "href": "https://ubuntu.com/security/notices/USN-1286-1", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-26T13:38:05", "description": "## Releases\n\n * Ubuntu 10.10 \n\n## Packages\n\n * linux-mvl-dove \\- Linux kernel for DOVE\n\nVasily Averin discovered that the NFS Lock Manager (NLM) incorrectly \nhandled unlock requests. A local attacker could exploit this to cause a \ndenial of service. (CVE-2011-2491)\n\nRobert Swiecki discovered that mapping extensions were incorrectly handled. \nA local attacker could exploit this to crash the system, leading to a \ndenial of service. (CVE-2011-2496)\n\nIt was discovered that the wireless stack incorrectly verified SSID \nlengths. A local attacker could exploit this to cause a denial of service \nor gain root privileges. (CVE-2011-2517)\n\nBen Pfaff discovered that Classless Queuing Disciplines (qdiscs) were being \nincorrectly handled. A local attacker could exploit this to crash the \nsystem, leading to a denial of service. (CVE-2011-2525)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2011-11-21T00:00:00", "type": "ubuntu", "title": "Linux kernel (Marvell DOVE) vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2491", "CVE-2011-2496", "CVE-2011-2517", "CVE-2011-2525"], "modified": "2011-11-21T00:00:00", "id": "USN-1274-1", "href": "https://ubuntu.com/security/notices/USN-1274-1", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-26T13:38:07", "description": "## Releases\n\n * Ubuntu 10.04 \n\n## Packages\n\n * linux-ec2 \\- Linux kernel for EC2\n\nVasily Averin discovered that the NFS Lock Manager (NLM) incorrectly \nhandled unlock requests. A local attacker could exploit this to cause a \ndenial of service. (CVE-2011-2491)\n\nRobert Swiecki discovered that mapping extensions were incorrectly handled. \nA local attacker could exploit this to crash the system, leading to a \ndenial of service. (CVE-2011-2496)\n\nIt was discovered that the wireless stack incorrectly verified SSID \nlengths. A local attacker could exploit this to cause a denial of service \nor gain root privileges. (CVE-2011-2517)\n\nBen Pfaff discovered that Classless Queuing Disciplines (qdiscs) were being \nincorrectly handled. A local attacker could exploit this to crash the \nsystem, leading to a denial of service. (CVE-2011-2525)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2011-11-21T00:00:00", "type": "ubuntu", "title": "Linux kernel (EC2) vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2491", "CVE-2011-2496", "CVE-2011-2517", "CVE-2011-2525"], "modified": "2011-11-21T00:00:00", "id": "USN-1269-1", "href": "https://ubuntu.com/security/notices/USN-1269-1", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-26T13:38:08", "description": "## Releases\n\n * Ubuntu 8.04 \n\n## Packages\n\n * linux \\- Linux kernel\n\nIt was discovered that CIFS incorrectly handled authentication. When a user \nhad a CIFS share mounted that required authentication, a local user could \nmount the same share without knowing the correct password. (CVE-2011-1585)\n\nIt was discovered that the GRE protocol incorrectly handled netns \ninitialization. A remote attacker could send a packet while the ip_gre \nmodule was loading, and crash the system, leading to a denial of service. \n(CVE-2011-1767)\n\nIt was discovered that the IP/IP protocol incorrectly handled netns \ninitialization. A remote attacker could send a packet while the ipip module \nwas loading, and crash the system, leading to a denial of service. \n(CVE-2011-1768)\n\nVasily Averin discovered that the NFS Lock Manager (NLM) incorrectly \nhandled unlock requests. A local attacker could exploit this to cause a \ndenial of service. (CVE-2011-2491)\n\nRobert Swiecki discovered that mapping extensions were incorrectly handled. \nA local attacker could exploit this to crash the system, leading to a \ndenial of service. (CVE-2011-2496)\n\nBen Pfaff discovered that Classless Queuing Disciplines (qdiscs) were being \nincorrectly handled. A local attacker could exploit this to crash the \nsystem, leading to a denial of service. (CVE-2011-2525)\n\nYasuaki Ishimatsu discovered a flaw in the kernel's clock implementation. A \nlocal unprivileged attacker could exploit this causing a denial of service. \n(CVE-2011-3209)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2011-11-21T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1585", "CVE-2011-1767", "CVE-2011-1768", "CVE-2011-2491", "CVE-2011-2496", "CVE-2011-2525", "CVE-2011-3209"], "modified": "2011-11-21T00:00:00", "id": "USN-1268-1", "href": "https://ubuntu.com/security/notices/USN-1268-1", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-26T13:38:27", "description": "## Releases\n\n * Ubuntu 11.04 \n\n## Packages\n\n * linux \\- Linux kernel\n\nIt was discovered that the /proc filesystem did not correctly handle \npermission changes when programs executed. A local attacker could hold open \nfiles to examine details about programs running with higher privileges, \npotentially increasing the chances of exploiting additional \nvulnerabilities. (CVE-2011-1020)\n\nDan Rosenberg discovered that the X.25 Rose network stack did not correctly \nhandle certain fields. If a system was running with Rose enabled, a remote \nattacker could send specially crafted traffic to gain root privileges. \n(CVE-2011-1493)\n\nVasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not \ncorrectly check the origin of mount points. A local attacker could exploit \nthis to trick the system into unmounting arbitrary mount points, leading to \na denial of service. (CVE-2011-1833)\n\nIt was discovered that Bluetooth l2cap and rfcomm did not correctly \ninitialize structures. A local attacker could exploit this to read portions \nof the kernel stack, leading to a loss of privacy. (CVE-2011-2492)\n\nIt was discovered that GFS2 did not correctly check block sizes. A local \nattacker could exploit this to crash the system, leading to a denial of \nservice. (CVE-2011-2689)\n\nFernando Gont discovered that the IPv6 stack used predictable fragment \nidentification numbers. A remote attacker could exploit this to exhaust \nnetwork resources, leading to a denial of service. (CVE-2011-2699)\n\nThe performance counter subsystem did not correctly handle certain \ncounters. A local attacker could exploit this to crash the system, leading \nto a denial of service. (CVE-2011-2918)\n\nA flaw was found in the Linux kernel's /proc/_/_map* interface. A local, \nunprivileged user could exploit this flaw to cause a denial of service. \n(CVE-2011-3637)\n\nBen Hutchings discovered several flaws in the Linux Rose (X.25 PLP) layer. \nA local user or a remote user on an X.25 network could exploit these flaws \nto execute arbitrary code as root. (CVE-2011-4914)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2011-09-21T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1020", "CVE-2011-1493", "CVE-2011-1833", "CVE-2011-2492", "CVE-2011-2689", "CVE-2011-2699", "CVE-2011-2918", "CVE-2011-3637", "CVE-2011-4914"], "modified": "2011-09-21T00:00:00", "id": "USN-1211-1", "href": "https://ubuntu.com/security/notices/USN-1211-1", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-26T13:38:18", "description": "## Releases\n\n * Ubuntu 