{"nessus": [{"lastseen": "2021-10-07T01:03:33", "description": "According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - An integer overflow vulnerability was found in the ring_buffer_resize() calculations in which a privileged user can adjust the size of the ringbuffer message size. These calculations can create an issue where the kernel memory allocator will not allocate the correct count of pages yet expect them to be usable. This can lead to the ftrace() output to appear to corrupt kernel memory and possibly be used for privileged escalation or more likely kernel panic.(CVE-2016-9754)\n\n - A flaw was found in the Linux kernel's implementation of setsockopt for the SO_{SND|RCV}BUFFORCE setsockopt() system call. Users with non-namespace CAP_NET_ADMIN are able to trigger this call and create a situation in which the sockets sendbuff data size could be negative.\n This could adversely affect memory allocations and create situations where the system could crash or cause memory corruption.(CVE-2016-9793)\n\n - A use-after-free vulnerability was found in ALSA pcm layer, which allows local users to cause a denial of service, memory corruption, or possibly other unspecified impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.(CVE-2016-9794)\n\n - A double free vulnerability was found in netlink_dump, which could cause a denial of service or possibly other unspecified impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.(CVE-2016-9806)\n\n - A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets are implemented in the Linux kernel networking subsystem handling synchronization. A local user able to open a raw packet socket (requires the CAP_NET_RAW capability) can use this issue to crash the system.(CVE-2017-1000111)\n\n - An exploitable memory corruption flaw was found in the Linux kernel. The append path can be erroneously switched from UFO to non-UFO in ip_ufo_append_data() when building an UFO packet with MSG_MORE option. If unprivileged user namespaces are available, this flaw can be exploited to gain root privileges.(CVE-2017-1000112)\n\n - A stack buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feature enabled in the kernel (CONFIG_CC_STACKPROTECTOR=y, which is enabled on all architectures other than s390x and ppc64le), an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to crash the system. Due to the nature of the stack protection feature, code execution cannot be fully ruled out, although we believe it is unlikely. On systems without the stack protection feature (ppc64le the Bluetooth modules are not built on s390x), an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to remotely execute arbitrary code on the system with ring 0 (kernel) privileges.(CVE-2017-1000251)\n\n - A reachable assertion failure flaw was found in the Linux kernel built with KVM virtualisation(CONFIG_KVM) support with Virtual Function I/O feature (CONFIG_VFIO) enabled. This failure could occur if a malicious guest device sent a virtual interrupt (guest IRQ) with a larger (i1/4z1024) index value.(CVE-2017-1000252)\n\n - A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is a kernel-side mitigation which increases the stack guard gap size from one page to 1 MiB to make successful exploitation of this issue more difficult.(CVE-2017-1000364)\n\n - The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIMIT_INFINITY, but does not take the argument and environment pointers into account, which allows attackers to bypass this limitation.(CVE-2017-1000365)\n\n - The offset2lib patch as used in the Linux Kernel contains a vulnerability that allows a PIE binary to be execve()'ed with 1GB of arguments or environmental strings then the stack occupies the address 0x80000000 and the PIE binary is mapped above 0x40000000 nullifying the protection of the offset2lib patch. This affects Linux Kernel version 4.11.5 and earlier. This is a different issue than CVE-2017-1000371. This issue appears to be limited to i386 based systems.(CVE-2017-1000370)\n\n - A flaw was found in the processing of incoming L2CAP bluetooth commands. Uninitialized stack variables can be sent to an attacker leaking data in kernel address space.(CVE-2017-1000410)\n\n - A race condition was found in the Linux kernel before version 4.11-rc1 in 'fs/timerfd.c' file which allows a local user to cause a kernel list corruption or use-after-free via simultaneous operations with a file descriptor which leverage improper 'might_cancel' queuing. An unprivileged local user could use this flaw to cause a denial of service of the system. