Search...

Fedora Update for kernel FEDORA-2017-7a3ddf2484

2017-10-07T00:00:00

ID OPENVAS:1361412562310873485
Type openvas
Reporter Copyright (C) 2017 Greenbone Networks GmbH
Modified 2019-03-15T00:00:00

Description

The remote host is missing an update for the

                                        
                                            ###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_fedora_2017_7a3ddf2484_kernel_fc25.nasl 14223 2019-03-15 13:49:35Z cfischer $
#
# Fedora Update for kernel FEDORA-2017-7a3ddf2484
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.873485");
  script_version("$Revision: 14223 $");
  script_tag(name:"last_modification", value:"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $");
  script_tag(name:"creation_date", value:"2017-10-07 09:16:05 +0200 (Sat, 07 Oct 2017)");
  script_cve_id("CVE-2017-14497");
  script_tag(name:"cvss_base", value:"7.2");
  script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_tag(name:"qod_type", value:"package");
  script_name("Fedora Update for kernel FEDORA-2017-7a3ddf2484");
  script_tag(name:"summary", value:"The remote host is missing an update for the 'kernel'
  package(s) announced via the referenced advisory.");
  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
  script_tag(name:"affected", value:"kernel on Fedora 25");
  script_tag(name:"solution", value:"Please install the updated package(s).");
  script_xref(name:"FEDORA", value:"2017-7a3ddf2484");
  script_xref(name:"URL", value:"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CNGBPDR2TB7CBWBCJWNKIHEJ5R43R5BM");
  script_tag(name:"solution_type", value:"VendorFix");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2017 Greenbone Networks GmbH");
  script_family("Fedora Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/fedora", "ssh/login/rpms", re:"ssh/login/release=FC25");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";

if(release == "FC25")
{

  if ((res = isrpmvuln(pkg:"kernel", rpm:"kernel~4.12.14~200.fc25", rls:"FC25")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99);
  exit(0);
}

JSON Vulners Source

Initial Source

{"id": "OPENVAS:1361412562310873485", "type": "openvas", "bulletinFamily": "scanner", "title": "Fedora Update for kernel FEDORA-2017-7a3ddf2484", "description": "The remote host is missing an update for the ", "published": "2017-10-07T00:00:00", "modified": "2019-03-15T00:00:00", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873485", "reporter": "Copyright (C) 2017 Greenbone Networks GmbH", "references": ["https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CNGBPDR2TB7CBWBCJWNKIHEJ5R43R5BM", "2017-7a3ddf2484"], "cvelist": ["CVE-2017-14497"], "lastseen": "2019-05-29T18:34:23", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2017-14497"]}, {"type": "nessus", "idList": ["EULEROS_SA-2019-1537.NASL", "DEBIAN_DSA-3981.NASL", "ALA_ALAS-2017-901.NASL", "FEDORA_2017-3202AED903.NASL", "FEDORA_2017-7A3DDF2484.NASL"]}, {"type": "fedora", "idList": ["FEDORA:6F1BC604D0C1", "FEDORA:44065605602A", "FEDORA:6102A601DD67", "FEDORA:648496077DD1", "FEDORA:A5AC761C5F24"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310703981", "OPENVAS:1361412562310873460", "OPENVAS:1361412562310874427", "OPENVAS:1361412562310874619", "OPENVAS:1361412562310874365", "OPENVAS:1361412562311220191537"]}, {"type": "amazon", "idList": ["ALAS-2017-901"]}, {"type": "thn", "idList": ["THN:D2096A5FA799B07E97FD2767D8E6C641"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3981-1:0F636"]}], "modified": "2019-05-29T18:34:23", "rev": 2}, "score": {"value": 6.7, "vector": "NONE", "modified": "2019-05-29T18:34:23", "rev": 2}, "vulnersScore": 6.7}, "pluginID": "1361412562310873485", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_7a3ddf2484_kernel_fc25.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2017-7a3ddf2484\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873485\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-10-07 09:16:05 +0200 (Sat, 07 Oct 2017)\");\n script_cve_id(\"CVE-2017-14497\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2017-7a3ddf2484\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-7a3ddf2484\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CNGBPDR2TB7CBWBCJWNKIHEJ5R43R5BM\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.12.14~200.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "naslFamily": "Fedora Local Security Checks"}

{"cve": [{"lastseen": "2020-12-09T20:13:23", "description": "The tpacket_rcv function in net/packet/af_packet.c in the Linux kernel before 4.13 mishandles vnet headers, which might allow local users to cause a denial of service (buffer overflow, and disk and memory corruption) or possibly have unspecified other impact via crafted system calls.", "edition": 5, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-09-15T18:29:00", "title": "CVE-2017-14497", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14497"], "modified": "2018-01-13T02:29:00", "cpe": ["cpe:/o:linux:linux_kernel:4.12.14"], "id": "CVE-2017-14497", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14497", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:4.12.14:*:*:*:*:*:*:*"]}], "fedora": [{"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-14497"], "description": "The kernel meta package ", "modified": "2017-09-26T23:57:58", "published": "2017-09-26T23:57:58", "id": "FEDORA:6102A601DD67", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: kernel-4.12.14-300.fc26", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-14497"], "description": "The kernel meta package ", "modified": "2017-10-04T21:50:36", "published": "2017-10-04T21:50:36", "id": "FEDORA:A5AC761C5F24", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: kernel-4.12.14-200.fc25", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-1000111", "CVE-2017-1000112", "CVE-2017-1000251", "CVE-2017-1000255", "CVE-2017-1000405", "CVE-2017-10810", "CVE-2017-12134", "CVE-2017-12153", "CVE-2017-12154", "CVE-2017-12190", "CVE-2017-12193", "CVE-2017-13693", "CVE-2017-13694", "CVE-2017-13695", "CVE-2017-14051", "CVE-2017-14497", "CVE-2017-14954", "CVE-2017-15115", "CVE-2017-15265", "CVE-2017-16532", "CVE-2017-16538", "CVE-2017-16644", "CVE-2017-16647", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17741", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-18232", "CVE-2017-5123", "CVE-2017-7533", "CVE-2017-7558", "CVE-2017-8824", "CVE-2018-1000004", "CVE-2018-1000026", "CVE-2018-10021", "CVE-2018-1065", "CVE-2018-1108", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5344", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-8043"], "description": "The kernel meta package ", "modified": "2018-05-11T17:46:05", "published": "2018-05-11T17:46:05", "id": "FEDORA:648496077DD1", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: kernel-4.16.7-100.fc26", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-1000111", "CVE-2017-1000112", "CVE-2017-1000251", "CVE-2017-1000255", "CVE-2017-1000405", "CVE-2017-10810", "CVE-2017-12134", "CVE-2017-12153", "CVE-2017-12154", "CVE-2017-12190", "CVE-2017-12193", "CVE-2017-13693", "CVE-2017-13694", "CVE-2017-13695", "CVE-2017-14051", "CVE-2017-14497", "CVE-2017-14954", "CVE-2017-15115", "CVE-2017-15265", "CVE-2017-16532", "CVE-2017-16538", "CVE-2017-16644", "CVE-2017-16647", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17741", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-18232", "CVE-2017-5123", "CVE-2017-7533", "CVE-2017-7558", "CVE-2017-8824", "CVE-2018-1000004", "CVE-2018-1000026", "CVE-2018-10021", "CVE-2018-10322", "CVE-2018-10323", "CVE-2018-1065", "CVE-2018-1108", "CVE-2018-1120", "CVE-2018-3639", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5344", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-8043"], "description": "The kernel meta package ", "modified": "2018-05-29T11:10:03", "published": "2018-05-29T11:10:03", "id": "FEDORA:44065605602A", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: kernel-4.16.11-100.fc26", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-1000111", "CVE-2017-1000112", "CVE-2017-1000251", "CVE-2017-1000255", "CVE-2017-1000405", "CVE-2017-10810", "CVE-2017-12134", "CVE-2017-12153", "CVE-2017-12154", "CVE-2017-12190", "CVE-2017-12193", "CVE-2017-13693", "CVE-2017-13694", "CVE-2017-13695", "CVE-2017-14051", "CVE-2017-14497", "CVE-2017-14954", "CVE-2017-15115", "CVE-2017-15265", "CVE-2017-16532", "CVE-2017-16538", "CVE-2017-16644", "CVE-2017-16647", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17741", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-18232", "CVE-2017-5123", "CVE-2017-7533", "CVE-2017-7558", "CVE-2017-8824", "CVE-2018-1000004", "CVE-2018-1000026", "CVE-2018-10021", "CVE-2018-1065", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5344", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-8043"], "description": "The kernel meta package ", "modified": "2018-04-18T01:07:00", "published": "2018-04-18T01:07:00", "id": "FEDORA:6F1BC604D0C1", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: kernel-4.15.17-200.fc26", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "nessus": [{"lastseen": "2021-01-07T10:11:38", "description": "The 4.12.14 stable kernel update contains a number of important fixes\nacross the tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 18, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-10-05T00:00:00", "title": "Fedora 25 : kernel (2017-7a3ddf2484)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-14497"], "modified": "2017-10-05T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:25"], "id": "FEDORA_2017-7A3DDF2484.NASL", "href": "https://www.tenable.com/plugins/nessus/103664", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-7a3ddf2484.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103664);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-14497\");\n script_xref(name:\"FEDORA\", value:\"2017-7a3ddf2484\");\n\n script_name(english:\"Fedora 25 : kernel (2017-7a3ddf2484)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 4.12.14 stable kernel update contains a number of important fixes\nacross the tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-7a3ddf2484\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-14497\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2017-7a3ddf2484\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"kernel-4.12.14-200.fc25\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:15:48", "description": "The 4.12.14 stable kernel update contains a number of important fixes\nacross the tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 18, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-09-28T00:00:00", "title": "Fedora 26 : kernel (2017-3202aed903)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-14497"], "modified": "2017-09-28T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2017-3202AED903.NASL", "href": "https://www.tenable.com/plugins/nessus/103520", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-3202aed903.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103520);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-14497\");\n script_xref(name:\"FEDORA\", value:\"2017-3202aed903\");\n\n script_name(english:\"Fedora 26 : kernel (2017-3202aed903)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 4.12.14 stable kernel update contains a number of important fixes\nacross the tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-3202aed903\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-14497\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2017-3202aed903\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"kernel-4.12.14-300.