10.04 \n\n## Packages\n\n * linux-fsl-imx51 \\- Linux kernel for IMX51\n\nIt was discovered that the Stream Control Transmission Protocol (SCTP) \nimplementation incorrectly calculated lengths. If the net.sctp.addip_enable \nvariable was turned on, a remote attacker could send specially crafted \ntraffic to crash the system. (CVE-2011-1573)\n\nRyan Sweat discovered that the kernel incorrectly handled certain VLAN \npackets. On some systems, a remote attacker could send specially crafted \ntraffic to crash the system, leading to a denial of service. \n(CVE-2011-1576)\n\nTimo Warns discovered that the EFI GUID partition table was not correctly \nparsed. A physically local attacker that could insert mountable devices \ncould exploit this to crash the system or possibly gain root privileges. \n(CVE-2011-1776)\n\nDan Rosenberg discovered that the IPv4 diagnostic routines did not \ncorrectly validate certain requests. A local attacker could exploit this to \nconsume CPU resources, leading to a denial of service. (CVE-2011-2213)\n\nVasiliy Kulikov discovered that taskstats did not enforce access \nrestrictions. A local attacker could exploit this to read certain \ninformation, leading to a loss of privacy. (CVE-2011-2494)\n\nVasiliy Kulikov discovered that /proc/PID/io did not enforce access \nrestrictions. A local attacker could exploit this to read certain \ninformation, leading to a loss of privacy. (CVE-2011-2495)\n\nRobert Swiecki discovered that mapping extensions were incorrectly handled. \nA local attacker could exploit this to crash the system, leading to a \ndenial of service. (CVE-2011-2496)\n\nDan Rosenberg discovered that the Bluetooth stack incorrectly handled \ncertain L2CAP requests. If a system was using Bluetooth, a remote attacker \ncould send specially crafted traffic to crash the system or gain root \nprivileges. (CVE-2011-2497)\n\nIt was discovered that the wireless stack incorrectly verified SSID \nlengths. A local attacker could exploit this to cause a denial of service \nor gain root privileges. (CVE-2011-2517)\n\nBen Pfaff discovered that Classless Queuing Disciplines (qdiscs) were being \nincorrectly handled. A local attacker could exploit this to crash the \nsystem, leading to a denial of service. (CVE-2011-2525)\n\nIt was discovered that the EXT4 filesystem contained multiple off-by-one \nflaws. A local attacker could exploit this to crash the system, leading to \na denial of service. (CVE-2011-2695)\n\nHerbert Xu discovered that certain fields were incorrectly handled when \nGeneric Receive Offload (CVE-2011-2723)\n\nChristian Ohm discovered that the perf command looks for configuration \nfiles in the current directory. If a privileged user were tricked into \nrunning perf in a directory containing a malicious configuration file, an \nattacker could run arbitrary commands and possibly gain privileges. \n(CVE-2011-2905)\n\nVasiliy Kulikov discovered that the Comedi driver did not correctly clear \nmemory. A local attacker could exploit this to read kernel stack memory, \nleading to a loss of privacy. (CVE-2011-2909)\n\nTime Warns discovered that long symlinks were incorrectly handled on Be \nfilesystems. A local attacker could exploit this with a malformed Be \nfilesystem and crash the system, leading to a denial of service. \n(CVE-2011-2928)\n\nDan Kaminsky discovered that the kernel incorrectly handled random sequence \nnumber generation. An attacker could use this flaw to possibly predict \nsequence numbers and inject packets. (CVE-2011-3188)\n\nDarren Lavender discovered that the CIFS client incorrectly handled certain \nlarge values. A remote attacker with a malicious server could exploit this \nto crash the system or possibly execute arbitrary code as the root user. \n(CVE-2011-3191)\n\nYogesh Sharma discovered that CIFS did not correctly handle UNCs that had \nno prefixpaths. A local attacker with access to a CIFS partition could \nexploit this to crash the system, leading to a denial of service. \n(CVE-2011-3363)\n\nGideon Naim discovered a flaw in the Linux kernel's handling VLAN 0 frames. \nAn attacker on the local network could exploit this flaw to cause a denial \nof service. (CVE-2011-3593)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2011-10-25T00:00:00", "type": "ubuntu", "title": "Linux kernel (i.MX51) vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1573", "CVE-2011-1576", "CVE-2011-1776", "CVE-2011-2213", "CVE-2011-2494", "CVE-2011-2495", "CVE-2011-2496", "CVE-2011-2497", "CVE-2011-2517", "CVE-2011-2525", "CVE-2011-2695", "CVE-2011-2723", "CVE-2011-2905", "CVE-2011-2909", "CVE-2011-2928", "CVE-2011-3188", "CVE-2011-3191", "CVE-2011-3363", "CVE-2011-3593"], "modified": "2011-10-25T00:00:00", "id": "USN-1241-1", "href": "https://ubuntu.com/security/notices/USN-1241-1", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-26T13:38:14", "description": "## Releases\n\n * Ubuntu 10.04 \n\n## Packages\n\n * linux-lts-backport-natty \\- Linux kernel backport from Natty\n\nIt was discovered that the /proc filesystem did not correctly handle \npermission changes when programs executed. A local attacker could hold open \nfiles to examine details about programs running with higher privileges, \npotentially increasing the chances of exploiting additional \nvulnerabilities. (CVE-2011-1020)\n\nVasiliy Kulikov discovered that the Bluetooth stack did not correctly clear \nmemory. A local attacker could exploit this to read kernel stack memory, \nleading to a loss of privacy. (CVE-2011-1078)\n\nVasiliy Kulikov discovered that the Bluetooth stack did not correctly check \nthat device name strings were NULL terminated. A local attacker could \nexploit this to crash the system, leading to a denial of service, or leak \ncontents of kernel stack memory, leading to a loss of privacy. \n(CVE-2011-1079)\n\nVasiliy Kulikov discovered that bridge network filtering did not check that \nname fields were NULL terminated. A local attacker could exploit this to \nleak contents of kernel stack memory, leading to a loss of privacy. \n(CVE-2011-1080)\n\nJohan Hovold discovered that the DCCP network stack did not correctly \nhandle certain packet combinations. A remote attacker could send specially \ncrafted network traffic that would crash the system, leading to a denial of \nservice. (CVE-2011-1093)\n\nPeter Huewe discovered that the TPM device did not correctly initialize \nmemory. A local attacker could exploit this to read kernel heap memory \ncontents, leading to a loss of privacy. (CVE-2011-1160)\n\nDan Rosenberg discovered that the IRDA subsystem did not correctly check \ncertain field sizes. If a system was using IRDA, a remote attacker could \nsend specially crafted traffic to crash the system or gain root privileges. \n(CVE-2011-1180)\n\nRyan Sweat discovered that the GRO code did not correctly validate memory. \nIn some configurations on systems using VLANs, a remote attacker could send \nspecially crafted traffic to crash the system, leading to a denial of \nservice. (CVE-2011-1478)\n\nIt was discovered that the security fix for CVE-2010-4250 introduced a \nregression. A remote attacker could exploit this to crash the system, \nleading to a denial of service. (CVE-2011-1479)\n\nDan