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.(CVE-2017-10661)\n\n - Memory leak in the virtio_gpu_object_create function in drivers/gpu/drm/virtio/virtgpu_object.c in the Linux kernel through 4.11.8 allows attackers to cause a denial of service (memory consumption) by triggering object-initialization failures.(CVE-2017-10810)\n\n - The make_response function in drivers/block/xen-blkback/blkback.c in the Linux kernel before 4.11.8 allows guest OS users to obtain sensitive information from host OS (or other guest OS) kernel memory by leveraging the copying of uninitialized padding fields in Xen block-interface response structures, aka XSA-216.(CVE-2017-10911)\n\n - A use-after-free flaw was found in the Netlink functionality of the Linux kernel networking subsystem.\n Due to the insufficient cleanup in the mq_notify function, a local attacker could potentially use this flaw to escalate their privileges on the system.(CVE-2017-11176)\n\n - Buffer overflow in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c in the Linux kernel through 4.12.2 allows local users to gain privileges via a crafted ACPI table.(CVE-2017-11473)\n\n - The xfrm_migrate() function in the net/xfrm/xfrm_policy.c file in the Linux kernel built with CONFIG_XFRM_MIGRATE does not verify if the dir parameter is less than XFRM_POLICY_MAX. This allows a local attacker to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact by sending a XFRM_MSG_MIGRATE netlink message. This flaw is present in the Linux kernel since an introduction of XFRM_MSG_MIGRATE in 2.6.21-rc1, up to 4.13-rc3.(CVE-2017-11600)\n\n - A security flaw was discovered in nl80211_set_rekey_data() function in the Linux kernel since v3.1-rc1 through v4.13. This function does not check whether the required attributes are present in a netlink request. This request can be issued by a user with CAP_NET_ADMIN privilege and may result in NULL dereference and a system crash.(CVE-2017-12153)\n\n - Linux kernel built with the KVM visualization support (CONFIG_KVM), with nested visualization (nVMX) feature enabled (nested=1), is vulnerable to a crash due to disabled external interrupts. As L2 guest could access (r/w) hardware CR8 register of the host(L0). In a nested visualization setup, L2 guest user could use this flaw to potentially crash the host(L0) resulting in DoS.(CVE-2017-12154)\n\n - The Linux kernel built with the KVM visualization support (CONFIG_KVM), with nested visualization(nVMX) feature enabled (nested=1), was vulnerable to a stack buffer overflow issue. The vulnerability could occur while traversing guest page table entries to resolve guest virtual address(gva). An L1 guest could use this flaw to crash the host kernel resulting in denial of service (DoS) or potentially execute arbitrary code on the host to gain privileges on the system.(CVE-2017-12188)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-05-13T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1498)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9754", "CVE-2016-9793", "CVE-2016-9794", "CVE-2016-9806", "CVE-2017-1000111", "CVE-2017-1000112", "CVE-2017-1000251", "CVE-2017-1000252", "CVE-2017-1000364", "CVE-2017-1000365", "CVE-2017-1000370", "CVE-2017-1000410", "CVE-2017-10661", "CVE-2017-10810", "CVE-2017-10911", "CVE-2017-11176", "CVE-2017-11473", "CVE-2017-11600", "CVE-2017-12153", "CVE-2017-12154", "CVE-2017-12188"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:kernel-tools-libs-devel", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:uvp:3.0.1.0"], "id": "EULEROS_SA-2019-1498.NASL", "href": "https://www.tenable.com/plugins/nessus/124821", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124821);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-9754\",\n \"CVE-2016-9793\",\n \"CVE-2016-9794\",\n \"CVE-2016-9806\",\n \"CVE-2017-1000111\",\n \"CVE-2017-1000112\",\n \"CVE-2017-1000251\",\n \"CVE-2017-1000252\",\n \"CVE-2017-1000364\",\n \"CVE-2017-1000365\",\n \"CVE-2017-1000370\",\n \"CVE-2017-1000410\",\n \"CVE-2017-10661\",\n \"CVE-2017-10810\",\n \"CVE-2017-10911\",\n \"CVE-2017-11176\",\n \"CVE-2017-11473\",\n \"CVE-2017-11600\",\n \"CVE-2017-12153\",\n \"CVE-2017-12154\",\n \"CVE-2017-12188\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1498)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - An integer overflow vulnerability was found in the\n ring_buffer_resize() calculations in which a privileged\n user can adjust the size of the ringbuffer message\n size. These calculations can create an issue where the\n kernel memory allocator will not allocate the correct\n count of pages yet expect them to be usable. This can\n lead to the ftrace() output to appear to corrupt kernel\n memory and possibly be used for privileged escalation\n or more likely kernel panic.