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T01:19:40", "description": "A buffer overflow was discovered in tpacket_rcv() function in the\nLinux kernel since v4.6-rc1 through v4.13. A number of socket-related\nsyscalls can be made to set up a configuration when each packet\nreceived by a network interface can cause writing up to 10 bytes to a\nkernel memory outside of a kernel buffer. This can cause unspecified\nkernel data corruption effects, including damage of in-memory and\non-disk XFS data. (CVE-2017-14497)\n\nA kernel data leak due to an out-of-bound read was found in the Linux\nkernel in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info()\nfunctions present since version 4.7-rc1 through version 4.13. A data\nleak happens when these functions fill in sockaddr data structures\nused to export socket's diagnostic information. As a result, up to 100\nbytes of the slab data could be leaked to a userspace. (CVE-2017-7558)", "edition": 25, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-10-04T00:00:00", "title": "Amazon Linux AMI : kernel (ALAS-2017-901)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7558", "CVE-2017-14497"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-doc", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686", "p-cpe:/a:amazon:linux:perf-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:kernel-headers", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2017-901.NASL", "href": "https://www.tenable.com/plugins/nessus/103653", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2017-901.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103653);\n script_version(\"3.4\");\n script_cvs_date(\"Date: 2019/04/10 16:10:16\");\n\n script_cve_id(\"CVE-2017-14497\", \"CVE-2017-7558\");\n script_xref(name:\"ALAS\", value:\"2017-901\");\n\n script_name(english:\"Amazon Linux AMI : kernel (ALAS-2017-901)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A buffer overflow was discovered in tpacket_rcv() function in the\nLinux kernel since v4.6-rc1 through v4.13. A number of socket-related\nsyscalls can be made to set up a configuration when each packet\nreceived by a network interface can cause writing up to 10 bytes to a\nkernel memory outside of a kernel buffer. This can cause unspecified\nkernel data corruption effects, including damage of in-memory and\non-disk XFS data. (CVE-2017-14497)\n\nA kernel data leak due to an out-of-bound read was found in the Linux\nkernel in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info()\nfunctions present since version 4.7-rc1 through version 4.13. A data\nleak happens when these functions fill in sockaddr data structures\nused to export socket's diagnostic information. As a result, up to 100\nbytes of the slab data could be leaked to a userspace. (CVE-2017-7558)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2017-901.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update kernel' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"kernel-4.9.51-10.52.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-debuginfo-4.9.51-10.52.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"i686\", reference:\"kernel-debuginfo-common-i686-4.9.51-10.52.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-4.9.51-10.52.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-devel-4.9.51-10.52.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-doc-4.9.51-10.52.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-headers-4.9.51-10.52.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-4.9.51-10.52.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-debuginfo-4.9.51-10.52.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-devel-4.9.51-10.52.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perf-4.9.51-10.52.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perf-debuginfo-4.9.51-10.52.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-debuginfo-common-i686 / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:50:43", "description": "Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to privilege escalation, denial of service or information\nleaks.\n\n - CVE-2017-7518\n Andy Lutomirski discovered that KVM is prone to an\n incorrect debug exception (#DB) error occurring while\n emulating a syscall instruction. A process inside a\n guest can take advantage of this flaw for privilege\n escalation inside a guest.\n\n - CVE-2017-7558 (stretch only)\n Stefano Brivio of Red Hat discovered that the SCTP\n subsystem is prone to a data leak vulnerability due to\n an out-of-bounds read flaw, allowing to leak up to 100\n uninitialized bytes to userspace.\n\n - CVE-2017-10661 (jessie only)\n Dmitry Vyukov of Google reported that the timerfd\n facility does not properly handle certain concurrent\n operations on a single file descriptor. This allows a\n local attacker to cause a denial of service or\n potentially execute arbitrary code.\n\n - CVE-2017-11600\n Bo Zhang reported that the xfrm subsystem does not\n properly validate one of the parameters to a netlink\n message. Local users with the CAP_NET_ADMIN capability\n can use this to cause a denial of service or potentially\n to execute arbitrary code.\n\n - CVE-2017-12134 / #866511 / XSA-229\n Jan H. Schoenherr of Amazon discovered that when Linux\n is running in a Xen PV domain on an x86 system, it may\n incorrectly merge block I/O requests. A buggy or\n malicious guest may trigger this bug in dom0 or a PV\n driver domain, causing a denial of service or\n potentially execution of arbitrary code.\n\n This issue can be mitigated by disabling merges on the underlying\n back-end block devices, e.g.:echo 2 >\n /sys/block/nvme0n1/queue/nomerges\n\n - CVE-2017-12146 (stretch only)\n Adrian Salido of Google reported a race condition in\n access to the'driver_override' attribute for platform\n devices in sysfs. If unprivileged users are permitted to\n access this attribute, this might allow them to gain\n privileges.\n\n - CVE-2017-12153\n Bo Zhang reported that the cfg80211 (wifi) subsystem\n does not properly validate the parameters to a netlink\n message. Local users with the CAP_NET_ADMIN capability\n (in any user namespace with a wifi device) can use this\n to cause a denial of service.\n\n - CVE-2017-12154\n Jim Mattson of Google reported that the KVM\n implementation for Intel x86 processors did not\n correctly handle certain nested hypervisor\n configurations. A malicious guest (or nested guest in a\n suitable L1 hypervisor) could use this for denial of\n service.\n\n - CVE-2017-14106\n Andrey Konovalov discovered that a user-triggerable\n division by zero in the tcp_disconnect() function could\n result in local denial of service.\n\n - CVE-2017-14140\n Otto Ebeling reported that the move_pages() system call\n performed insufficient validation of the UIDs of the\n calling and target processes, resulting in a partial\n ASLR bypass. This made it easier for local users to\n exploit vulnerabilities in programs installed with the\n set-UID permission bit set.\n\n - CVE-2017-14156\n 'sohu0106' reported an information leak in the atyfb\n video driver. A local user with access to a framebuffer\n device handled by this driver could use this to obtain\n sensitive information.\n\n - CVE-2017-14340\n Richard Wareing discovered that the XFS implementation\n allows the creation of files with the 'realtime' flag on\n a filesystem with no realtime device, which can result\n in a crash (oops). A local user with access to an XFS\n filesystem that does not have a realtime device can use\n this for denial of service.\n\n - CVE-2017-14489\n ChunYu Wang of Red Hat discovered that the iSCSI\n subsystem does not properly validate the length of a\n netlink message, leading to memory corruption. A local\n user with permission to manage iSCSI devices can use\n this for denial of service or possibly to execute\n arbitrary code.\n\n - CVE-2017-14497 (stretch only)\n Benjamin Poirier of SUSE reported that vnet headers are\n not properly handled within the tpacket_rcv() function\n in the raw packet (af_packet) feature. A local user with\n the CAP_NET_RAW capability can take advantage of this\n flaw to cause a denial of service (buffer overflow, and\n disk and memory corruption) or have other impact.\n\n - CVE-2017-1000111\n Andrey Konovalov of Google reported a race condition in\n the raw packet (af_packet) feature. Local users with the\n CAP_NET_RAW capability can use this for denial of\n service or possibly to execute arbitrary code.\n\n - CVE-2017-1000112\n Andrey Konovalov of Google reported a race condition\n flaw in the UDP Fragmentation Offload (UFO) code. A\n local user can use this flaw for denial of service or\n possibly to execute arbitrary code.\n\n - CVE-2017-1000251 / #875881\n Armis Labs discovered that the Bluetooth subsystem does\n not properly validate L2CAP configuration responses,\n leading to a stack-based buffer overflow. This is one of\n several vulnerabilities dubbed 'Blueborne'. A nearby\n attacker can use this to cause a denial of service or\n possibly to execute arbitrary code on a system with\n Bluetooth enabled.\n\n - CVE-2017-1000252 (stretch only)\n Jan H. Schoenherr of Amazon reported that the KVM\n implementation for Intel x86 processors did not\n correctly validate interrupt injection requests. A local\n user with permission to use KVM could use this for\n denial of service.\n\n - CVE-2017-1000370\n The Qualys Research Labs reported that a large argument\n or environment list can result in ASLR bypass for 32-bit\n PIE binaries.\n\n - CVE-2017-1000371\n The Qualys Research Labs reported that a large argument\n or environment list can result in a stack/heap clash for\n 32-bit PIE binaries.\n\n - CVE-2017-1000380\n Alexander Potapenko of Google reported a race condition\n in the ALSA (sound) timer driver, leading to an\n information leak. A local user with permission to access\n sound devices could use this to obtain sensitive\n information.\n\nDebian disables unprivileged user namespaces by default, but if they\nare enabled (via the kernel.unprivileged_userns_clone sysctl) then\nCVE-2017-11600, CVE-2017-14497 and CVE-2017-1000111 can be exploited\nby any local user.", "edition": 24, "cvss3": {"score": 8.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2017-09-21T00:00:00", "title": "Debian DSA-3981-1 : linux - security update (BlueBorne) (Stack Clash)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-1000380", "CVE-2017-1000111", "CVE-2017-14489", "CVE-2017-12146", "CVE-2017-7518", "CVE-2017-1000252", "CVE-2017-14106", "CVE-2017-14140", "CVE-2017-10661", "CVE-2017-1000251", "CVE-2017-1000112", "CVE-2017-7558", "CVE-2017-14156", "CVE-2017-14340", "CVE-2017-1000370", "CVE-2017-12134", "CVE-2017-12153", "CVE-2017-1000371", "CVE-2017-14497", "CVE-2017-12154", "CVE-2017-11600"], "modified": "2017-09-21T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "p-cpe:/a:debian:debian_linux:linux", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-3981.NASL", "href": "https://www.tenable.com/plugins/nessus/103365", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3981. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103365);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-1000111\", \"CVE-2017-1000112\", \"CVE-2017-1000251\", \"CVE-2017-1000252\", \"CVE-2017-1000370\", \"CVE-2017-1000371\", \"CVE-2017-1000380\", \"CVE-2017-10661\", \"CVE-2017-11600\", \"CVE-2017-12134\", \"CVE-2017-12146\", \"CVE-2017-12153\", \"CVE-2017-12154\", \"CVE-2017-14106\", \"CVE-2017-14140\", \"CVE-2017-14156\", \"CVE-2017-14340\", \"CVE-2017-14489\", \"CVE-2017-14497\", \"CVE-2017-7518\", \"CVE-2017-7558\");\n script_xref(name:\"DSA\", value:\"3981\");\n\n script_name(english:\"Debian DSA-3981-1 : linux - security update (BlueBorne) (Stack Clash)\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to privilege escalation, denial of service or information\nleaks.\n\n - CVE-2017-7518\n Andy Lutomirski discovered that KVM is prone to an\n incorrect debug exception (#DB) error occurring while\n emulating a syscall instruction. A process inside a\n guest can take advantage of this flaw for privilege\n escalation inside a guest.\n\n - CVE-2017-7558 (stretch only)\n Stefano Brivio of Red Hat discovered that the SCTP\n subsystem is prone to a data leak vulnerability due to\n an out-of-bounds read flaw, allowing to leak up to 100\n uninitialized bytes to userspace.\n\n - CVE-2017-10661 (jessie only)\n Dmitry Vyukov of Google reported that the timerfd\n facility does not properly handle certain concurrent\n operations on a single file descriptor. This allows a\n local attacker to cause a denial of service or\n potentially execute arbitrary code.