Rosenberg discovered that the X.25 Rose network stack did not correctly \nhandle certain fields. If a system was running with Rose enabled, a remote \nattacker could send specially crafted traffic to gain root privileges. \n(CVE-2011-1493)\n\nIt was discovered that the Stream Control Transmission Protocol (SCTP) \nimplementation incorrectly calculated lengths. If the net.sctp.addip_enable \nvariable was turned on, a remote attacker could send specially crafted \ntraffic to crash the system. (CVE-2011-1573)\n\nRyan Sweat discovered that the kernel incorrectly handled certain VLAN \npackets. On some systems, a remote attacker could send specially crafted \ntraffic to crash the system, leading to a denial of service. \n(CVE-2011-1576)\n\nTimo Warns discovered that the GUID partition parsing routines did not \ncorrectly validate certain structures. A local attacker with physical \naccess could plug in a specially crafted block device to crash the system, \nleading to a denial of service. (CVE-2011-1577)\n\nPhil Oester discovered that the network bonding system did not correctly \nhandle large queues. On some systems, a remote attacker could send \nspecially crafted traffic to crash the system, leading to a denial of \nservice. (CVE-2011-1581)\n\nIt was discovered that CIFS incorrectly handled authentication. When a user \nhad a CIFS share mounted that required authentication, a local user could \nmount the same share without knowing the correct password. (CVE-2011-1585)\n\nIt was discovered that the GRE protocol incorrectly handled netns \ninitialization. A remote attacker could send a packet while the ip_gre \nmodule was loading, and crash the system, leading to a denial of service. \n(CVE-2011-1767)\n\nIt was discovered that the IP/IP protocol incorrectly handled netns \ninitialization. A remote attacker could send a packet while the ipip module \nwas loading, and crash the system, leading to a denial of service. \n(CVE-2011-1768)\n\nBen Greear discovered that CIFS did not correctly handle direct I/O. A \nlocal attacker with access to a CIFS partition could exploit this to crash \nthe system, leading to a denial of service. (CVE-2011-1771)\n\nTimo Warns discovered that the EFI GUID partition table was not correctly \nparsed. A physically local attacker that could insert mountable devices \ncould exploit this to crash the system or possibly gain root privileges. \n(CVE-2011-1776)\n\nVasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not \ncorrectly check the origin of mount points. A local attacker could exploit \nthis to trick the system into unmounting arbitrary mount points, leading to \na denial of service. (CVE-2011-1833)\n\nBen Hutchings reported a flaw in the kernel's handling of corrupt LDM \npartitions. A local user could exploit this to cause a denial of service or \nescalate privileges. (CVE-2011-2182)\n\nDan Rosenberg discovered that the IPv4 diagnostic routines did not \ncorrectly validate certain requests. A local attacker could exploit this to \nconsume CPU resources, leading to a denial of service. (CVE-2011-2213)\n\nIt was discovered that an mmap() call with the MAP_PRIVATE flag on \n\"/dev/zero\" was incorrectly handled. A local attacker could exploit this to \ncrash the system, leading to a denial of service. (CVE-2011-2479)\n\nVasiliy Kulikov discovered that taskstats listeners were not correctly \nhandled. A local attacker could expoit this to exhaust memory and CPU \nresources, leading to a denial of service. (CVE-2011-2484)\n\nIt was discovered that Bluetooth l2cap and rfcomm did not correctly \ninitialize structures. A local attacker could exploit this to read portions \nof the kernel stack, leading to a loss of privacy. (CVE-2011-2492)\n\nSami Liedes discovered that ext4 did not correctly handle missing root \ninodes. A local attacker could trigger the mount of a specially crafted \nfilesystem to cause the system to crash, leading to a denial of service. \n(CVE-2011-2493)\n\nRobert Swiecki discovered that mapping extensions were incorrectly handled. \nA local attacker could exploit this to crash the system, leading to a \ndenial of service. (CVE-2011-2496)\n\nDan Rosenberg discovered that the Bluetooth stack incorrectly handled \ncertain L2CAP requests. If a system was using Bluetooth, a remote attacker \ncould send specially crafted traffic to crash the system or gain root \nprivileges. (CVE-2011-2497)\n\nBen Pfaff discovered that Classless Queuing Disciplines (qdiscs) were being \nincorrectly handled. A local attacker could exploit this to crash the \nsystem, leading to a denial of service. (CVE-2011-2525)\n\nIt was discovered that GFS2 did not correctly check block sizes. A local \nattacker could exploit this to crash the system, leading to a denial of \nservice. (CVE-2011-2689)\n\nIt was discovered that the EXT4 filesystem contained multiple off-by-one \nflaws. A local attacker could exploit this to crash the system, leading to \na denial of service. (CVE-2011-2695)\n\nFernando Gont discovered that the IPv6 stack used predictable fragment \nidentification numbers. A remote attacker could exploit this to exhaust \nnetwork resources, leading to a denial of service. (CVE-2011-2699)\n\nMauro Carvalho Chehab discovered that the si4713 radio driver did not \ncorrectly check the length of memory copies. If this hardware was \navailable, a local attacker could exploit this to crash the system or gain \nroot privileges. (CVE-2011-2700)\n\nHerbert Xu discovered that certain fields were incorrectly handled when \nGeneric Receive Offload (CVE-2011-2723)\n\nThe performance counter subsystem did not correctly handle certain \ncounters. A local attacker could exploit this to crash the system, leading \nto a denial of service. (CVE-2011-2918)\n\nTime Warns discovered that long symlinks were incorrectly handled on Be \nfilesystems. A local attacker could exploit this with a malformed Be \nfilesystem and crash the system, leading to a denial of service. \n(CVE-2011-2928)\n\nQianfeng Zhang discovered that the bridge networking interface incorrectly \nhandled certain network packets. A remote attacker could exploit this to \ncrash the system, leading to a denial of service. (CVE-2011-2942)\n\nDan Kaminsky discovered that the kernel incorrectly handled random sequence \nnumber generation. An attacker could use this flaw to possibly predict \nsequence numbers and inject packets. (CVE-2011-3188)\n\nDarren Lavender discovered that the CIFS client incorrectly handled certain \nlarge values. A remote attacker with a malicious server could exploit this \nto crash the system or possibly execute arbitrary code as the root user. \n(CVE-2011-3191)\n\nYasuaki Ishimatsu discovered a flaw in the kernel's clock implementation. A \nlocal unprivileged attacker could exploit this causing a denial of service. \n(CVE-2011-3209)\n\nYogesh Sharma discovered that CIFS did not correctly handle UNCs that had \nno prefixpaths. A local attacker with access to a CIFS partition could \nexploit this to crash the system, leading to a denial of service. \n(CVE-2011-3363)\n\nA flaw was discovered in the Linux kernel's AppArmor security interface \nwhen invalid information was written to it. An unprivileged local user \ncould use this