(CVE-2016-9754)\n\n - A flaw was found in the Linux kernel's implementation\n of setsockopt for the SO_{SND|RCV}BUFFORCE setsockopt()\n system call. Users with non-namespace CAP_NET_ADMIN are\n able to trigger this call and create a situation in\n which the sockets sendbuff data size could be negative.\n This could adversely affect memory allocations and\n create situations where the system could crash or cause\n memory corruption.(CVE-2016-9793)\n\n - A use-after-free vulnerability was found in ALSA pcm\n layer, which allows local users to cause a denial of\n service, memory corruption, or possibly other\n unspecified impact. Due to the nature of the flaw,\n privilege escalation cannot be fully ruled out,\n although we believe it is unlikely.(CVE-2016-9794)\n\n - A double free vulnerability was found in netlink_dump,\n which could cause a denial of service or possibly other\n unspecified impact. Due to the nature of the flaw,\n privilege escalation cannot be fully ruled out,\n although we believe it is unlikely.(CVE-2016-9806)\n\n - A race condition issue leading to a use-after-free flaw\n was found in the way the raw packet sockets are\n implemented in the Linux kernel networking subsystem\n handling synchronization. A local user able to open a\n raw packet socket (requires the CAP_NET_RAW capability)\n can use this issue to crash the\n system.(CVE-2017-1000111)\n\n - An exploitable memory corruption flaw was found in the\n Linux kernel. The append path can be erroneously\n switched from UFO to non-UFO in ip_ufo_append_data()\n when building an UFO packet with MSG_MORE option. If\n unprivileged user namespaces are available, this flaw\n can be exploited to gain root\n privileges.(CVE-2017-1000112)\n\n - A stack buffer overflow flaw was found in the way the\n Bluetooth subsystem of the Linux kernel processed\n pending L2CAP configuration responses from a client. On\n systems with the stack protection feature enabled in\n the kernel (CONFIG_CC_STACKPROTECTOR=y, which is\n enabled on all architectures other than s390x and\n ppc64le), an unauthenticated attacker able to initiate\n a connection to a system via Bluetooth could use this\n flaw to crash the system. Due to the nature of the\n stack protection feature, code execution cannot be\n fully ruled out, although we believe it is unlikely. On\n systems without the stack protection feature (ppc64le\n the Bluetooth modules are not built on s390x), an\n unauthenticated attacker able to initiate a connection\n to a system via Bluetooth could use this flaw to\n remotely execute arbitrary code on the system with ring\n 0 (kernel) privileges.(CVE-2017-1000251)\n\n - A reachable assertion failure flaw was found in the\n Linux kernel built with KVM virtualisation(CONFIG_KVM)\n support with Virtual Function I/O feature (CONFIG_VFIO)\n enabled. This failure could occur if a malicious guest\n device sent a virtual interrupt (guest IRQ) with a\n larger (i1/4z1024) index value.(CVE-2017-1000252)\n\n - A flaw was found in the way memory was being allocated\n on the stack for user space binaries. If heap (or\n different memory region) and stack memory regions were\n adjacent to each other, an attacker could use this flaw\n to jump over the stack guard gap, cause controlled\n memory corruption on process stack or the adjacent\n memory region, and thus increase their privileges on\n the system. This is a kernel-side mitigation which\n increases the stack guard gap size from one page to 1\n MiB to make successful exploitation of this issue more\n difficult.(CVE-2017-1000364)\n\n - The Linux Kernel imposes a size restriction on the\n arguments and environmental strings passed through\n RLIMIT_STACK/RLIMIT_INFINITY, but does not take the\n argument and environment pointers into account, which\n allows attackers to bypass this\n limitation.