\n\n - CVE-2017-11600\n Bo Zhang reported that the xfrm subsystem does not\n properly validate one of the parameters to a netlink\n message. Local users with the CAP_NET_ADMIN capability\n can use this to cause a denial of service or potentially\n to execute arbitrary code.\n\n - CVE-2017-12134 / #866511 / XSA-229\n Jan H. Schoenherr of Amazon discovered that when Linux\n is running in a Xen PV domain on an x86 system, it may\n incorrectly merge block I/O requests. A buggy or\n malicious guest may trigger this bug in dom0 or a PV\n driver domain, causing a denial of service or\n potentially execution of arbitrary code.\n\n This issue can be mitigated by disabling merges on the underlying\n back-end block devices, e.g.:echo 2 >\n /sys/block/nvme0n1/queue/nomerges\n\n - CVE-2017-12146 (stretch only)\n Adrian Salido of Google reported a race condition in\n access to the'driver_override' attribute for platform\n devices in sysfs. If unprivileged users are permitted to\n access this attribute, this might allow them to gain\n privileges.\n\n - CVE-2017-12153\n Bo Zhang reported that the cfg80211 (wifi) subsystem\n does not properly validate the parameters to a netlink\n message. Local users with the CAP_NET_ADMIN capability\n (in any user namespace with a wifi device) can use this\n to cause a denial of service.\n\n - CVE-2017-12154\n Jim Mattson of Google reported that the KVM\n implementation for Intel x86 processors did not\n correctly handle certain nested hypervisor\n configurations. A malicious guest (or nested guest in a\n suitable L1 hypervisor) could use this for denial of\n service.\n\n - CVE-2017-14106\n Andrey Konovalov discovered that a user-triggerable\n division by zero in the tcp_disconnect() function could\n result in local denial of service.\n\n - CVE-2017-14140\n Otto Ebeling reported that the move_pages() system call\n performed insufficient validation of the UIDs of the\n calling and target processes, resulting in a partial\n ASLR bypass. This made it easier for local users to\n exploit vulnerabilities in programs installed with the\n set-UID permission bit set.\n\n - CVE-2017-14156\n 'sohu0106' reported an information leak in the atyfb\n video driver. A local user with access to a framebuffer\n device handled by this driver could use this to obtain\n sensitive information.\n\n - CVE-2017-14340\n Richard Wareing discovered that the XFS implementation\n allows the creation of files with the 'realtime' flag on\n a filesystem with no realtime device, which can result\n in a crash (oops). A local user with access to an XFS\n filesystem that does not have a realtime device can use\n this for denial of service.\n\n - CVE-2017-14489\n ChunYu Wang of Red Hat discovered that the iSCSI\n subsystem does not properly validate the length of a\n netlink message, leading to memory corruption. A local\n user with permission to manage iSCSI devices can use\n this for denial of service or possibly to execute\n arbitrary code.\n\n - CVE-2017-14497 (stretch only)\n Benjamin Poirier of SUSE reported that vnet headers are\n not properly handled within the tpacket_rcv() function\n in the raw packet (af_packet) feature. A local user with\n the CAP_NET_RAW capability can take advantage of this\n flaw to cause a denial of service (buffer overflow, and\n disk and memory corruption) or have other impact.\n\n - CVE-2017-1000111\n Andrey Konovalov of Google reported a race condition in\n the raw packet (af_packet) feature. Local users with the\n CAP_NET_RAW capability can use this for denial of\n service or possibly to execute arbitrary code.\n\n - CVE-2017-1000112\n Andrey Konovalov of Google reported a race condition\n flaw in the UDP Fragmentation Offload (UFO) code. A\n local user can use this flaw for denial of service or\n possibly to execute arbitrary code.\n\n - CVE-2017-1000251 / #875881\n Armis Labs discovered that the Bluetooth subsystem does\n not properly validate L2CAP configuration responses,\n leading to a stack-based buffer overflow. This is one of\n several vulnerabilities dubbed 'Blueborne'. A nearby\n attacker can use this to cause a denial of service or\n possibly to execute arbitrary code on a system with\n Bluetooth enabled.\n\n - CVE-2017-1000252 (stretch only)\n Jan H. Schoenherr of Amazon reported that the KVM\n implementation for Intel x86 processors did not\n correctly validate interrupt injection requests. A local\n user with permission to use KVM could use this for\n denial of service.\n\n - CVE-2017-1000370\n The Qualys Research Labs reported that a large argument\n or environment list can result in ASLR bypass for 32-bit\n PIE binaries.\n\n - CVE-2017-1000371\n The Qualys Research Labs reported that a large argument\n or environment list can result in a stack/heap clash for\n 32-bit PIE binaries.\n\n - CVE-2017-1000380\n Alexander Potapenko of Google reported a race condition\n in the ALSA (sound) timer driver, leading to an\n information leak. A local user with permission to access\n sound devices could use this to obtain sensitive\n information.\n\nDebian disables unprivileged user namespaces by default, but if they\nare enabled (via the kernel.unprivileged_userns_clone sysctl) then\nCVE-2017-11600, CVE-2017-14497 and CVE-2017-1000111 can be exploited\nby any local user.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866511\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875881\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-7518\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-7558\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-10661\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-11600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-12134\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-12146\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-12153\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-12154\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-14106\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-14140\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-14156\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-14340\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-14489\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-14497\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-1000111\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-1000112\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-1000251\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-1000252\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-1000370\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-1000371\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-1000380\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-11600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-14497\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-1000111\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/linux\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/linux\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2017/dsa-3981\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade the linux packages.\n\nFor the oldstable distribution (jessie), these problems have been\nfixed in version 3.16.43-2+deb8u5.\n\nFor the stable distribution (stretch), these problems have been fixed\nin version 4.9.30-2+deb9u5.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux Kernel UDP Fragmentation Offset (UFO) Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/21\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"linux-compiler-gcc-4.8-arm\", reference:\"3.16.43-2+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-compiler-gcc-4.8-x86\", reference:\"3.16.43-2+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-compiler-gcc-4.9-x86\", reference:\"3.16.43-2+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-doc-3.16\", reference:\"3.16.43-2+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-586\", reference:\"3.16.43-2+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-686-pae\", reference:\"3.16.43-2+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all\", reference:\"3.16.43-2+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-amd64\", reference:\"3.16.43-2+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-armel\", reference:\"3.16.43-2+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-armhf\", reference:\"3.16.43-2+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-i386\", reference:\"3.16.43-2+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-amd64\", reference:\"3.16.43-2+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-armmp\", reference:\"3.16.43-2+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-armmp-lpae\", reference:\"3.16.43-2+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-common\", reference:\"3.16.43-2+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-ixp4xx\", reference:\"3.16.43-2+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-kirkwood\", reference:\"3.16.43-2+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-orion5x\", reference:\"3.16.43-2+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-versatile\", reference:\"3.16.43-2+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-586\", reference:\"3.16.43-2+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-686-pae\", reference:\"3.16.43-2+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-686-pae-dbg\", reference:\"3.16.43-2+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-amd64\", reference:\"3.16.43-2+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-amd64-dbg\", reference:\"3.16.43-2+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-armmp\", reference:\"3.16.43-2+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-armmp-lpae\", reference:\"3.16.43-2+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-ixp4xx\", reference:\"3.16.43-2+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-kirkwood\", reference:\"3.16.43-2+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-orion5x\", reference:\"3.16.43-2+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-versatile\", reference:\"3.16.43-2+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-libc-dev\", reference:\"3.16.43-2+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-manual-3.16\", reference:\"3.16.43-2+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-source-3.16\", reference:\"3.16.43-2+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-support-3.16.0-9\", reference:\"3.16.43-2+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"xen-linux-system-3.16.0-9-amd64\", reference:\"3.16.43-2+deb8u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"hyperv-daemons\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcpupower-dev\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcpupower1\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libusbip-dev\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-compiler-gcc-6-arm\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-compiler-gcc-6-s390\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-compiler-gcc-6-x86\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-cpupower\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-doc-4.9\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-4kc-malta\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-5kc-malta\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-686\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-686-pae\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-amd64\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-arm64\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-armel\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-armhf\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-i386\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-mips\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-mips64el\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-mipsel\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-ppc64el\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-s390x\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-amd64\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-arm64\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-armmp\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