to cause a denial of service on the system. (CVE-2011-3619)\n\nA flaw was found in the Linux kernel's /proc/_/_map* interface. A local, \nunprivileged user could exploit this flaw to cause a denial of service. \n(CVE-2011-3637)\n\nScot Doyle discovered that the bridge networking interface incorrectly \nhandled certain network packets. A remote attacker could exploit this to \ncrash the system, leading to a denial of service. (CVE-2011-4087)\n\nA bug was found in the way headroom check was performed in \nudp6_ufo_fragment() function. A remote attacker could use this flaw to \ncrash the system. (CVE-2011-4326)\n\nBen Hutchings discovered several flaws in the Linux Rose (X.25 PLP) layer. \nA local user or a remote user on an X.25 network could exploit these flaws \nto execute arbitrary code as root. (CVE-2011-4914)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2011-11-09T00:00:00", "type": "ubuntu", "title": "Linux kernel (Natty backport) vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 8.5, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-4250", "CVE-2011-1020", "CVE-2011-1078", "CVE-2011-1079", "CVE-2011-1080", "CVE-2011-1093", "CVE-2011-1160", "CVE-2011-1180", "CVE-2011-1478", "CVE-2011-1479", "CVE-2011-1493", "CVE-2011-1573", "CVE-2011-1576", "CVE-2011-1577", "CVE-2011-1581", "CVE-2011-1585", "CVE-2011-1767", "CVE-2011-1768", "CVE-2011-1771", "CVE-2011-1776", "CVE-2011-1833", "CVE-2011-2182", "CVE-2011-2213", "CVE-2011-2479", "CVE-2011-2484", "CVE-2011-2492", "CVE-2011-2493", "CVE-2011-2496", "CVE-2011-2497", "CVE-2011-2525", "CVE-2011-2689", "CVE-2011-2695", "CVE-2011-2699", "CVE-2011-2700", "CVE-2011-2723", "CVE-2011-2918", "CVE-2011-2928", "CVE-2011-2942", "CVE-2011-3188", "CVE-2011-3191", "CVE-2011-3209", "CVE-2011-3363", "CVE-2011-3619", "CVE-2011-3637", "CVE-2011-4087", "CVE-2011-4326", "CVE-2011-4914"], "modified": "2011-11-09T00:00:00", "id": "USN-1256-1", "href": "https://ubuntu.com/security/notices/USN-1256-1", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2023-01-26T13:38:30", "description": "## Releases\n\n * Ubuntu 11.04 \n\n## Packages\n\n * linux-ti-omap4 \\- Linux kernel for OMAP4\n\nGoldwyn Rodrigues discovered that the OCFS2 filesystem did not correctly \nclear memory when writing certain file holes. A local attacker could \nexploit this to read uninitialized data from the disk, leading to a loss of \nprivacy. (CVE-2011-0463)\n\nTimo Warns discovered that the LDM disk partition handling code did not \ncorrectly handle certain values. By inserting a specially crafted disk \ndevice, a local attacker could exploit this to gain root privileges. \n(CVE-2011-1017)\n\nIt was discovered that the /proc filesystem did not correctly handle \npermission changes when programs executed. A local attacker could hold open \nfiles to examine details about programs running with higher privileges, \npotentially increasing the chances of exploiting additional \nvulnerabilities. (CVE-2011-1020)\n\nVasiliy Kulikov discovered that the Bluetooth stack did not correctly clear \nmemory. A local attacker could exploit this to read kernel stack memory, \nleading to a loss of privacy. (CVE-2011-1078)\n\nVasiliy Kulikov discovered that the Bluetooth stack did not correctly check \nthat device name strings were NULL terminated. A local attacker could \nexploit this to crash the system, leading to a denial of service, or leak \ncontents of kernel stack memory, leading to a loss of privacy. \n(CVE-2011-1079)\n\nVasiliy Kulikov discovered that bridge network filtering did not check that \nname fields were NULL terminated. A local attacker could exploit this to \nleak contents of kernel stack memory, leading to a loss of privacy. \n(CVE-2011-1080)\n\nPeter Huewe discovered that the TPM device did not correctly initialize \nmemory. A local attacker could exploit this to read kernel heap memory \ncontents, leading to a loss of privacy. (CVE-2011-1160)\n\nVasiliy Kulikov discovered that the netfilter code did not check certain \nstrings copied from userspace. A local attacker with netfilter access could \nexploit this to read kernel memory or crash the system, leading to a denial \nof service. (CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, CVE-2011-2534)\n\nVasiliy Kulikov discovered that the Acorn Universal Networking driver did \nnot correctly initialize memory. A remote attacker could send specially \ncrafted traffic to read kernel stack memory, leading to a loss of privacy. \n(CVE-2011-1173)\n\nDan Rosenberg discovered that the IRDA subsystem did not correctly check \ncertain field sizes. If a system was using IRDA, a remote attacker could \nsend specially crafted traffic to crash the system or gain root privileges. \n(CVE-2011-1180)\n\nJulien Tinnes discovered that the kernel did not correctly validate the \nsignal structure from tkill(). A local attacker could exploit this to send \nsignals to arbitrary threads, possibly bypassing expected restrictions. \n(CVE-2011-1182)\n\nDan Rosenberg reported errors in the OSS (Open Sound System) MIDI \ninterface. A local attacker on non-x86 systems might be able to cause a \ndenial of service. (CVE-2011-1476)\n\nDan Rosenberg reported errors in the kernel's OSS (Open Sound System) \ndriver for Yamaha FM synthesizer chips. A local user can exploit this to \ncause memory corruption, causing a denial of service or privilege \nescalation. (CVE-2011-1477)\n\nIt was discovered that the security fix for CVE-2010-4250 introduced a \nregression. A remote attacker could exploit this to crash the system, \nleading to a denial of service. (CVE-2011-1479)\n\nDan Rosenberg discovered that the X.25 Rose network stack did not correctly \nhandle certain fields. If a system was running with Rose enabled, a remote \nattacker could send specially crafted traffic to gain root privileges. \n(CVE-2011-1493)\n\nDan Rosenberg discovered that MPT devices did not correctly validate \ncertain values in ioctl calls. If these drivers were loaded, a local \nattacker could exploit this to read arbitrary kernel memory, leading to a \nloss of privacy. (CVE-2011-1494, CVE-2011-1495)\n\nTimo Warns discovered that the GUID partition parsing routines did not \ncorrectly validate certain structures. A local attacker with physical \naccess could plug in a specially crafted block device to crash the system, \nleading to a denial of service. (CVE-2011-1577)\n\nPhil Oester discovered that the network bonding system did not correctly \nhandle large queues. On some systems, a remote attacker could send \nspecially crafted traffic to crash the system, leading to a denial of \nservice. (CVE-2011-1581)\n\nTavis Ormandy discovered that the pidmap function did not correctly handle \nlarge requests. A local attacker could exploit this to crash the system, \nleading to a denial of service. (CVE-2011-1593)\n\nOliver Hartkopp and Dave Jones discovered that the CAN network driver did \nnot correctly validate certain socket structures. If this driver was \nloaded, a local attacker could crash the system, leading to a denial of \nservice. (CVE-2011-1598, CVE-2011-1748)\n\nVasiliy Kulikov discovered that the AGP driver did not check certain ioctl \nvalues. A local attacker with access to the video subsystem could