(CVE-2017-1000365)\n\n - The offset2lib patch as used in the Linux Kernel\n contains a vulnerability that allows a PIE binary to be\n execve()'ed with 1GB of arguments or environmental\n strings then the stack occupies the address 0x80000000\n and the PIE binary is mapped above 0x40000000\n nullifying the protection of the offset2lib patch. This\n affects Linux Kernel version 4.11.5 and earlier. This\n is a different issue than CVE-2017-1000371. This issue\n appears to be limited to i386 based\n systems.(CVE-2017-1000370)\n\n - A flaw was found in the processing of incoming L2CAP\n bluetooth commands. Uninitialized stack variables can\n be sent to an attacker leaking data in kernel address\n space.(CVE-2017-1000410)\n\n - A race condition was found in the Linux kernel before\n version 4.11-rc1 in 'fs/timerfd.c' file which allows a\n local user to cause a kernel list corruption or\n use-after-free via simultaneous operations with a file\n descriptor which leverage improper 'might_cancel'\n queuing. An unprivileged local user could use this flaw\n to cause a denial of service of the system. Due to the\n nature of the flaw, privilege escalation cannot be\n fully ruled out, although we believe it is\n unlikely.(CVE-2017-10661)\n\n - Memory leak in the virtio_gpu_object_create function in\n drivers/gpu/drm/virtio/virtgpu_object.c in the Linux\n kernel through 4.11.8 allows attackers to cause a\n denial of service (memory consumption) by triggering\n object-initialization failures.(CVE-2017-10810)\n\n - The make_response function in\n drivers/block/xen-blkback/blkback.c in the Linux kernel\n before 4.11.8 allows guest OS users to obtain sensitive\n information from host OS (or other guest OS) kernel\n memory by leveraging the copying of uninitialized\n padding fields in Xen block-interface response\n structures, aka XSA-216.(CVE-2017-10911)\n\n - A use-after-free flaw was found in the Netlink\n functionality of the Linux kernel networking subsystem.\n Due to the insufficient cleanup in the mq_notify\n function, a local attacker could potentially use this\n flaw to escalate their privileges on the\n system.(CVE-2017-11176)\n\n - Buffer overflow in the mp_override_legacy_irq()\n function in arch/x86/kernel/acpi/boot.c in the Linux\n kernel through 4.12.2 allows local users to gain\n privileges via a crafted ACPI table.(CVE-2017-11473)\n\n - The xfrm_migrate() function in the\n net/xfrm/xfrm_policy.c file in the Linux kernel built\n with CONFIG_XFRM_MIGRATE does not verify if the dir\n parameter is less than XFRM_POLICY_MAX. This allows a\n local attacker to cause a denial of service\n (out-of-bounds access) or possibly have unspecified\n other impact by sending a XFRM_MSG_MIGRATE netlink\n message. This flaw is present in the Linux kernel since\n an introduction of XFRM_MSG_MIGRATE in 2.6.21-rc1, up\n to 4.13-rc3.(CVE-2017-11600)\n\n - A security flaw was discovered in\n nl80211_set_rekey_data() function in the Linux kernel\n since v3.1-rc1 through v4.13. This function does not\n check whether the required attributes are present in a\n netlink request. This request can be issued by a user\n with CAP_NET_ADMIN privilege and may result in NULL\n dereference and a system crash.(CVE-2017-12153)\n\n - Linux kernel built with the KVM visualization support\n (CONFIG_KVM), with nested visualization (nVMX) feature\n enabled (nested=1), is vulnerable to a crash due to\n disabled external interrupts. As L2 guest could access\n (r/w) hardware CR8 register of the host(L0). In a\n nested visualization setup, L2 guest user could use\n this flaw to potentially crash the host(L0) resulting\n in DoS.(CVE-2017-12154)\n\n - The Linux kernel built with the KVM visualization\n support (CONFIG_KVM), with nested visualization(nVMX)\n feature enabled (nested=1), was vulnerable to a stack\n buffer overflow issue. The vulnerability could occur\n while traversing guest page table entries to resolve\n guest virtual address(gva). An L1 guest could use this\n flaw to crash the host kernel resulting in denial of\n service (DoS) or potentially execute arbitrary code on\n the host to gain privileges on the\n system.(CVE-2017-12188)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1498\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1e495b75\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-1000251\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux Kernel UDP Fragmentation Offset (UFO) Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-862.14.1.6_42\",\n \"kernel-devel-3.10.0-862.14.1.6_42\",\n \"kernel-headers-3.10.0-862.14.1.6_42\",\n \"kernel-tools-3.10.0-862.14.1.6_42\",\n \"kernel-tools-libs-3.10.0-862.14.1.6_42\",\n \"kernel-tools-libs-devel-3.10.0-862.14.1.6_42\",\n \"perf-3.10.0-862.14.1.6_42\",\n \"python-perf-3.10.0-862.14.1.6_42\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.7, "vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-05-18T14:18:15", "description": "The 4.12.13 stable kernel update contains a number of important fixes across the tree.