-armmp-lpae\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-common\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-common-rt\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-loongson-3\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-marvell\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-octeon\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-powerpc64le\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-rt-686-pae\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-rt-amd64\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-s390x\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-4kc-malta\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-4kc-malta-dbg\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-5kc-malta\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-5kc-malta-dbg\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686-dbg\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686-pae\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686-pae-dbg\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-amd64\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-amd64-dbg\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-arm64\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-arm64-dbg\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp-dbg\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp-lpae\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp-lpae-dbg\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-loongson-3\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-loongson-3-dbg\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-marvell\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-marvell-dbg\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-octeon\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-octeon-dbg\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-powerpc64le\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-powerpc64le-dbg\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-686-pae\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-686-pae-dbg\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-amd64\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-amd64-dbg\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-s390x\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-s390x-dbg\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-kbuild-4.9\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-libc-dev\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-manual-4.9\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-perf-4.9\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-source-4.9\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-support-4.9.0-9\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"usbip\", reference:\"4.9.30-2+deb9u5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.7, "vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T08:57:42", "description": "According to the versions of the kernel packages installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz),\n the core of any Linux operating system. The kernel\n handles the basic functions of the operating system:\n memory allocation, process allocation, device input and\n output, etc.Security Fix(es):A buffer overflow was\n discovered in tpacket_rcv() function in the Linux\n kernel since v4.6-rc1 through v4.13. A number of\n socket-related syscalls can be made to set up a\n configuration when each packet received by a network\n interface can cause writing up to 10 bytes to a kernel\n memory outside of a kernel buffer. This can cause\n unspecified kernel data corruption effects, including\n damage of in-memory and on-disk XFS\n data.(CVE-2017-14497)The qmi_wwan_bind function in\n driverset/usb/qmi_wwan.c in the Linux kernel through\n 4.13.11 allows local users to cause a denial of service\n (divide-by-zero error and system crash) or possibly\n have unspecified other impact via a crafted USB\n device.(CVE-2017-16650)A race condition flaw was found\n in the way the Linux kernel's SCTP implementation\n handled sctp_accept() during the processing of\n heartbeat timeout events. A remote attacker could use\n this flaw to prevent further connections to be accepted\n by the SCTP server running on the system, resulting in\n a denial of service.(CVE-2015-8767)A race condition\n flaw was found in the way the Linux kernel's KVM\n subsystem handled PIT (Programmable Interval Timer)\n emulation. A guest user who has access to the PIT I/O\n ports could use this flaw to crash the\n host.(CVE-2014-3611)The Linux kernel is vulnerable to a\n memory leak in the\n driverset/wireless/mac80211_hwsim.c:hwsim_new_radio_nl(\n ) function. An attacker could exploit this to cause a\n potential denial of service.(CVE-2018-8087)An integer\n underflow flaw was found in the way the Linux kernel's\n Stream Control Transmission Protocol (SCTP)\n implementation processed certain COOKIE_ECHO packets.\n By sending a specially crafted SCTP packet, a remote\n attacker could use this flaw to prevent legitimate\n connections to a particular SCTP server socket to be\n made.(CVE-2014-4667)The cx231xx_usb_probe function in\n drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux\n kernel through 4.13.11 allows local users to cause a\n denial of service (NULL pointer dereference and system\n crash) or possibly have unspecified other impact via a\n crafted USB device.(CVE-2017-16536)The\n snd_usb_create_streams function in sound/usb/card.c in\n the Linux kernel, before 4.13.6, allows local users to\n cause a denial of service (out-of-bounds read and\n system crash) or possibly have unspecified other impact\n via a crafted USB device.(CVE-2017-16529)A flaw was\n found in the Linux kernel's random number generator\n API. A null pointer dereference in the rngapi_reset\n function may result in denial of service, crashing the\n system.(CVE-2017-15116)The __netlink_deliver_tap_skb\n function in netetlink/af_netlink.c in the Linux kernel,\n through 4.14.4, does not restrict observations of\n Netlink messages to a single net namespace, when\n CONFIG_NLMON is enabled. This allows local users to\n obtain sensitive information by leveraging the\n CAP_NET_ADMIN capability to sniff an nlmon interface\n for all Netlink activity on the\n system.(CVE-2017-17449)arch/arm64/kernel/perf_event.c\n in the Linux kernel before 4.1 on arm64 platforms\n allows local users to gain privileges or cause a denial\n of service (invalid pointer dereference) via vectors\n involving events that are mishandled during a span of\n multiple HW PMUs.(CVE-2015-8955)The aac_compat_ioctl\n function in drivers/scsi/aacraid/linit.c in the Linux\n kernel before 3.11.8 does not require the CAP_SYS_RAWIO\n capability, which allows local users to bypass intended\n access restrictions via a crafted ioctl\n call.(CVE-2013-6383)Linux kernel before version\n 4.16-rc7 is vulnerable to a null pointer dereference in\n dccp_write_xmit() function in net/dccp/output.c in that\n allows a local user to cause a denial of service by a\n number of certain crafted system\n calls.(CVE-2018-1130)The Linux kernel is vulerable to a\n use-after-free flaw when Transformation User\n configuration interface(CONFIG_XFRM_USER) compile-time\n configuration were enabled. This vulnerability occurs\n while closing a xfrm netlink socket in\n xfrm_dump_policy_done. A user/process could abuse this\n flaw to potentially escalate their privileges on a\n system.(CVE-2017-16939)A vulnerability was found in the\n Linux kernel in function rds_inc_info_copy of file\n net/rds/recv.c. The last field 'flags' of object\n 'minfo' is not initialized. This can leak data\n previously at the flags location to\n userspace.(CVE-2016-5244)A flaw was found in the\n kernel's ACPI interpreter when it does not flush the\n operand cache and causes a kernel stack dump. This\n allows local users to obtain sensitive information from\n kernel memory and bypass the KASLR protection\n mechanism.(CVE-2017-13693)It was found that\n kernel/events/core.c in the Linux kernel mishandles\n counter grouping, which allows local users to gain\n privileges via a crafted application, related to the\n perf_pmu_register and perf_event_open\n functions.(CVE-2015-9004)The xfs_bmap_extents_to_btree\n function in fs/xfs/libxfs/xfs_bmap.c in the Linux\n kernel through 4.16.3 allows local users to cause a\n denial of service (xfs_bmapi_write NULL pointer\n dereference) via a crafted xfs\n image.(CVE-2018-10323)The lrw_crypt() function in\n 'crypto/lrw.c' in the Linux kernel before 4.5 allows\n local users to cause a system crash and a denial of\n service by the NULL pointer dereference via accept(2)\n system call for AF_ALG socket without calling setkey()\n first to set a cipher key.(CVE-2015-8970)The IPv6\n fragmentation implementation in the Linux kernel does\n not consider that the nexthdr field may be associated\n with an invalid option, which allows local users to\n cause a denial of service (out-of-bounds read and BUG)\n or possibly have unspecified other impact via crafted\n socket and send system calls. Due to the nature of the\n flaw, privilege escalation cannot be fully ruled out,\n although we believe it is unlikely.(CVE-2017-9074)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 12, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-05-14T00:00:00", "title": "EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1537)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5244", "CVE-2013-6383", "CVE-2017-9074", "CVE-2018-8087", "CVE-2014-3611", "CVE-2017-13693", "CVE-2018-1130", "CVE-2015-8970", "CVE-2017-16536", "CVE-2017-16939", "CVE-2017-15116", "CVE-2015-9004", "CVE-2017-17449", "CVE-2017-16529", "CVE-2017-16650", "CVE-2015-8955", "CVE-2015-8767", "CVE-2018-10323", "CVE-2017-14497", "CVE-2014-4667"], "modified": "2019-05-14T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-tools-libs-devel", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-devel", "cpe:/o:huawei:euleros:uvp:3.0.1.0", "p-cpe:/a:huawei:euleros:python-perf", "p-cpe:/a:huawei:euleros:kernel-tools-libs"], "id": "EULEROS_SA-2019-1537.NASL", "href": "https://www.tenable.com/plugins/nessus/124990", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124990);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2013-6383\",\n \"CVE-2014-3611\",\n \"CVE-2014-4667\",\n \"CVE-2015-8767\",\n \"CVE-2015-8955\",\n \"CVE-2015-8970\",\n \"CVE-2015-9004\",\n \"CVE-2016-5244\",\n \"CVE-2017-13693\",\n \"CVE-2017-14497\",\n \"CVE-2017-15116\",\n \"CVE-2017-16529\",\n \"CVE-2017-16536\",\n \"CVE-2017-16650\",\n \"CVE-2017-16939\",\n \"CVE-2017-17449\",\n \"CVE-2017-9074\",\n \"CVE-2018-10323\",\n \"CVE-2018-1130\",\n \"CVE-2018-8087\"\n );\n script_bugtraq_id(\n 63888,\n 68224,\n 70743\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1537)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz),\n the core of any Linux operating system. The kernel\n handles the basic functions of the operating system:\n memory allocation, process allocation, device input and\n output, etc.Security Fix(es):A buffer overflow was\n discovered in tpacket_rcv() function in the Linux\n kernel since v4.6-rc1 through v4.13. A number of\n socket-related syscalls can be made to set up a\n configuration when each packet received by a network\n interface can cause writing up to 10 bytes to a kernel\n memory outside of a kernel buffer. This can cause\n unspecified kernel data corruption effects, including\n damage of in-memory and on-disk XFS\n data.(CVE-2017-14497)The qmi_wwan_bind function in\n driverset/usb/qmi_wwan.c in the Linux kernel through\n 4.13.11 allows local users to cause a denial of service\n (divide-by-zero error and system crash) or possibly\n have unspecified other impact via a crafted USB\n device.(CVE-2017-16650)A race condition flaw was found\n in the way the Linux kernel's SCTP implementation\n handled sctp_accept() during the processing of\n heartbeat timeout events. A remote attacker could use\n this flaw to prevent further connections to be accepted\n by the SCTP server running on the system, resulting in\n a denial of service.