exploit \nthis to crash the system, leading to a denial of service, or possibly gain \nroot privileges. (CVE-2011-1745, CVE-2011-2022)\n\nVasiliy Kulikov discovered that the AGP driver did not check the size of \ncertain memory allocations. A local attacker with access to the video \nsubsystem could exploit this to run the system out of memory, leading to a \ndenial of service. (CVE-2011-1746)\n\nDan Rosenberg discovered that the DCCP stack did not correctly handle \ncertain packet structures. A remote attacker could exploit this to crash \nthe system, leading to a denial of service. (CVE-2011-1770)\n\nBen Greear discovered that CIFS did not correctly handle direct I/O. A \nlocal attacker with access to a CIFS partition could exploit this to crash \nthe system, leading to a denial of service. (CVE-2011-1771)\n\nVasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not \ncorrectly check the origin of mount points. A local attacker could exploit \nthis to trick the system into unmounting arbitrary mount points, leading to \na denial of service. (CVE-2011-1833)\n\nVasiliy Kulikov discovered that taskstats listeners were not correctly \nhandled. A local attacker could expoit this to exhaust memory and CPU \nresources, leading to a denial of service. (CVE-2011-2484)\n\nIt was discovered that Bluetooth l2cap and rfcomm did not correctly \ninitialize structures. A local attacker could exploit this to read portions \nof the kernel stack, leading to a loss of privacy. (CVE-2011-2492)\n\nSami Liedes discovered that ext4 did not correctly handle missing root \ninodes. A local attacker could trigger the mount of a specially crafted \nfilesystem to cause the system to crash, leading to a denial of service. \n(CVE-2011-2493)\n\nIt was discovered that GFS2 did not correctly check block sizes. A local \nattacker could exploit this to crash the system, leading to a denial of \nservice. (CVE-2011-2689)\n\nFernando Gont discovered that the IPv6 stack used predictable fragment \nidentification numbers. A remote attacker could exploit this to exhaust \nnetwork resources, leading to a denial of service. (CVE-2011-2699)\n\nThe performance counter subsystem did not correctly handle certain \ncounters. A local attacker could exploit this to crash the system, leading \nto a denial of service. (CVE-2011-2918)\n\nA flaw was found in the b43 driver in the Linux kernel. An attacker could \nuse this flaw to cause a denial of service if the system has an active \nwireless interface using the b43 driver. (CVE-2011-3359)\n\nA flaw was found in the Linux kernel's /proc/_/_map* interface. A local, \nunprivileged user could exploit this flaw to cause a denial of service. \n(CVE-2011-3637)\n\nIt was discovered that some import kernel threads can be blocked by a user \nlevel process. An unprivileged local user could exploit this flaw to cause \na denial of service. (CVE-2011-4621)\n\nDan Rosenberg discovered flaws in the linux Rose (X.25 PLP) layer used by \namateur radio. A local user or a remote user on an X.25 network could \nexploit these flaws to execute arbitrary code as root. (CVE-2011-4913)\n\nBen Hutchings discovered several flaws in the Linux Rose (X.25 PLP) layer. \nA local user or a remote user on an X.25 network could exploit these flaws \nto execute arbitrary code as root. (CVE-2011-4914)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2011-09-21T00:00:00", "type": "ubuntu", "title": "Linux kernel (OMAP4) vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 8.5, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-4250", "CVE-2011-0463", "CVE-2011-1017", "CVE-2011-1020", "CVE-2011-1078", "CVE-2011-1079", "CVE-2011-1080", "CVE-2011-1160", "CVE-2011-1170", "CVE-2011-1171", "CVE-2011-1172", "CVE-2011-1173", "CVE-2011-1180", "CVE-2011-1182", "CVE-2011-1476", "CVE-2011-1477", "CVE-2011-1479", "CVE-2011-1493", "CVE-2011-1494", "CVE-2011-1495", "CVE-2011-1577", "CVE-2011-1581", "CVE-2011-1593", "CVE-2011-1598", "CVE-2011-1745", "CVE-2011-1746", "CVE-2011-1748", "CVE-2011-1770", "CVE-2011-1771", "CVE-2011-1833", "CVE-2011-2022", "CVE-2011-2484", "CVE-2011-2492", "CVE-2011-2493", "CVE-2011-2534", "CVE-2011-2689", "CVE-2011-2699", "CVE-2011-2918", "CVE-2011-3359", "CVE-2011-3637", "CVE-2011-4621", "CVE-2011-4913", "CVE-2011-4914"], "modified": "2011-09-21T00:00:00", "id": "USN-1212-1", "href": "https://ubuntu.com/security/notices/USN-1212-1", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:42", "description": "==========================================================================\r\nUbuntu Security Notice USN-1211-1\r\nSeptember 21, 2011\r\n\r\nlinux vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 11.04\r\n\r\nSummary:\r\n\r\nMultiple kernel flaws have been fixed.\r\n\r\nSoftware Description:\r\n- linux: Linux kernel\r\n\r\nDetails:\r\n\r\nIt was discovered that the /proc filesystem did not correctly handle\r\npermission changes when programs executed. A local attacker could hold open\r\nfiles to examine details about programs running with higher privileges,\r\npotentially increasing the chances of exploiting additional\r\nvulnerabilities. &#40;CVE-2011-1020&#41;\r\n\r\nDan Rosenberg discovered that the X.25 Rose network stack did not correctly\r\nhandle certain fields. If a system was running with Rose enabled, a remote\r\nattacker could send specially crafted traffic to gain root privileges.\r\n&#40;CVE-2011-1493&#41;\r\n\r\nVasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not\r\ncorrectly check the origin of mount points. A local attacker could exploit\r\nthis to trick the system into unmounting arbitrary mount points, leading to\r\na denial of service. &#40;CVE-2011-1833&#41;\r\n\r\nIt was discovered that Bluetooth l2cap and rfcomm did not correctly\r\ninitialize structures. A local attacker could exploit this to read portions\r\nof the kernel stack, leading to a loss of privacy. &#40;CVE-2011-2492&#41;\r\n\r\nIt was discovered that GFS2 did not correctly check block sizes. A local\r\nattacker could exploit this to crash the system, leading to a denial of\r\nservice. &#40;CVE-2011-2689&#41;\r\n\r\nFernando Gont discovered that the IPv6 stack used predictable fragment\r\nidentification numbers. A remote attacker could exploit this to exhaust\r\nnetwork resources, leading to a denial of service. &#40;CVE-2011-2699&#41;\r\n\r\nThe performance counter subsystem did not correctly handle certain\r\ncounters. A local attacker could exploit this to crash the system, leading\r\nto a denial of service. &#40;CVE-2011-2918&#41;\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 11.04:\r\n linux-image-2.6.38-11-generic 2.6.38-11.50\r\n linux-image-2.6.38-11-generic-pae 2.6.38-11.50\r\n linux-image-2.6.38-11-omap 2.6.38-11.50\r\n linux-image-2.6.38-11-powerpc 2.6.38-11.50\r\n linux-image-2.6.38-11-powerpc-smp 2.6.38-11.50\r\n linux-image-2.6.38-11-powerpc64-smp 2.6.38-11.50\r\n linux-image-2.6.38-11-server 2.6.38-11.50\r\n linux-image-2.6.38-11-versatile 2.6.38-11.50\r\n linux-image-2.6.38-11-virtual 2.6.38-11.50\r\n\r\nAfter a standard system update you need to reboot your computer to make\r\nall the necessary changes.