\n\n----\n\nThe 4.12.12 stable kernel update contains a number of important fixes across the tree.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-09-22T00:00:00", "type": "nessus", "title": "Fedora 25 : kernel (2017-e07d7fb18e) (BlueBorne)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000251", "CVE-2017-12153", "CVE-2017-12154"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:25"], "id": "FEDORA_2017-E07D7FB18E.NASL", "href": "https://www.tenable.com/plugins/nessus/103394", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-e07d7fb18e.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103394);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-1000251\", \"CVE-2017-12153\", \"CVE-2017-12154\");\n script_xref(name:\"FEDORA\", value:\"2017-e07d7fb18e\");\n\n script_name(english:\"Fedora 25 : kernel (2017-e07d7fb18e) (BlueBorne)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 4.12.13 stable kernel update contains a number of important fixes\nacross the tree.\n\n----\n\nThe 4.12.12 stable kernel update contains a number of important fixes\nacross the tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-e07d7fb18e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/22\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-1000251\", \"CVE-2017-12153\", \"CVE-2017-12154\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2017-e07d7fb18e\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"kernel-4.12.13-200.fc25\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:18:22", "description": "The 4.12.13 stable kernel update contains a number of important fixes across the tree.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-09-18T00:00:00", "type": "nessus", "title": "Fedora 26 : kernel (2017-7369ea045c) (BlueBorne)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000251", "CVE-2017-12153", "CVE-2017-12154"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2017-7369EA045C.NASL", "href": "https://www.tenable.com/plugins/nessus/103264", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-7369ea045c.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103264);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-1000251\", \"CVE-2017-12153\", \"CVE-2017-12154\");\n script_xref(name:\"FEDORA\", value:\"2017-7369ea045c\");\n\n script_name(english:\"Fedora 26 : kernel (2017-7369ea045c) (BlueBorne)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 4.12.13 stable kernel update contains a number of important fixes\nacross the tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-7369ea045c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/18\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-1000251\", \"CVE-2017-12153\", \"CVE-2017-12154\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2017-7369ea045c\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"kernel-4.12.13-300.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:18:02", "description": "Exploitable memory corruption due to UFO to non-UFO path switch (CVE-2017-1000112)\n\nheap out-of-bounds in AF_PACKET sockets (CVE-2017-1000111)\n\nThe mq_notify function in the Linux kernel does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allows attackers to possibly cause a situation where a value may be used after being freed (use-after-free) which may lead to memory corruption or other unspecified other impact.\n(CVE-2017-11176 )", "cvss3": {}, "published": "2017-08-11T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : kernel (ALAS-2017-868)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000111", "CVE-2017-1000112", "CVE-2017-11176"], "modified": "2019-06-10T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "cpe:/o:amazon:linux", "p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-doc", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo"], "id": "ALA_ALAS-2017-868.NASL", "href": "https://www.tenable.com/plugins/nessus/102367", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2017-868.