(CVE-2015-8767)A race condition\n flaw was found in the way the Linux kernel's KVM\n subsystem handled PIT (Programmable Interval Timer)\n emulation. A guest user who has access to the PIT I/O\n ports could use this flaw to crash the\n host.(CVE-2014-3611)The Linux kernel is vulnerable to a\n memory leak in the\n driverset/wireless/mac80211_hwsim.c:hwsim_new_radio_nl(\n ) function. An attacker could exploit this to cause a\n potential denial of service.(CVE-2018-8087)An integer\n underflow flaw was found in the way the Linux kernel's\n Stream Control Transmission Protocol (SCTP)\n implementation processed certain COOKIE_ECHO packets.\n By sending a specially crafted SCTP packet, a remote\n attacker could use this flaw to prevent legitimate\n connections to a particular SCTP server socket to be\n made.(CVE-2014-4667)The cx231xx_usb_probe function in\n drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux\n kernel through 4.13.11 allows local users to cause a\n denial of service (NULL pointer dereference and system\n crash) or possibly have unspecified other impact via a\n crafted USB device.(CVE-2017-16536)The\n snd_usb_create_streams function in sound/usb/card.c in\n the Linux kernel, before 4.13.6, allows local users to\n cause a denial of service (out-of-bounds read and\n system crash) or possibly have unspecified other impact\n via a crafted USB device.(CVE-2017-16529)A flaw was\n found in the Linux kernel's random number generator\n API. A null pointer dereference in the rngapi_reset\n function may result in denial of service, crashing the\n system.(CVE-2017-15116)The __netlink_deliver_tap_skb\n function in netetlink/af_netlink.c in the Linux kernel,\n through 4.14.4, does not restrict observations of\n Netlink messages to a single net namespace, when\n CONFIG_NLMON is enabled. This allows local users to\n obtain sensitive information by leveraging the\n CAP_NET_ADMIN capability to sniff an nlmon interface\n for all Netlink activity on the\n system.(CVE-2017-17449)arch/arm64/kernel/perf_event.c\n in the Linux kernel before 4.1 on arm64 platforms\n allows local users to gain privileges or cause a denial\n of service (invalid pointer dereference) via vectors\n involving events that are mishandled during a span of\n multiple HW PMUs.(CVE-2015-8955)The aac_compat_ioctl\n function in drivers/scsi/aacraid/linit.c in the Linux\n kernel before 3.11.8 does not require the CAP_SYS_RAWIO\n capability, which allows local users to bypass intended\n access restrictions via a crafted ioctl\n call.(CVE-2013-6383)Linux kernel before version\n 4.16-rc7 is vulnerable to a null pointer dereference in\n dccp_write_xmit() function in net/dccp/output.c in that\n allows a local user to cause a denial of service by a\n number of certain crafted system\n calls.(CVE-2018-1130)The Linux kernel is vulerable to a\n use-after-free flaw when Transformation User\n configuration interface(CONFIG_XFRM_USER) compile-time\n configuration were enabled. This vulnerability occurs\n while closing a xfrm netlink socket in\n xfrm_dump_policy_done. A user/process could abuse this\n flaw to potentially escalate their privileges on a\n system.(CVE-2017-16939)A vulnerability was found in the\n Linux kernel in function rds_inc_info_copy of file\n net/rds/recv.c. The last field 'flags' of object\n 'minfo' is not initialized. This can leak data\n previously at the flags location to\n userspace.(CVE-2016-5244)A flaw was found in the\n kernel's ACPI interpreter when it does not flush the\n operand cache and causes a kernel stack dump. This\n allows local users to obtain sensitive information from\n kernel memory and bypass the KASLR protection\n mechanism.(CVE-2017-13693)It was found that\n kernel/events/core.c in the Linux kernel mishandles\n counter grouping, which allows local users to gain\n privileges via a crafted application, related to the\n perf_pmu_register and perf_event_open\n functions.(CVE-2015-9004)The xfs_bmap_extents_to_btree\n function in fs/xfs/libxfs/xfs_bmap.c in the Linux\n kernel through 4.16.3 allows local users to cause a\n denial of service (xfs_bmapi_write NULL pointer\n dereference) via a crafted xfs\n image.(CVE-2018-10323)The lrw_crypt() function in\n 'crypto/lrw.c' in the Linux kernel before 4.5 allows\n local users to cause a system crash and a denial of\n service by the NULL pointer dereference via accept(2)\n system call for AF_ALG socket without calling setkey()\n first to set a cipher key.(CVE-2015-8970)The IPv6\n fragmentation implementation in the Linux kernel does\n not consider that the nexthdr field may be associated\n with an invalid option, which allows local users to\n cause a denial of service (out-of-bounds read and BUG)\n or possibly have unspecified other impact via crafted\n socket and send system calls. Due to the nature of the\n flaw, privilege escalation cannot be fully ruled out,\n although we believe it is unlikely.(CVE-2017-9074)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1537\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6bb8a3e5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-4.19.28-1.2.117\",\n \"kernel-devel-4.19.28-1.2.117\",\n \"kernel-headers-4.19.28-1.2.117\",\n \"kernel-tools-4.19.28-1.2.117\",\n \"kernel-tools-libs-4.19.28-1.2.117\",\n \"kernel-tools-libs-devel-4.19.28-1.2.117\",\n \"perf-4.19.28-1.2.117\",\n \"python-perf-4.19.28-1.2.117\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:34:25", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-14497"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-09-28T00:00:00", "id": "OPENVAS:1361412562310873460", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873460", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2017-3202aed903", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_3202aed903_kernel_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2017-3202aed903\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873460\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-28 09:16:20 +0200 (Thu, 28 Sep 2017)\");\n script_cve_id(\"CVE-2017-14497\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2017-3202aed903\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-3202aed903\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IAJQU3X4NEQ2RVRQ7HWBHR6QDPNMQ23L\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.12.14~300.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-02-05T16:36:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5244", "CVE-2013-6383", "CVE-2017-9074", "CVE-2018-8087", "CVE-2014-3611", "CVE-2017-13693", "CVE-2018-1130", "CVE-2015-8970", "CVE-2017-16536", "CVE-2017-16939", "CVE-2017-15116", "CVE-2015-9004", "CVE-2017-17449", "CVE-2017-16529", "CVE-2017-16650", "CVE-2015-8955", "CVE-2015-8767", "CVE-2018-10323", "CVE-2017-14497", "CVE-2014-4667"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-02-05T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191537", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191537", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1537)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1537\");\n script_version(\"2020-02-05T08:56:28+0000\");\n script_cve_id(\"CVE-2013-6383\", \"CVE-2014-3611\", \"CVE-2014-4667\", \"CVE-2015-8767\", \"CVE-2015-8955\", \"CVE-2015-8970\", \"CVE-2015-9004\", \"CVE-2016-5244\", \"CVE-2017-13693\", \"CVE-2017-14497\", \"CVE-2017-15116\", \"CVE-2017-16529\", \"CVE-2017-16536\", \"CVE-2017-16650\", \"CVE-2017-16939\", \"CVE-2017-17449\", \"CVE-2017-9074\", \"CVE-2018-10323\", \"CVE-2018-1130\", \"CVE-2018-8087\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-02-05 08:56:28 +0000 (Wed, 05 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:08:31 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1537)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1537\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1537\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2019-1537 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A buffer overflow was discovered in tpacket_rcv() function in the Linux kernel since v4.6-rc1 through v4.13. A number of socket-related syscalls can be made to set up a configuration when each packet received by a network interface can cause writing up to 10 bytes to a kernel memory outside of a kernel buffer. This can cause unspecified kernel data corruption effects, including damage of in-memory and on-disk XFS data.(CVE-2017-14497)\n\nThe qmi_wwan_bind function in drivers/net/usb/qmi_wwan.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device.(CVE-2017-16650)\n\nA race condition flaw was found in the way the Linux kernel's SCTP implementation handled sctp_accept() during the processing of heartbeat timeout events. A remote attacker could use this flaw to prevent further connections to be accepted by the SCTP server running on the system, resulting in a denial of service.(CVE-2015-8767)\n\nA race condition flaw was found in the way the Linux kernel's KVM subsystem handled PIT (Programmable Interval Timer) emulation. A guest user who has access to the PIT I/O ports could use this flaw to crash the host.(CVE-2014-3611)\n\nThe Linux kernel is vulnerable to a memory leak in the drivers/net/wireless/mac80211_hwsim.c:hwsim_new_radio_nl() function. An attacker could exploit this to cause a potential denial of service.(CVE-2018-8087)\n\nAn integer underflow flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation processed certain COOKIE_ECHO packets. By sending a specially crafted SCTP packet, a remote attacker could use this flaw to prevent legitimate connections to a particular SCTP server socket to be made.(CVE-2014-4667)\n\nThe cx231xx_usb_probe function in drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.(CVE-2017-16536)\n\nThe snd_usb_create_streams function in sound/usb/card.c in the Linux kernel, before 4.13.6, allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.(CVE-2017-16529)\n\nA flaw was found in the Linux kernel's random number generator API. A null pointer dereference in the rngapi_reset function may result in denial of service, crashing the system.(CVE-2017-15116)\n\nThe __netlink_deliver_tap_skb function in net/net ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs-devel\", rpm:\"kernel-tools-libs-devel~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-09T19:22:09", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-1000380", "CVE-2017-1000111", "CVE-2017-14489", "CVE-2017-12146", "CVE-2017-7518", "CVE-2017-1000252", "CVE-2017-14106", "CVE-2017-14140", "CVE-2017-10661", "CVE-2017-1000251", "CVE-2017-1000112", "CVE-2017-7558", "CVE-2017-14156", "CVE-2017-14340", "CVE-2017-1000370", "CVE-2017-12134", "CVE-2017-12153", "CVE-2017-1000371", "CVE-2017-14497", "CVE-2017-12154", "CVE-2017-11600"], "description": "Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to privilege escalation, denial of service or information\nleaks.\n\nCVE-2017-7518\nAndy Lutomirski discovered that KVM is prone to an incorrect debug\nexception (#DB) error occurring while emulating a syscall\ninstruction. A process inside a guest can take advantage of this\nflaw for privilege escalation inside a guest.\n\nCVE-2017-7558 (stretch only)\n\nStefano Brivio of Red Hat discovered that the SCTP subsystem is\nprone to a data leak vulnerability due to an out-of-bounds read\nflaw, allowing to leak up to 100 uninitialized bytes to userspace.\n\nCVE-2017-10661 (jessie only)\n\nDmitry Vyukov of Google reported that the timerfd facility does\nnot properly handle certain concurrent operations on a single file\ndescriptor. This allows a local attacker to cause a denial of\nservice or potentially execute arbitrary code.