\r\n\r\nReferences:sup\r\n http://www.ubuntu.com/usn/usn-1211-1\r\n CVE-2011-1020, CVE-2011-1493, CVE-2011-1833, CVE-2011-2492,\r\n CVE-2011-2689, CVE-2011-2699, CVE-2011-2918\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/linux/2.6.38-11.50\r\n", "edition": 1, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2011-09-26T00:00:00", "title": "[USN-1211-1] Linux kernel vulnerabilities", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2918", "CVE-2011-2492", "CVE-2011-2699", "CVE-2011-1833", "CVE-2011-1020", "CVE-2011-1493", "CVE-2011-2689"], "modified": "2011-09-26T00:00:00", "id": "SECURITYVULNS:DOC:27054", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27054", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:43", "description": "==========================================================================\r\nUbuntu Security Notice USN-1268-1\r\nNovember 21, 2011\r\n\r\nlinux vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 8.04 LTS\r\n\r\nSummary:\r\n\r\nSeveral security issues were fixed in the kernel.\r\n\r\nSoftware Description:\r\n- linux: Linux kernel\r\n\r\nDetails:\r\n\r\nIt was discovered that CIFS incorrectly handled authentication. When a user\r\nhad a CIFS share mounted that required authentication, a local user could\r\nmount the same share without knowing the correct password. &#40;CVE-2011-1585&#41;\r\n\r\nIt was discovered that the GRE protocol incorrectly handled netns\r\ninitialization. A remote attacker could send a packet while the ip_gre\r\nmodule was loading, and crash the system, leading to a denial of service.\r\n&#40;CVE-2011-1767&#41;\r\n\r\nIt was discovered that the IP/IP protocol incorrectly handled netns\r\ninitialization. A remote attacker could send a packet while the ipip module\r\nwas loading, and crash the system, leading to a denial of service.\r\n&#40;CVE-2011-1768&#41;\r\n\r\nVasily Averin discovered that the NFS Lock Manager &#40;NLM&#41; incorrectly\r\nhandled unlock requests. A local attacker could exploit this to cause a\r\ndenial of service. &#40;CVE-2011-2491&#41;\r\n\r\nRobert Swiecki discovered that mapping extensions were incorrectly handled.\r\nA local attacker could exploit this to crash the system, leading to a\r\ndenial of service. &#40;CVE-2011-2496&#41;\r\n\r\nBen Pfaff discovered that Classless Queuing Disciplines &#40;qdiscs&#41; were being\r\nincorrectly handled. A local attacker could exploit this to crash the\r\nsystem, leading to a denial of service. &#40;CVE-2011-2525&#41;\r\n\r\nYasuaki Ishimatsu discovered a flaw in the kernel&#39;s clock implementation. A\r\nlocal unprivileged attacker could exploit this causing a denial of service.\r\n&#40;CVE-2011-3209&#41;\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 8.04 LTS:\r\n linux-image-2.6.24-30-386 2.6.24-30.96\r\n linux-image-2.6.24-30-generic 2.6.24-30.96\r\n linux-image-2.6.24-30-hppa32 2.6.24-30.96\r\n linux-image-2.6.24-30-hppa64 2.6.24-30.96\r\n linux-image-2.6.24-30-itanium 2.6.24-30.96\r\n linux-image-2.6.24-30-lpia 2.6.24-30.96\r\n linux-image-2.6.24-30-lpiacompat 2.6.24-30.96\r\n linux-image-2.6.24-30-mckinley 2.6.24-30.96\r\n linux-image-2.6.24-30-openvz 2.6.24-30.96\r\n linux-image-2.6.24-30-powerpc 2.6.24-30.96\r\n linux-image-2.6.24-30-powerpc-smp 2.6.24-30.96\r\n linux-image-2.6.24-30-powerpc64-smp 2.6.24-30.96\r\n linux-image-2.6.24-30-rt 2.6.24-30.96\r\n linux-image-2.6.24-30-server 2.6.24-30.96\r\n linux-image-2.6.24-30-sparc64 2.6.24-30.96\r\n linux-image-2.6.24-30-sparc64-smp 2.6.24-30.96\r\n linux-image-2.6.24-30-virtual 2.6.24-30.96\r\n linux-image-2.6.24-30-xen 2.6.24-30.96\r\n\r\nAfter a standard system update you need to reboot your computer to make\r\nall the necessary changes.\r\n\r\nATTENTION: Due to an unavoidable ABI change the kernel updates have\r\nbeen given a new version number, which requires you to recompile and\r\nreinstall all third party kernel modules you might have installed. If\r\nyou use linux-restricted-modules, you have to update that package as\r\nwell to get modules which work with the new kernel version. Unless you\r\nmanually uninstalled the standard kernel metapackages &#40;e.g. linux-generic,\r\nlinux-server, linux-powerpc&#41;, a standard system upgrade will automatically\r\nperform this as well.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-1268-1\r\n CVE-2011-1585, CVE-2011-1767, CVE-2011-1768, CVE-2011-2491,\r\n CVE-2011-2496, CVE-2011-2525, CVE-2011-3209\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/linux/2.6.24-30.96\r\n", "edition": 1, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2011-11-27T00:00:00", "type": "securityvulns", "title": "[USN-1268-1] Linux kernel vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1768", "CVE-2011-2491", "CVE-2011-1767", "CVE-2011-3209", "CVE-2011-2525", "CVE-2011-1585", "CVE-2011-2496"], "modified": "2011-11-27T00:00:00", "id": "SECURITYVULNS:DOC:27375", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27375", "sourceData": "", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:43", "description": "Multipe local DoS conditions, information leaks, IPv6 remote DoS, X.25 code execution.", "edition": 1, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2011-09-26T00:00:00", "type": "securityvulns", "title": "Linux kernel multiple security vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2918", "CVE-2011-2723", "CVE-2011-2492", "CVE-2011-2699", "CVE-2011-1833", "CVE-2011-2700", "CVE-2011-1020", "CVE-2011-1493", "CVE-2011-2689"], "modified": "2011-09-26T00:00:00", "id": "SECURITYVULNS:VULN:11922", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11922", "sourceData": "", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:45", "description": "Multiple DoS conditions.", "edition": 1, "cvss3": {}, "published": "2011-11-27T00:00:00", "type": "securityvulns", "title": "Linux kernel multiple security vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2491", "CVE-2011-2517", "CVE-2011-2495", "CVE-2011-2909", "CVE-2011-3209", "CVE-2011-2494", "CVE-2011-3363", "CVE-2011-2479", "CVE-2011-2905", "CVE-2011-2183", "CVE-2011-2525", "CVE-2011-2496"], "modified": "2011-11-27T00:00:00", "id": "SECURITYVULNS:VULN:12057", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12057", "sourceData": "", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:41", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- ----------------------------------------------------------------------\r\nDebian Security Advisory DSA-2303-2 security@debian.org\r\nhttp://www.debian.org/security/ Dann Frazier\r\nSeptember 10, 2011 http://www.debian.org/security/faq\r\n- ----------------------------------------------------------------------\r\n\r\nPackage : linux-2.6\r\nVulnerability : privilege escalation/denial of service/information leak\r\nProblem type : local/remote\r\nDebian-specific: no\r\nCVE Id&#40;s&#41; : CVE-2011-1020 CVE-2011-1576 CVE-2011-2484 CVE-2011-2491\r\n CVE-2011-2492 CVE-2011-2495 CVE-2011-2496 CVE-2011-2497\r\n CVE-2011-2517 CVE-2011-2525 CVE-2011-2700 CVE-2011-2723\r\n CVE-2011-2905 CVE-2011-2909 CVE-2011-2918 CVE-2011-2928\r\n CVE-2011-3188 CVE-2011-3191\r\nDebian Bug : 640966\r\n\r\nThe linux-2.6 and user-mode-linux upgrades from DSA-2303-1 has caused a\r\nregression that can result in an oops during invalid accesses to\r\n/proc/&lt;pid&gt;/maps files.