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(102367);\n script_version(\"3.9\");\n script_cvs_date(\"Date: 2019/06/10 11:30:32\");\n\n script_cve_id(\"CVE-2017-1000111\", \"CVE-2017-1000112\", \"CVE-2017-11176\");\n script_xref(name:\"ALAS\", value:\"2017-868\");\n\n script_name(english:\"Amazon Linux AMI : kernel (ALAS-2017-868)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Exploitable memory corruption due to UFO to non-UFO path switch\n(CVE-2017-1000112)\n\nheap out-of-bounds in AF_PACKET sockets (CVE-2017-1000111)\n\nThe mq_notify function in the Linux kernel does not set the sock\npointer to NULL upon entry into the retry logic. During a user-space\nclose of a Netlink socket, it allows attackers to possibly cause a\nsituation where a value may be used after being freed (use-after-free)\nwhich may lead to memory corruption or other unspecified other impact.\n(CVE-2017-11176 )\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2017-868.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update kernel' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux Kernel UDP Fragmentation Offset (UFO) Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"kernel-4.9.38-16.35.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-debuginfo-4.9.38-16.35.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"i686\", reference:\"kernel-debuginfo-common-i686-4.9.38-16.35.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-4.9.38-16.35.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-devel-4.9.38-16.35.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-doc-4.9.38-16.35.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-headers-4.9.38-16.35.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-4.9.38-16.35.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-debuginfo-4.9.38-16.35.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-devel-4.9.38-16.35.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perf-4.9.38-16.35.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perf-debuginfo-4.9.38-16.35.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-debuginfo-common-i686 / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:19:36", "description": "The openSUSE Leap 42.3 kernel was updated to 4.4.90 to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2017-1000252: The KVM subsystem in the Linux kernel allowed guest OS users to cause a denial of service (assertion failure, and hypervisor hang or crash) via an out-of bounds guest_irq value, related to arch/x86/kvm/vmx.c and virt/kvm/eventfd.c (bnc#1058038).\n\n - CVE-2017-14489: The iscsi_if_rx function in drivers/scsi/scsi_transport_iscsi.c in the Linux kernel allowed local users to cause a denial of service (panic) by leveraging incorrect length validation (bnc#1059051).\n\n - CVE-2017-12153: A security flaw was discovered in the nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux kernel This function did not check whether the required attributes are present in a Netlink request. This request can be issued by a user with the CAP_NET_ADMIN capability and may result in a NULL pointer dereference and system crash (bnc#1058410).\n\n - CVE-2017-12154: The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel did not ensure that the 'CR8-load exiting' and 'CR8-store exiting' L0 vmcs02 controls exist in cases where L1 omits the 'use TPR shadow' vmcs12 control, which allowed KVM L2 guest OS users to obtain read and write access to the hardware CR8 register (bnc#1058507).\n\nThe following non-security bugs were fixed :\n\n - arc: Re-enable MMU upon Machine Check exception (bnc#1012382).\n\n - arm64: fault: Route pte translation faults via do_translation_fault (bnc#1012382).\n\n - arm64: Make sure SPsel is always set (bnc#1012382).\n\n - arm: pxa: add the number of DMA requestor lines (bnc#1012382).\n\n - arm: pxa: fix the number of DMA requestor lines (bnc#1012382).\n\n - bcache: correct cache_dirty_target in\n __update_writeback_rate() (bnc#1012382).\n\n - bcache: Correct return value for sysfs attach errors (bnc#1012382).\n\n - bcache: do not subtract sectors_to_gc for bypassed IO (bnc#1012382).\n\n - bcache: fix bch_hprint crash and improve output (bnc#1012382).\n\n - bcache: fix for gc and write-back race (bnc#1012382).\n\n - bcache: Fix leak of bdev reference (bnc#1012382).\n\n - bcache: initialize dirty stripes in flash_dev_run() (bnc#1012382).\n\n - block: Relax a check in blk_start_queue() (bnc#1012382).\n\n - bsg-lib: do not free job in bsg_prepare_job (bnc#1012382).