\n\nDescription truncated. Please see the references for more information.", "modified": "2020-06-08T00:00:00", "published": "2017-09-20T00:00:00", "id": "OPENVAS:1361412562310703981", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703981", "type": "openvas", "title": "Debian Security Advisory DSA 3981-1 (linux - security update)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Auto-generated from advisory DSA 3981-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH http://greenbone.net\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703981\");\n script_version(\"2020-06-08T06:52:36+0000\");\n script_cve_id(\"CVE-2017-1000111\", \"CVE-2017-1000112\", \"CVE-2017-1000251\", \"CVE-2017-1000252\", \"CVE-2017-1000370\", \"CVE-2017-1000371\", \"CVE-2017-1000380\", \"CVE-2017-10661\", \"CVE-2017-11600\", \"CVE-2017-12134\", \"CVE-2017-12146\", \"CVE-2017-12153\", \"CVE-2017-12154\", \"CVE-2017-14106\", \"CVE-2017-14140\", \"CVE-2017-14156\", \"CVE-2017-14340\", \"CVE-2017-14489\", \"CVE-2017-14497\", \"CVE-2017-7518\", \"CVE-2017-7558\");\n script_name(\"Debian Security Advisory DSA 3981-1 (linux - security update)\");\n script_tag(name:\"last_modification\", value:\"2020-06-08 06:52:36 +0000 (Mon, 08 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 00:00:00 +0200 (Wed, 20 Sep 2017)\");\n script_tag(name:\"cvss_base\", value:\"7.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2017/dsa-3981.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(8|9)\");\n script_tag(name:\"affected\", value:\"linux on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (jessie), these problems have been fixed\nin version 3.16.43-2+deb8u5.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 4.9.30-2+deb9u5.\n\nWe recommend that you upgrade your linux packages.\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to privilege escalation, denial of service or information\nleaks.\n\nCVE-2017-7518\nAndy Lutomirski discovered that KVM is prone to an incorrect debug\nexception (#DB) error occurring while emulating a syscall\ninstruction. A process inside a guest can take advantage of this\nflaw for privilege escalation inside a guest.\n\nCVE-2017-7558 (stretch only)\n\nStefano Brivio of Red Hat discovered that the SCTP subsystem is\nprone to a data leak vulnerability due to an out-of-bounds read\nflaw, allowing to leak up to 100 uninitialized bytes to userspace.\n\nCVE-2017-10661 (jessie only)\n\nDmitry Vyukov of Google reported that the timerfd facility does\nnot properly handle certain concurrent operations on a single file\ndescriptor. This allows a local attacker to cause a denial of\nservice or potentially execute arbitrary code.\n\nDescription truncated. Please see the references for more information.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.8-arm\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.8-s390\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.8-x86\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-doc-3.16\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-4kc-malta\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-586\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-5kc-malta\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-686-pae\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-amd64\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-arm64\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-armel\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-armhf\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-i386\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-mips\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-mipsel\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-powerpc\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-ppc64el\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-s390x\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-amd64\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-arm64\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-armmp\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-armmp-lpae\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-common\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-ixp4xx\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-kirkwood\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-loongson-2e\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-loongson-2f\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-loongson-3\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-octeon\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-orion5x\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc-smp\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc64\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc64le\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-r4k-ip22\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-r5k-ip32\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-s390x\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-sb1-bcm91250a\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-versatile\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-4kc-malta\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-586\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-5kc-malta\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-686-pae\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-686-pae-dbg\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-amd64\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-amd64-dbg\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-arm64\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-arm64-dbg\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-armmp\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-armmp-lpae\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-ixp4xx\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-kirkwood\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-loongson-2e\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-loongson-2f\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-loongson-3\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-octeon\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-orion5x\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc-smp\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc64\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc64le\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-r4k-ip22\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-r5k-ip32\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-s390x\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-s390x-dbg\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-sb1-bcm91250a\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-versatile\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-libc-dev\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-manual-3.16\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-source-3.16\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-support-3.16.0-4\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-linux-system-3.16.0-4-amd64\", ver:\"3.16.43-2+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"hyperv-daemons\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcpupower-dev\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcpupower1\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libusbip-dev\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-compiler-gcc-6-arm\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-compiler-gcc-6-s390\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-compiler-gcc-6-x86\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-cpupower\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-doc-4.9\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-4kc-malta\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-5kc-malta\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-686\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-686-pae\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-amd64\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-arm64\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-armel\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-armhf\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-i386\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-mips\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-mips64el\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-mipsel\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-ppc64el\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-s390x\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-amd64\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-arm64\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-armmp\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-armmp-lpae\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-common\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-common-rt\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-loongson-3\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-marvell\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-octeon\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-powerpc64le\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-rt-686-pae\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-rt-amd64\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-s390x\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-4kc-malta\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-4kc-malta-dbg\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-5kc-malta\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-5kc-malta-dbg\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-686\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-686-dbg\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-686-pae\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-686-pae-dbg\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-amd64\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-amd64-dbg\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-arm64\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-arm64-dbg\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-armmp\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-armmp-dbg\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-armmp-lpae\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-armmp-lpae-dbg\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-loongson-3\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-loongson-3-dbg\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-marvell\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-marvell-dbg\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-octeon\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-octeon-dbg\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-powerpc64le\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-powerpc64le-dbg\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-rt-686-pae\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-rt-686-pae-dbg\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-rt-amd64\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-rt-amd64-dbg\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-s390x\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-s390x-dbg\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-kbuild-4.9\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-libc-dev\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-manual-4.9\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-perf-4.9\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-source-4.9\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-support-4.9.0-3\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"usbip\", ver:\"4.9.30-2+deb9u5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.7, "vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-06-04T17:06:35", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-10021", "CVE-2017-14051", "CVE-2018-8043", "CVE-2017-17863", "CVE-2017-17450", "CVE-2017-5123", "CVE-2018-1108", "CVE-2017-17558", "CVE-2017-13695", "CVE-2018-1000004", "CVE-2017-1000111", "CVE-2018-5333", "CVE-2017-15265", "CVE-2017-17741", "CVE-2017-13694", "CVE-2017-12193", "CVE-2017-17862", "CVE-2017-13693", "CVE-2017-17852", "CVE-2017-16532", "CVE-2017-16649", "CVE-2018-5344", "CVE-2017-17854", "CVE-2017-17853", "CVE-2017-10810", "CVE-2018-7757", "CVE-2017-7533", "CVE-2017-15115", "CVE-2017-17712", "CVE-2017-8824", "CVE-2017-17448", "CVE-2017-1000251", "CVE-2017-1000112", "CVE-2018-1065", "CVE-2017-18232", "CVE-2017-7558", "CVE-2017-16647", "CVE-2018-5332", "CVE-2017-17449", "CVE-2017-1000255", "CVE-2017-16650", "CVE-2017-12134", "CVE-2017-12153", "CVE-2018-7995", "CVE-2018-5750", "CVE-2017-14497", "CVE-2017-16538", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-14954", "CVE-2017-16644", "CVE-2017-17864", "CVE-2017-12154", "CVE-2018-5803", "CVE-2017-1000405", "CVE-2018-1000026", "CVE-2017-12190", "CVE-2017-17856"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-05-12T00:00:00", "id": "OPENVAS:1361412562310874427", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874427", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2018-884a105c04", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_884a105c04_kernel_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2018-884a105c04\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874427\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-05-12 