\r\n\r\n\r\nThe text of the original advisory is reproduced for reference:\r\n\r\nSeveral vulnerabilities have been discovered in the Linux kernel that may lead\r\nto a denial of service or privilege escalation. The Common Vulnerabilities and\r\nExposures project identifies the following problems:\r\n\r\nCVE-2011-1020 \r\n\r\n Kees Cook discovered an issue in the /proc filesystem that allows local\r\n users to gain access to sensitive process information after execution of a\r\n setuid binary.\r\n\r\nCVE-2011-1576 \r\n\r\n Ryan Sweat discovered an issue in the VLAN implementation. Local users may\r\n be able to cause a kernel memory leak, resulting in a denial of service.\r\n\r\nCVE-2011-2484 \r\n\r\n Vasiliy Kulikov of Openwall discovered that the number of exit handlers that\r\n a process can register is not capped, resulting in local denial of service\r\n through resource exhaustion &#40;cpu time and memory&#41;.\r\n\r\nCVE-2011-2491\r\n\r\n Vasily Averin discovered an issue with the NFS locking implementation. A\r\n malicious NFS server can cause a client to hang indefinitely in an unlock\r\n call.\r\n\r\nCVE-2011-2492 \r\n\r\n Marek Kroemeke and Filip Palian discovered that uninitialized struct\r\n elements in the Bluetooth subsystem could lead to a leak of sensitive kernel\r\n memory through leaked stack memory.\r\n\r\nCVE-2011-2495 \r\n\r\n Vasiliy Kulikov of Openwall discovered that the io file of a process&#39; proc\r\n directory was world-readable, resulting in local information disclosure of\r\n information such as password lengths.\r\n\r\nCVE-2011-2496 \r\n\r\n Robert Swiecki discovered that mremap&#40;&#41; could be abused for local denial of\r\n service by triggering a BUG_ON assert.\r\n\r\nCVE-2011-2497\r\n\r\n Dan Rosenberg discovered an integer underflow in the Bluetooth subsystem,\r\n which could lead to denial of service or privilege escalation.\r\n\r\nCVE-2011-2517 \r\n\r\n It was discovered that the netlink-based wireless configuration interface\r\n performed insufficient length validation when parsing SSIDs, resulting in\r\n buffer overflows. Local users with the CAP_NET_ADMIN capability can cause a\r\n denial of service.\r\n\r\nCVE-2011-2525 \r\n\r\n Ben Pfaff reported an issue in the network scheduling code. A local user\r\n could cause a denial of service &#40;NULL pointer dereference&#41; by sending a\r\n specially crafted netlink message.\r\n\r\nCVE-2011-2700 \r\n\r\n Mauro Carvalho Chehab of Red Hat reported a buffer overflow issue in the\r\n driver for the Si4713 FM Radio Transmitter driver used by N900 devices.\r\n Local users could exploit this issue to cause a denial of service or\r\n potentially gain elevated privileges.\r\n\r\nCVE-2011-2723\r\n\r\n Brent Meshier reported an issue in the GRO &#40;generic receive offload&#41;\r\n implementation. This can be exploited by remote users to create a denial of\r\n service &#40;system crash&#41; in certain network device configurations.\r\n\r\nCVE-2011-2905 \r\n\r\n Christian Ohm discovered that the &#39;perf&#39; analysis tool searches for its\r\n config files in the current working directory. This could lead to denial of\r\n service or potential privilege escalation if a user with elevated privileges\r\n is tricked into running &#39;perf&#39; in a directory under the control of the\r\n attacker.\r\n\r\nCVE-2011-2909 \r\n\r\n Vasiliy Kulikov of Openwall discovered that a programming error in\r\n the Comedi driver could lead to the information disclosure through \r\n leaked stack memory.\r\n\r\nCVE-2011-2918 \r\n\r\n Vince Weaver discovered that incorrect handling of software event overflows\r\n in the &#39;perf&#39; analysis tool could lead to local denial of service.\r\n\r\nCVE-2011-2928\r\n\r\n Timo Warns discovered that insufficient validation of Be filesystem images\r\n could lead to local denial of service if a malformed filesystem image is\r\n mounted.\r\n\r\nCVE-2011-3188 \r\n\r\n Dan Kaminsky reported a weakness of the sequence number generation in the\r\n TCP protocol implementation. This can be used by remote attackers to inject\r\n packets into an active session.\r\n\r\nCVE-2011-3191\r\n\r\n Darren Lavender reported an issue in the Common Internet File System &#40;CIFS&#41;.\r\n A malicious file server could cause memory corruption leading to a denial of\r\n service.\r\n\r\nThis update also includes a fix for a regression introduced with the previous\r\nsecurity fix for CVE-2011-1768 &#40;Debian: #633738&#41;\r\n\r\nFor the stable distribution &#40;squeeze&#41;, this problem has been fixed in version\r\n2.6.32-35squeeze2. Updates for issues impacting the oldstable distribution\r\n&#40;lenny&#41; will be available soon.\r\n\r\nThe following matrix lists additional source packages that were rebuilt for\r\ncompatibility with or to take advantage of this update:\r\n\r\n Debian 6.0 &#40;squeeze&#41;\r\n user-mode-linux 2.6.32-1um-4+35squeeze2\r\n\r\nWe recommend that you upgrade your linux-2.6 and user-mode-linux packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: http://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.11 &#40;GNU/Linux&#41;\r\n\r\niQIcBAEBAgAGBQJOa7gPAAoJEBv4PF5U/IZAhyoP/1VRIeUGZPmOMBIIUWfPP5Vt\r\nLJzj2kXbNmk6GpSJaO23mTZSq9XdrGP9aPpkTQY/QRsH5/nVEr6Djq4X/ld07l2U\r\nM3M8/ufVrdht/evuS37nriTKQ3+wuN8N2e2uP6ZPV3ez+PO6r5eh2QdjotMNOA8P\r\nCnF1VuLXOm0WguxOFFekbM6XjYCovSeFz6V2vIpdSZlDAVcBjW8Qrb/elSDY43rb\r\nyNWt61V05ihNnlhIDZwT2Q8QJ2aR27VIsNxZbnualV3iT3f+A+pX7Mix8mgZkbvp\r\nZDHQ+gV2xr0D0zBO8JOa7CCkqhp0TQKiATD6ix2ZcjehmqtwB0HxQx074o2OVKA3\r\nvL7UaEd8aY06VcUsW2KutjK3qjfWKEMmgp/aI9jP6wpJOi7GUxiUc2vK/e1Ksw95\r\ndYe9tP1QmSKW5IFHeJauIgWWT1ERe3ofa8UGT7Z9Y3zExjDwesNzqf2OlYCuS4g4\r\nd4wvkLZsKB+e9Xy6TDSdqLL66CIwHhOc50iI8F2fC02RJrxE3WICePmdCAJd/lrQ\r\n2IeXkeq0hEjW3vOFKgp1/ta6fOjQNNev/1w/BZK6b/9UZf8LOmT2lKZQXlbcSoE4\r\nIztr47uj/w1/fjFjfBntwX93sPrDGQP1/kwppLCeWOsoTYL4Nh2cpTm5mRTH8qH9\r\nPRLlyhdV4oDL0uqQwYo5\r\n=ffJs\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "cvss3": {}, "published": "2011-09-13T00:00:00", "title": "[SECURITY] [DSA 2303-2] New linux-2.6 packages fix regression", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1768", "CVE-2011-2918", "CVE-2011-3188", "CVE-2011-2723", "CVE-2011-2491", "CVE-2011-2517", "CVE-2011-1576", "CVE-2011-2492", "CVE-2011-2928", "CVE-2011-2495", "CVE-2011-2484", "CVE-2011-2909", "CVE-2011-2700", "CVE-2011-1020", "CVE-2011-2905", "CVE-2011-2497", "CVE-2011-2525", "CVE-2011-3191", "CVE-2011-2496"], "modified": "2011-09-13T00:00:00", "id": "SECURITYVULNS:DOC:27006", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27006", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:54", "description": "Multiple different vulnerabilities.", "edition": 1, "cvss3": {}, "published": "2014-03-27T00:00:00", "type": "securityvulns", "title": "HP Rapid Deployment Pack / HP Insight Control Server Deployment multiple security vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 8.5, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-4008", "CVE-2012-2375", "CVE-2011-3188", "CVE-2011-2723", "CVE-2011-4110", "CVE-2011-2518", "CVE-2013-6206", "CVE-2011-2492", "CVE-2012-2137", "CVE-2013-6205", "CVE-2012-2313", "CVE-2011-2182", "CVE-2012-2373", "CVE-2012-2384", "CVE-2010-4494", "CVE-2011-4077", "CVE-2011-2213", "CVE-2011-2689", "CVE-2012-2383", "CVE-2012-1179", "CVE-2012-0879", "CVE-2012-1088", "CVE-2012-2372", "CVE-2012-0058"], "modified": "2014-03-27T00:00:00", "id": "SECURITYVULNS:VULN:13641", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13641", "sourceData": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:51", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nNote: the current version of the following document is available here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\r\ndocDisplay?docId=emr_na-c04135307\r\n\r\nSUPPORT COMMUNICATION - SECURITY BULLETIN\r\n\r\nDocument ID: c04135307\r\nVersion: 1\r\n\r\nHPSBGN02970 rev.1 - HP Rapid Deployment Pack &#40;RDP&#41; or HP Insight Control\r\nServer Deployment, Multiple Remote Vulnerabilities affecting Confidentiality,\r\nIntegrity and Availability\r\n\r\nNOTICE: The information in this Security Bulletin should be acted upon as\r\nsoon as possible.