\n\n - btrfs: change how we decide to commit transactions during flushing (bsc#1060197).\n\n - btrfs: fix NULL pointer dereference from free_reloc_roots() (bnc#1012382).\n\n - btrfs: prevent to set invalid default subvolid (bnc#1012382).\n\n - btrfs: propagate error to btrfs_cmp_data_prepare caller (bnc#1012382).\n\n - btrfs: qgroup: move noisy underflow warning to debugging build (bsc#1055755).\n\n - cifs: Fix SMB3.1.1 guest authentication to Samba (bnc#1012382).\n\n - cifs: release auth_key.response for reconnect (bnc#1012382).\n\n - crypto: AF_ALG - remove SGL terminator indicator when chaining (bnc#1012382).\n\n - crypto: talitos - Do not provide setkey for non hmac hashing algs (bnc#1012382).\n\n - crypto: talitos - fix sha224 (bnc#1012382).\n\n - cxl: Fix driver use count (bnc#1012382).\n\n - dmaengine: mmp-pdma: add number of requestors (bnc#1012382).\n\n - drivers: net: phy: xgene: Fix mdio write (bsc#1057383).\n\n - drm: Add driver-private objects to atomic state (bsc#1055493).\n\n - drm/dp: Introduce MST topology state to track available link bandwidth (bsc#1055493).\n\n - efi/fb: Avoid reconfiguration of BAR that covers the framebuffer (bsc#1051987).\n\n - efi/fb: Correct PCI_STD_RESOURCE_END usage (bsc#1051987).\n\n - ext4: fix incorrect quotaoff if the quota feature is enabled (bnc#1012382).\n\n - ext4: fix quota inconsistency during orphan cleanup for read-only mounts (bnc#1012382).\n\n - f2fs: check hot_data for roll-forward recovery (bnc#1012382).\n\n - fix xen_swiotlb_dma_mmap prototype (bnc#1012382).\n\n - ftrace: Fix memleak when unregistering dynamic ops when tracing disabled (bnc#1012382).\n\n - ftrace: Fix selftest goto location on error (bnc#1012382).\n\n - genirq: Fix for_each_action_of_desc() macro (bsc#1061064).\n\n - getcwd: Close race with d_move called by lustre (bsc#1052593).\n\n - gfs2: Fix debugfs glocks dump (bnc#1012382).\n\n - gianfar: Fix Tx flow control deactivation (bnc#1012382).\n\n - hid: usbhid: Add HID_QUIRK_NOGET for Aten CS-1758 KVM switch (bnc#1022967).\n\n - input: i8042 - add Gigabyte P57 to the keyboard reset table (bnc#1012382).\n\n - iommu/vt-d: Avoid calling virt_to_phys() on NULL pointer (bsc#1061067).\n\n - ipv6: accept 64k - 1 packet length in ip6_find_1stfragopt() (bnc#1012382).\n\n - ipv6: add rcu grace period before freeing fib6_node (bnc#1012382).\n\n - ipv6: fix memory leak with multiple tables during netns destruction (bnc#1012382).\n\n - ipv6: fix sparse warning on rt6i_node (bnc#1012382).\n\n - ipv6: fix typo in fib6_net_exit() (bnc#1012382).\n\n - iw_cxgb4: put ep reference in pass_accept_req() (fate#321658 bsc#1005778 fate#321660 bsc#1005780 fate#321661 bsc#1005781).\n\n - KABI fix drivers/nvme/target/nvmet.h (bsc#1058550).\n\n - kabi/severities: ignore nfs_pgio_data_destroy\n\n - kABI: Workaround kABI breakage of AMD-AVIC fixes (bsc#1044503).\n\n - keys: fix writing past end of user-supplied buffer in keyring_read() (bnc#1012382).\n\n - keys: prevent creating a different user's keyrings (bnc#1012382).\n\n - keys: prevent KEYCTL_READ on negative key (bnc#1012382).\n\n - kvm: Add struct kvm_vcpu pointer parameter to get_enable_apicv() (bsc#1044503).\n\n - kvm: async_pf: Fix #DF due to inject 'Page not Present' and 'Page Ready' exceptions simultaneously (bsc#1061017).\n\n - kvm: PPC: Book3S: Fix race and leak in kvm_vm_ioctl_create_spapr_tce() (bnc#1012382).\n\n - kvm: SVM: Add a missing 'break' statement (bsc#1061017).\n\n - kvm: SVM: Add irqchip_split() checks before enabling AVIC (bsc#1044503).\n\n - kvm: SVM: delete avic_vm_id_bitmap (2 megabyte static array) (bsc#1059500).\n\n - kvm: SVM: Refactor AVIC vcpu initialization into avic_init_vcpu() (bsc#1044503).\n\n - kvm: VMX: do not change SN bit in vmx_update_pi_irte() (bsc#1061017).\n\n - kvm: VMX: remove WARN_ON_ONCE in kvm_vcpu_trigger_posted_interrupt (bsc#1061017).\n\n - kvm: VMX: use cmpxchg64 (bnc#1012382).\n\n - mac80211: flush hw_roc_start work before cancelling the ROC (bnc#1012382).\n\n - md/bitmap: disable bitmap_resize for file-backed bitmaps (bsc#1061172).\n\n - md/raid5: preserve STRIPE_ON_UNPLUG_LIST in break_stripe_batch_list (bnc#1012382).\n\n - md/raid5: release/flush io in raid5_do_work() (bnc#1012382).\n\n - media: uvcvideo: Prevent heap overflow when accessing mapped controls (bnc#1012382).\n\n - media: v4l2-compat-ioctl32: Fix timespec conversion (bnc#1012382).\n\n - mips: math-emu: <MAXA|MINA>.<D|S>: Fix cases of both infinite inputs (bnc#1012382).\n\n - mips: math-emu: <MAXA|MINA>.