06:00:51 +0200 (Sat, 12 May 2018)\");\n script_cve_id(\"CVE-2018-1108\", \"CVE-2018-10021\", \"CVE-2017-18232\", \"CVE-2018-7995\",\n \"CVE-2018-8043\", \"CVE-2018-7757\", \"CVE-2018-5803\", \"CVE-2018-1065\",\n \"CVE-2018-1000026\", \"CVE-2018-5750\", \"CVE-2018-1000004\", \"CVE-2018-5344\",\n \"CVE-2018-5332\", \"CVE-2018-5333\", \"CVE-2017-17862\", \"CVE-2017-17863\",\n \"CVE-2017-17864\", \"CVE-2017-17852\", \"CVE-2017-17853\", \"CVE-2017-17854\",\n \"CVE-2017-17855\", \"CVE-2017-17856\", \"CVE-2017-17857\", \"CVE-2017-17741\",\n \"CVE-2017-17712\", \"CVE-2017-17449\", \"CVE-2017-17450\", \"CVE-2017-17448\",\n \"CVE-2017-17558\", \"CVE-2017-8824\", \"CVE-2017-1000405\", \"CVE-2017-16649\",\n \"CVE-2017-16650\", \"CVE-2017-16644\", \"CVE-2017-16647\", \"CVE-2017-15115\",\n \"CVE-2017-16532\", \"CVE-2017-16538\", \"CVE-2017-12193\", \"CVE-2017-12190\",\n \"CVE-2017-5123\", \"CVE-2017-15265\", \"CVE-2017-1000255\", \"CVE-2017-14954\",\n \"CVE-2017-14497\", \"CVE-2017-12154\", \"CVE-2017-12153\", \"CVE-2017-1000251\",\n \"CVE-2017-14051\", \"CVE-2017-13693\", \"CVE-2017-13694\", \"CVE-2017-13695\",\n \"CVE-2017-7558\", \"CVE-2017-12134\", \"CVE-2017-1000111\", \"CVE-2017-1000112\",\n \"CVE-2017-7533\", \"CVE-2017-10810\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2018-884a105c04\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-884a105c04\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HM3JVAHYMEV65VTITHNUM7JTHTN7Q53I\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.16.7~100.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-06-04T17:01:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-10021", "CVE-2017-14051", "CVE-2018-8043", "CVE-2017-17863", "CVE-2017-17450", "CVE-2017-5123", "CVE-2017-17558", "CVE-2017-13695", "CVE-2018-1000004", "CVE-2017-1000111", "CVE-2018-5333", "CVE-2017-15265", "CVE-2017-17741", "CVE-2017-13694", "CVE-2017-12193", "CVE-2017-17862", "CVE-2017-13693", "CVE-2017-17852", "CVE-2017-16532", "CVE-2017-16649", "CVE-2018-5344", "CVE-2017-17854", "CVE-2017-17853", "CVE-2017-10810", "CVE-2018-7757", "CVE-2017-7533", "CVE-2017-15115", "CVE-2017-17712", "CVE-2017-8824", "CVE-2017-17448", "CVE-2017-1000251", "CVE-2017-1000112", "CVE-2018-1065", "CVE-2017-18232", "CVE-2017-7558", "CVE-2017-16647", "CVE-2018-5332", "CVE-2017-17449", "CVE-2017-1000255", "CVE-2017-16650", "CVE-2017-12134", "CVE-2017-12153", "CVE-2018-7995", "CVE-2018-5750", "CVE-2017-14497", "CVE-2017-16538", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-14954", "CVE-2017-16644", "CVE-2017-17864", "CVE-2017-12154", "CVE-2018-5803", "CVE-2017-1000405", "CVE-2018-1000026", "CVE-2017-12190", "CVE-2017-17856"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-04-18T00:00:00", "id": "OPENVAS:1361412562310874365", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874365", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2018-4ca01704a2", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_4ca01704a2_kernel_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2018-4ca01704a2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874365\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-04-18 08:54:26 +0200 (Wed, 18 Apr 2018)\");\n script_cve_id(\"CVE-2018-10021\", \"CVE-2017-18232\", \"CVE-2018-7995\", \"CVE-2018-8043\",\n \"CVE-2018-7757\", \"CVE-2018-5803\", \"CVE-2018-1065\", \"CVE-2018-1000026\",\n \"CVE-2018-5750\", \"CVE-2018-1000004\", \"CVE-2018-5344\", \"CVE-2018-5332\",\n \"CVE-2018-5333\", \"CVE-2017-17862\", \"CVE-2017-17863\", \"CVE-2017-17864\",\n \"CVE-2017-17852\", \"CVE-2017-17853\", \"CVE-2017-17854\", \"CVE-2017-17855\",\n \"CVE-2017-17856\", \"CVE-2017-17857\", \"CVE-2017-17741\", \"CVE-2017-17712\",\n \"CVE-2017-17449\", \"CVE-2017-17450\", \"CVE-2017-17448\", \"CVE-2017-17558\",\n \"CVE-2017-8824\", \"CVE-2017-1000405\", \"CVE-2017-16649\", \"CVE-2017-16650\",\n \"CVE-2017-16644\", \"CVE-2017-16647\", \"CVE-2017-15115\", \"CVE-2017-16532\",\n \"CVE-2017-16538\", \"CVE-2017-12193\", \"CVE-2017-12190\", \"CVE-2017-5123\",\n \"CVE-2017-15265\", \"CVE-2017-1000255\", \"CVE-2017-14954\", \"CVE-2017-14497\",\n \"CVE-2017-12154\", \"CVE-2017-12153\", \"CVE-2017-1000251\", \"CVE-2017-14051\",\n \"CVE-2017-13693\", \"CVE-2017-13694\", \"CVE-2017-13695\", \"CVE-2017-7558\",\n \"CVE-2017-12134\", \"CVE-2017-1000111\", \"CVE-2017-1000112\", \"CVE-2017-7533\",\n \"CVE-2017-10810\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2018-4ca01704a2\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-4ca01704a2\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3MAKT7ZDC6T4B52QFNRBYKWU75JMUX5C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.15.17~200.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-06-04T17:06:26", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-10021", "CVE-2017-14051", "CVE-2018-8043", "CVE-2017-17863", "CVE-2017-17450", "CVE-2017-5123", "CVE-2018-1108", "CVE-2017-17558", "CVE-2017-13695", "CVE-2018-1000004", "CVE-2017-1000111", "CVE-2018-5333", "CVE-2017-15265", "CVE-2017-17741", "CVE-2017-13694", "CVE-2017-12193", "CVE-2017-17862", "CVE-2017-13693", "CVE-2017-17852", "CVE-2017-16532", "CVE-2017-16649", "CVE-2018-5344", "CVE-2017-17854", "CVE-2017-17853", "CVE-2017-10810", "CVE-2018-7757", "CVE-2017-7533", "CVE-2017-15115", "CVE-2017-17712", "CVE-2017-8824", "CVE-2017-17448", "CVE-2017-1000251", "CVE-2018-1120", "CVE-2017-1000112", "CVE-2018-1065", "CVE-2017-18232", "CVE-2017-7558", "CVE-2017-16647", "CVE-2018-5332", "CVE-2017-17449", "CVE-2017-1000255", "CVE-2018-10322", "CVE-2017-16650", "CVE-2017-12134", "CVE-2018-10323", "CVE-2017-12153", "CVE-2018-7995", "CVE-2018-5750", "CVE-2017-14497", "CVE-2017-16538", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-14954", "CVE-2017-16644", "CVE-2017-17864", "CVE-2017-12154", "CVE-2018-5803", "CVE-2017-1000405", "CVE-2018-1000026", "CVE-2017-12190", "CVE-2018-3639", "CVE-2017-17856"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-05-30T00:00:00", "id": "OPENVAS:1361412562310874619", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874619", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2018-6367a17aa3", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_6367a17aa3_kernel_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2018-6367a17aa3\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874619\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-05-30 05:57:30 +0200 (Wed, 30 May 2018)\");\n script_cve_id(\"CVE-2018-3639\", \"CVE-2018-1120\", \"CVE-2018-10322\", \"CVE-2018-10323\",\n \"CVE-2018-1108\", \"CVE-2018-10021\", \"CVE-2017-18232\", \"CVE-2018-7995\",\n \"CVE-2018-8043\", \"CVE-2018-7757\", \"CVE-2018-5803\", \"CVE-2018-1065\",\n \"CVE-2018-1000026\", \"CVE-2018-5750\", \"CVE-2018-1000004\", \"CVE-2018-5344\",\n \"CVE-2018-5332\", \"CVE-2018-5333\", \"CVE-2017-17862\", \"CVE-2017-17863\",\n \"CVE-2017-17864\", \"CVE-2017-17852\", \"CVE-2017-17853\", \"CVE-2017-17854\",\n \"CVE-2017-17855\", \"CVE-2017-17856\", \"CVE-2017-17857\", \"CVE-2017-17741\",\n \"CVE-2017-17712\", \"CVE-2017-17449\", \"CVE-2017-17450\", \"CVE-2017-17448\",\n \"CVE-2017-17558\", \"CVE-2017-8824\", \"CVE-2017-1000405\", \"CVE-2017-16649\",\n \"CVE-2017-16650\", \"CVE-2017-16644\", \"CVE-2017-16647\", \"CVE-2017-15115\",\n \"CVE-2017-16532\", \"CVE-2017-16538\", \"CVE-2017-12193\", \"CVE-2017-12190\",\n \"CVE-2017-5123\", \"CVE-2017-15265\", \"CVE-2017-1000255\", \"CVE-2017-14954\",\n \"CVE-2017-14497\", \"CVE-2017-12154\", \"CVE-2017-12153\", \"CVE-2017-1000251\",\n \"CVE-2017-14051\", \"CVE-2017-13693\", \"CVE-2017-13694\", \"CVE-2017-13695\",\n \"CVE-2017-7558\", \"CVE-2017-12134\", \"CVE-2017-1000111\", \"CVE-2017-1000112\",\n \"CVE-2017-7533\", \"CVE-2017-10810\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2018-6367a17aa3\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-6367a17aa3\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6U7NCPMTQKKHLC4ZHQCTLYN4LCP2JQ4C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.16.11~100.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "amazon": [{"lastseen": "2020-11-10T12:37:47", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7558", "CVE-2017-14497"], "description": "**Issue Overview:**\n\nA buffer overflow was discovered in tpacket_rcv() function in the Linux kernel since v4.6-rc1 through v4.13. A number of socket-related syscalls can be made to set up a configuration when each packet received by a network interface can cause writing up to 10 bytes to a kernel memory outside of a kernel buffer. This can cause unspecified kernel data corruption effects, including damage of in-memory and on-disk XFS data. ([CVE-2017-14497 __](<https://access.redhat.com/security/cve/CVE-2017-14497>))\n\nA kernel data leak due to an out-of-bound read was found in the Linux kernel in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info() functions present since version 4.7-rc1 through version 4.13. A data leak happens when these functions fill in sockaddr data structures used to export socket's diagnostic information. As a result, up to 100 bytes of the slab data could be leaked to a userspace. ([CVE-2017-7558 __](<https://access.redhat.com/security/cve/CVE-2017-7558>))\n\n \n**Affected Packages:** \n\n\nkernel\n\n \n**Issue Correction:** \nRun _yum update kernel_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n kernel-debuginfo-common-i686-4.9.51-10.52.amzn1.i686 \n perf-4.9.51-10.52.amzn1.i686 \n kernel-debuginfo-4.9.51-10.52.amzn1.i686 \n kernel-tools-debuginfo-4.9.51-10.52.amzn1.i686 \n kernel-4.9.51-10.52.amzn1.i686 \n kernel-tools-4.9.51-10.52.amzn1.i686 \n kernel-headers-4.9.51-10.52.amzn1.i686 \n kernel-tools-devel-4.9.51-10.52.amzn1.i686 \n kernel-devel-4.9.51-10.52.amzn1.i686 \n perf-debuginfo-4.9.51-10.52.amzn1.i686 \n \n noarch: \n kernel-doc-4.9.51-10.52.amzn1.noarch \n \n src: \n kernel-4.9.51-10.52.amzn1.src \n \n x86_64: \n kernel-debuginfo-4.9.51-10.52.amzn1.x86_64 \n perf-4.9.51-10.52.amzn1.x86_64 \n kernel-headers-4.9.51-10.52.amzn1.x86_64 \n kernel-debuginfo-common-x86_64-4.9.51-10.52.amzn1.x86_64 \n perf-debuginfo-4.9.51-10.52.amzn1.x86_64 \n kernel-tools-devel-4.9.51-10.52.amzn1.x86_64 \n kernel-devel-4.9.51-10.52.amzn1.x86_64 \n kernel-tools-debuginfo-4.9.51-10.52.amzn1.x86_64 \n kernel-4.9.51-10.52.amzn1.x86_64 \n kernel-tools-4.9.51-10.52.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2017-10-03T11:00:00", "published": "2017-10-03T11:00:00", "id": "ALAS-2017-901", "href": "https://alas.aws.amazon.com/ALAS-2017-901.html", "title": "Medium: kernel", "type": "amazon", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "thn": [{"lastseen": "2018-01-27T09:17:53", "bulletinFamily": "info", "cvelist": ["CVE-2017-14496", "CVE-2017-14494", "CVE-2017-14492", "CVE-2017-14491", "CVE-2017-14497", "CVE-2017-14493", "CVE-2017-14495"], "description": "[![dnsmasq-network-services](https://1.bp.blogspot.com/-2cQyXniMsck/WdNFYcK80kI/AAAAAAAAATs/Hw8Biu_t52ceDL-fF5nRzhuzks6wdE7FwCLcBGAs/s1600/Dnsmasq-network-services-software.png)](<https://1.bp.blogspot.com/-2cQyXniMsck/WdNFYcK80kI/AAAAAAAAATs/Hw8Biu_t52ceDL-fF5nRzhuzks6wdE7FwCLcBGAs/s1600/Dnsmasq-network-services-software.png>)\n\nSecurity researchers have discovered not one or two, but a total of seven security vulnerabilities in the popular open source Dnsmasq network services software, three of which could allow remote code execution on a vulnerable system and hijack it. \n \nDnsmasq is a widely used lightweight network application tool designed to provide DNS (Domain Name System) forwarder, DHCP (Dynamic Host Configuration Protocol) server, router ads and network boot services for small networks. \n \nDnsmasq comes pre-installed on various devices and operating systems, including Linux distributions such as Ubuntu and Debian, home routers, smartphones and Internet of Things (IoT) devices. A [shodan scan](<https://www.shodan.io/search?query=dnsmasq>) for \"Dnsmasq\" reveals around 1.1 million instances worldwide. \n \nRecently, Google's security team reviewed Dnsmasq and discovered seven security issues, including DNS-related remote code execution, information disclosure, and denial-of-service (DoS) issues that can be triggered via DNS or DHCP. \n\n\n> \"We discovered seven distinct issues (listed below) over the course of our regular internal security assessments,\" Google's security team wrote in a [blog post](<https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html>) published on Monday. \n\n> \"Once we determined the severity of these issues, we worked to investigate their impact and exploitability and then produced internal proofs of concept for each of them. We also worked with the maintainer of Dnsmasq, Simon Kelley, to produce appropriate patches and mitigate the issue.