\r\n\r\nRelease Date: 2014-03-10\r\nLast Updated: 2014-03-10\r\n\r\nPotential Security Impact: Multiple remote vulnerabilities affecting\r\nconfidentiality, integrity and availability\r\n\r\nSource: Hewlett-Packard Company, HP Software Security Response Team\r\n\r\nVULNERABILITY SUMMARY\r\nPotential vulnerabilities have been identified with HP Rapid Deployment Pack\r\n&#40;RDP&#41; or HP Insight Control Server Deployment. The vulnerabilities could be\r\nexploited remotely affecting confidentiality, integrity and availability.\r\n\r\nReferences: CVE-2010-4008\r\n CVE-2010-4494\r\n CVE-2011-2182\r\n CVE-2011-2213\r\n CVE-2011-2492\r\n\r\nCVE-2011-2518\r\n CVE-2011-2689\r\n CVE-2011-2723\r\n CVE-2011-3188\r\n CVE-2011-4077\r\n\r\nCVE-2011-4110\r\n CVE-2012-0058\r\n CVE-2012-0879\r\n CVE-2012-1088\r\n CVE-2012-1179\r\n\r\nCVE-2012-2137\r\n CVE-2012-2313\r\n CVE-2012-2372\r\n CVE-2012-2373\r\n CVE-2012-2375\r\n\r\nCVE-2012-2383\r\n CVE-2012-2384\r\n CVE-2013-6205\r\n CVE-2013-6206\r\n SSRT101443\r\n\r\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.\r\n\r\nHP Rapid Deployment Pack &#40;RDP&#41; -- All versions\r\nHP Insight Control Server Deployment -- All versions\r\n\r\nBACKGROUND\r\n\r\nCVSS 2.0 Base Metrics\r\n===========================================================\r\n Reference Base Vector Base Score\r\nCVE-2013-6205 &#40;AV:L/AC:M/Au:S/C:P/I:P/A:P&#41; 4.1\r\nCVE-2013-6206 &#40;AV:N/AC:L/Au:N/C:C/I:P/A:P&#41; 9.0\r\nCVE-2010-4008 &#40;AV:N/AC:M/Au:N/C:N/I:N/A:P&#41; 4.3\r\nCVE-2010-4494 &#40;AV:N/AC:L/Au:N/C:C/I:C/A:C&#41; 10.0\r\nCVE-2011-2182 &#40;AV:L/AC:L/Au:N/C:C/I:C/A:C&#41; 7.2\r\nCVE-2011-2213 &#40;AV:L/AC:L/Au:N/C:N/I:N/A:C&#41; 4.9\r\nCVE-2011-2492 &#40;AV:L/AC:M/Au:N/C:P/I:N/A:N&#41; 1.9\r\nCVE-2011-2518 &#40;AV:L/AC:L/Au:N/C:N/I:N/A:C&#41; 4.9\r\nCVE-2011-2689 &#40;AV:L/AC:L/Au:N/C:N/I:N/A:C&#41; 4.9\r\nCVE-2011-2723 &#40;AV:A/AC:M/Au:N/C:N/I:N/A:C&#41; 5.7\r\nCVE-2011-3188 &#40;AV:N/AC:M/Au:N/C:P/I:P/A:P&#41; 6.8\r\nCVE-2011-4077 &#40;AV:L/AC:M/Au:N/C:C/I:C/A:C&#41; 6.9\r\nCVE-2011-4110 &#40;AV:L/AC:L/Au:N/C:N/I:N/A:P&#41; 2.1\r\nCVE-2012-0058 &#40;AV:L/AC:L/Au:N/C:N/I:N/A:C&#41; 4.9\r\nCVE-2012-0879 &#40;AV:L/AC:L/Au:N/C:N/I:N/A:C&#41; 4.9\r\nCVE-2012-1088 &#40;AV:L/AC:M/Au:N/C:N/I:P/A:P&#41; 3.3\r\nCVE-2012-1179 &#40;AV:A/AC:M/Au:S/C:N/I:N/A:C&#41; 5.2\r\nCVE-2012-2137 &#40;AV:L/AC:M/Au:N/C:C/I:C/A:C&#41; 6.9\r\nCVE-2012-2313 &#40;AV:L/AC:H/Au:N/C:N/I:N/A:P&#41; 1.2\r\nCVE-2012-2372 &#40;AV:L/AC:M/Au:S/C:N/I:N/A:C&#41; 4.4\r\nCVE-2012-2373 &#40;AV:L/AC:H/Au:N/C:N/I:N/A:C&#41; 4.0\r\nCVE-2012-2375 &#40;AV:A/AC:H/Au:N/C:N/I:N/A:C&#41; 4.6\r\nCVE-2012-2383 &#40;AV:L/AC:L/Au:N/C:N/I:N/A:C&#41; 4.9\r\nCVE-2012-2384 &#40;AV:L/AC:L/Au:N/C:N/I:N/A:C&#41; 4.9\r\n===========================================================\r\n Information on CVSS is documented\r\n in HP Customer Notice: HPSN-2008-002\r\n\r\nRESOLUTION\r\n\r\nHP recommends that HP Rapid Deployment Pack &#40;RDP&#41; or HP Insight Control\r\nServer Deployment should only be run on private secure networks to prevent\r\nthe risk of security compromise.\r\n\r\nHISTORY\r\nVersion:1 &#40;rev.1&#41; - 10 March 2014 Initial release\r\n\r\nThird Party Security Patches: Third party security patches that are to be\r\ninstalled on systems running HP software products should be applied in\r\naccordance with the customer&#39;s patch management policy.\r\n\r\nSupport: For issues about implementing the recommendations of this Security\r\nBulletin, contact normal HP Services support channel. For other issues about\r\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com.\r\n\r\nReport: To report a potential security vulnerability with any HP supported\r\nproduct, send Email to: security-alert@hp.com\r\n\r\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\r\nalerts via Email:\r\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\r\n\r\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\r\navailable here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\r\n\r\nSoftware Product Category: The Software Product Category is represented in\r\nthe title by the two characters following HPSB.\r\n\r\n3C = 3COM\r\n3P = 3rd Party Software\r\nGN = HP General Software\r\nHF = HP Hardware and Firmware\r\nMP = MPE/iX\r\nMU = Multi-Platform Software\r\nNS = NonStop Servers\r\nOV = OpenVMS\r\nPI = Printing and Imaging\r\nPV = ProCurve\r\nST = Storage Software\r\nTU = Tru64 UNIX\r\nUX = HP-UX\r\n\r\nCopyright 2014 Hewlett-Packard Development Company, L.P.\r\nHewlett-Packard Company shall not be liable for technical or editorial errors\r\nor omissions contained herein. The information provided is provided &quot;as is&quot;\r\nwithout warranty of any kind. To the extent permitted by law, neither HP or\r\nits affiliates, subcontractors or suppliers will be liable for\r\nincidental,special or consequential damages including downtime cost; lost\r\nprofits; damages relating to the procurement of substitute products or\r\nservices; or damages for loss of data, or software restoration. The\r\ninformation in this document is subject to change without notice.\r\nHewlett-Packard Company and the names of Hewlett-Packard products referenced\r\nherein are trademarks of Hewlett-Packard Company in the United States and\r\nother countries. Other product and company names mentioned herein may be\r\ntrademarks of their respective owners.\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v2.0.19 &#40;GNU/Linux&#41;\r\n\r\niEYEARECAAYFAlMd70EACgkQ4B86/C0qfVnXowCgnnw+HySvDNjCV7VPwZHplLwc\r\nGw4An38h3204bsbLQN/gJQVEqFTo5IfX\r\n=sWmR\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "cvss3": {}, "published": "2014-03-27T00:00:00", "title": "[security bulletin] HPSBGN02970 rev.1 - HP Rapid Deployment Pack &#40;RDP&#41; or HP Insight Control Server Deployment, Multiple Remote Vulnerabilities affecting Confidentiality, Integrity and Availability", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 8.5, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-4008", "CVE-2012-2375", "CVE-2011-3188", "CVE-2011-2723", "CVE-2011-4110", "CVE-2011-2518", "CVE-2013-6206", "CVE-2011-2492", "CVE-2012-2137", "CVE-2013-6205", "CVE-2012-2313", "CVE-2011-2182", "CVE-2012-2373", "CVE-2012-2384", "CVE-2010-4494", "CVE-2011-4077", "CVE-2011-2213", "CVE-2011-2689", "CVE-2012-2383&q