\"\n\nSince the vulnerabilities have now been patched by Dnsmasq developer and maintainer Simon Kelley, Google researchers have released details and [proof-of-concept (PoC) exploit](<https://github.com/google/security-research-pocs/tree/master/vulnerabilities/dnsmasq>) code for each of the vulnerabilities. \n \nOut of seven vulnerabilities discovered by the team, three can be exploited to perform remote code execution, three can be used in denial of service attacks, and one information leakage flaw. \n \n\n\n### Here's the List of All Vulnerabilities:\n\n[![dnsmasq-network-services](https://4.bp.blogspot.com/-lAbjfYbnFZY/WdNCVQty1rI/AAAAAAAAATg/D7FpWKnIE9IG8q_oQWx9Fs0ReaydOeviwCLcBGAs/s1600/Dnsmasq-network-services.png)](<https://4.bp.blogspot.com/-lAbjfYbnFZY/WdNCVQty1rI/AAAAAAAAATg/D7FpWKnIE9IG8q_oQWx9Fs0ReaydOeviwCLcBGAs/s1600/Dnsmasq-network-services.png>)\n\n \n \n\n\n * **CVE-2017-14491**\u2014A DNS-based remote code execution vulnerability in Dnsmasq versions before 2.76 is marked as the most severe that allows for unrestricted heap overflows, affecting both directly exposed and internal network setups.\n * **CVE-2017-14492**\u2014Another remote code execution vulnerability due to a DHCP-based heap overflow issue.\n * **CVE-2017-14493**\u2014Another noteworthy DHCP-based remote code execution bug caused by a stack buffer overflow. According to Google, this flaw is trivial to exploit if it's used in conjunction with the flaw (CVE-2017-14494) mentioned below.\n * **CVE-2017-14494**\u2014An information leak in DHCP which can be combined with CVE-2017-14493 to allow attackers bypass ASLR security mechanism and execute arbitrary code on a target system.\n * **CVE-2017-14495**\u2014A flaw in Dnsmasq which can be exploited to launch a denial of service (DoS) attack by exhausting memory via DNS. The flaw impacts dnsmasq only if one of these options is used: --add-mac, --add-cpe-id or --add-subnet.\n * **CVE-2017-14496**\u2014Google's Android operating system is specifically affected by this DoS issue which can be exploited by a local hacker or one who is tethered directly to the device. However, Google pointed out the service itself is sandboxed, so the risk to Android users is reduced.\n * **CVE-2017-14497**\u2014Another DoS issue wherein a large DNS query can crash the software.\n \n \nSince all the issues have already been addressed with the release of **[Dnsmasq 2.78](<http://www.thekelleys.org.uk/dnsmasq/>)**, Dnsmasq users are advised to update their installations as soon as possible. \n \nTo patch your devices, make sure to upgrade packages on your system. Google has updated its affected services and released the security fixes to Android partners on 5 September 2017 in October's Android security updates. \n \nOther affected Google services are also claimed to be updated. Kubernetes versions 1.5.8, 1.6.11, 1.7.7, and 1.8.0 have also been updated with a patched Dnsmasq.\n", "modified": "2017-10-03T10:44:32", "published": "2017-10-02T23:44:00", "id": "THN:D2096A5FA799B07E97FD2767D8E6C641", "href": "https://thehackernews.com/2017/10/dnsmasq-network-services.html", "type": "thn", "title": "Google Finds 7 Security Flaws in Widely Used Dnsmasq Network Software", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "debian": [{"lastseen": "2020-10-30T13:25:10", "bulletinFamily": "unix", "cvelist": ["CVE-2017-1000380", "CVE-2017-1000111", "CVE-2017-14489", "CVE-2017-12146", "CVE-2017-7518", "CVE-2017-1000252", "CVE-2017-14106", "CVE-2017-14140", "CVE-2017-10661", "CVE-2017-1000251", "CVE-2017-1000112", "CVE-2017-7558", "CVE-2017-14156", "CVE-2017-14340", "CVE-2017-1000370", "CVE-2017-12134", "CVE-2017-12153", "CVE-2017-1000371", "CVE-2017-14497", "CVE-2017-12154", "CVE-2017-11600"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3981-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nSeptember 20, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : linux\nCVE ID : CVE-2017-7518 CVE-2017-7558 CVE-2017-10661 CVE-2017-11600\n CVE-2017-12134 CVE-2017-12146 CVE-2017-12153 CVE-2017-12154\n CVE-2017-14106 CVE-2017-14140 CVE-2017-14156 CVE-2017-14340\n CVE-2017-14489 CVE-2017-14497 CVE-2017-1000111 CVE-2017-1000112\n CVE-2017-1000251 CVE-2017-1000252 CVE-2017-1000370 CVE-2017-1000371\n CVE-2017-1000380\nDebian Bug : 866511 875881\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to privilege escalation, denial of service or information\nleaks.\n\nCVE-2017-7518\n\n Andy Lutomirski discovered that KVM is prone to an incorrect debug\n exception (#DB) error occurring while emulating a syscall\n instruction. A process inside a guest can take advantage of this\n flaw for privilege escalation inside a guest.\n\nCVE-2017-7558 (stretch only)\n\n Stefano Brivio of Red Hat discovered that the SCTP subsystem is\n prone to a data leak vulnerability due to an out-of-bounds read\n flaw, allowing to leak up to 100 uninitialized bytes to userspace.\n\nCVE-2017-10661 (jessie only)\n\n Dmitry Vyukov of Google reported that the timerfd facility does\n not properly handle certain concurrent operations on a single file\n descriptor. This allows a local attacker to cause a denial of\n service or potentially execute arbitrary code.\n\nCVE-2017-11600\n\n Bo Zhang reported that the xfrm subsystem does not properly\n validate one of the parameters to a netlink message. Local users\n with the CAP_NET_ADMIN capability can use this to cause a denial\n of service or potentially to execute arbitrary code.\n\nCVE-2017-12134 / #866511 / XSA-229\n\n Jan H. Schoenherr of Amazon discovered that when Linux is running\n in a Xen PV domain on an x86 system, it may incorrectly merge\n block I/O requests. A buggy or malicious guest may trigger this\n bug in dom0 or a PV driver domain, causing a denial of service or\n potentially execution of arbitrary code.\n\n This issue can be mitigated by disabling merges on the underlying\n back-end block devices, e.g.:\n echo 2 > /sys/block/nvme0n1/queue/nomerges\n\nCVE-2017-12146 (stretch only)\n\n Adrian Salido of Google reported a race condition in access to the\n "driver_override" attribute for platform devices in sysfs. If\n unprivileged users are permitted to access this attribute, this\n might allow them to gain privileges.\n\nCVE-2017-12153\n\n bo Zhang reported that the cfg80211 (wifi) subsystem does not\n properly validate the parameters to a netlink message. Local users\n with the CAP_NET_ADMIN capability (in any user namespace with a\n wifi device) can use this to cause a denial of service.\n\nCVE-2017-12154\n\n Jim Mattson of Google reported that the KVM implementation for\n Intel x86 processors did not correctly handle certain nested\n hypervisor configurations. A malicious guest (or nested guest in a\n suitable L1 hypervisor) could use this for denial of service.\n\nCVE-2017-14106\n\n Andrey Konovalov discovered that a user-triggerable division by\n zero in the tcp_disconnect() function could result in local denial\n of service.\n\nCVE-2017-14140\n\n Otto Ebeling reported that the move_pages() system call performed\n insufficient validation of the UIDs of the calling and target\n processes, resulting in a partial ASLR bypass. This made it easier\n for local users to exploit vulnerabilities in programs installed\n with the set-UID permission bit set.\n\nCVE-2017-14156\n\n "sohu0106" reported an information leak in the atyfb video driver.\n A local user with access to a framebuffer device handled by this\n driver could use this to obtain sensitive information.\n\nCVE-2017-14340\n\n Richard Wareing discovered that the XFS implementation allows the\n creation of files with the "realtime" flag on a filesystem with no\n realtime device, which can result in a crash (oops). A local user\n with access to an XFS filesystem that does not have a realtime\n device can use this for denial of service.\n\nCVE-2017-14489\n\n ChunYu Wang of Red Hat discovered that the iSCSI subsystem does not\n properly validate the length of a netlink message, leading to\n memory corruption. A local user with permission to manage iSCSI\n devices can use this for denial of service or possibly to execute\n arbitrary code.\n\nCVE-2017-14497 (stretch only)\n\n Benjamin Poirier of SUSE reported that vnet headers are not\n properly handled within the tpacket_rcv() function in the raw\n packet (af_packet) feature. A local user with the CAP_NET_RAW\n capability can take advantage of this flaw to cause a denial of\n service (buffer overflow, and disk and memory corruption) or have\n other impact.\n\nCVE-2017-1000111\n\n Andrey Konovalov of Google reported a race condition in the raw\n packet (af_packet) feature. Local users with the CAP_NET_RAW\n capability can use this for denial of service or possibly to\n execute arbitrary code.\n\nCVE-2017-1000112\n\n Andrey Konovalov of Google reported a race condition flaw in the\n UDP Fragmentation Offload (UFO) code. A local user can use this\n flaw for denial of service or possibly to execute arbitrary code.\n\nCVE-2017-1000251 / #875881\n\n Armis Labs discovered that the Bluetooth subsystem does not\n properly validate L2CAP configuration responses, leading to a\n stack buffer overflow. This is one of several vulnerabilities\n dubbed "Blueborne". A nearby attacker can use this to cause a\n denial of service or possibly to execute arbitrary code on a\n system with Bluetooth enabled.\n\nCVE-2017-1000252 (stretch only)\n\n Jan H. Schoenherr of Amazon reported that the KVM implementation\n for Intel x86 processors did not correctly validate interrupt\n injection requests. A local user with permission to use KVM could\n use this for denial of service.\n\nCVE-2017-1000370\n\n The Qualys Research Labs reported that a large argument or\n environment list can result in ASLR bypass for 32-bit PIE binaries.\n\nCVE-2017-1000371\n\n The Qualys Research Labs reported that a large argument\n orenvironment list can result in a stack/heap clash for 32-bit\n PIE binaries.\n\nCVE-2017-1000380\n\n Alexander Potapenko of Google reported a race condition in the ALSA\n (sound) timer driver, leading to an information leak. A local user\n with permission to access sound devices could use this to obtain\n sensitive information.\n\nDebian disables unprivileged user namespaces by default, but if they\nare enabled (via the kernel.unprivileged_userns_clone sysctl) then\nCVE-2017-11600, CVE-2017-14497 and CVE-2017-1000111 can be exploited\nby any local user.\n\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 3.16.43-2+deb8u5.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 4.9.30-2+deb9u5.\n\nWe recommend that you upgrade your linux packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 29, "modified": "2017-09-20T21:36:13", "published": "2017-09-20T21:36:13", "id": "DEBIAN:DSA-3981-1:0F636", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2017/msg00243.html", "title": "[SECURITY] [DSA 3981-1] linux security update", "type": "debian", "cvss": {"score": 7.7, "vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C"}}]}