<D|S>: Fix cases of input values with opposite signs (bnc#1012382).\n\n - mips: math-emu: <MAX|MAXA|MIN|MINA>.<D|S>: Fix cases of both inputs zero (bnc#1012382).\n\n - mips: math-emu: <MAX|MAXA|MIN|MINA>.<D|S>: Fix quiet NaN propagation (bnc#1012382).\n\n - mips: math-emu: <MAX|MIN>.<D|S>: Fix cases of both inputs negative (bnc#1012382).\n\n - mips: math-emu: MINA.<D|S>: Fix some cases of infinity and zero inputs (bnc#1012382).\n\n - mm: prevent double decrease of nr_reserved_highatomic (bnc#1012382).\n\n - nfsd: Fix general protection fault in release_lock_stateid() (bnc#1012382).\n\n - nvme-fabrics: generate spec-compliant UUID NQNs (bsc#1057498).\n\n - nvmet: Move serial number from controller to subsystem (bsc#1058550).\n\n - nvmet: preserve controller serial number between reboots (bsc#1058550).\n\n - pci: Allow PCI express root ports to find themselves (bsc#1061046).\n\n - pci: fix oops when try to find Root Port for a PCI device (bsc#1061046).\n\n - pci: Fix race condition with driver_override (bnc#1012382).\n\n - pci: Mark AMD Stoney GPU ATS as broken (bsc#1061046).\n\n - pci: shpchp: Enable bridge bus mastering if MSI is enabled (bnc#1012382).\n\n - perf/x86: Fix RDPMC vs. mm_struct tracking (bsc#1061831).\n\n - perf/x86: kABI Workaround for 'perf/x86: Fix RDPMC vs.\n mm_struct tracking' (bsc#1061831).\n\n - perf: xgene: Add APM X-Gene SoC Performance Monitoring Unit driver (bsc#1036737).\n\n - perf: xgene: Include module.h (bsc#1036737).\n\n - perf: xgene: Move PMU leaf functions into function pointer structure (bsc#1036737).\n\n - perf: xgene: Parse PMU subnode from the match table (bsc#1036737).\n\n - powerpc: Fix DAR reporting when alignment handler faults (bnc#1012382).\n\n - powerpc/perf: Cleanup of PM_BR_CMPL vs. PM_BRU_CMPL in Power9 event list (bsc#1056686, fate#321438, bsc#1047238, git-fixes 34922527a2bc).\n\n - powerpc/perf: Factor out PPMU_ONLY_COUNT_RUN check code from power8 (fate#321438, bsc#1053043, git-fixes efe881afdd999).\n\n - powerpc/pseries: Fix parent_dn reference leak in add_dt_node() (bnc#1012382).\n\n - qlge: avoid memcpy buffer overflow (bnc#1012382).\n\n - rdma/bnxt_re: Allocate multiple notification queues (bsc#1037579).\n\n - rdma/bnxt_re: Implement the alloc/get_hw_stats callback (bsc#1037579).\n\n - Revert 'net: fix percpu memory leaks' (bnc#1012382).\n\n - Revert 'net: phy: Correctly process PHY_HALTED in phy_stop_machine()' (bnc#1012382).\n\n - Revert 'net: use lib/percpu_counter API for fragmentation mem accounting' (bnc#1012382).\n\n - Revert 'Update patches.fixes/xfs-refactor-log-record-unpack-and-data-pr ocessing.patch (bsc#1043598, bsc#1036215).' \n\n - Revert 'xfs: detect and handle invalid iclog size set by mkfs (bsc#1043598).'\n\n - Revert 'xfs: detect and trim torn writes during log recovery (bsc#1036215).' \n\n - Revert 'xfs: refactor and open code log record crc check (bsc#1036215).'\n\n - Revert 'xfs: refactor log record start detection into a new helper (bsc#1036215).'\n\n - Revert 'xfs: return start block of first bad log record during recovery (bsc#1036215).'\n\n - Revert 'xfs: support a crc verification only log record pass (bsc#1036215).'\n\n - scsi: ILLEGAL REQUEST + ASC==27 => target failure (bsc#1059465).\n\n - scsi: megaraid_sas: Check valid aen class range to avoid kernel panic (bnc#1012382).\n\n - scsi: megaraid_sas: Return pended IOCTLs with cmd_status MFI_STAT_WRONG_STATE in case adapter is dead (bnc#1012382).\n\n - scsi: sg: factor out sg_fill_request_table() (bnc#1012382).\n\n - scsi: sg: fixup infoleak when using SG_GET_REQUEST_TABLE (bnc#1012382).\n\n - scsi: sg: off by one in sg_ioctl() (bnc#1012382).\n\n - scsi: sg: remove 'save_scat_len' (bnc#1012382).\n\n - scsi: sg: use standard lists for sg_requests (bnc#1012382).\n\n - scsi: storvsc: fix memory leak on ring buffer busy (bnc#1012382).\n\n - scsi_transport_fc: Also check for NOTPRESENT in fc_remote_port_add() (bsc#1037890).\n\n - scsi: zfcp: add handling for FCP_RESID_OVER to the fcp ingress path (bnc#1012382).\n\n - scsi: zfcp: fix capping of unsuccessful GPN_FT SAN response trace records (bnc#1012382).\n\n - scsi: zfcp: fix missing trace records for early returns in TMF eh handlers (bnc#1012382).\n\n - scsi: zfcp: fix passing fsf_req to SCSI trace on TMF to correlate with HBA (bnc#1012382).\n\n - scsi: zfcp: fix payload with full FCP_RSP IU in SCSI trace records (bnc#1012382).\n\n - scsi: zfcp: fix queuecommand for scsi_eh commands when DIX enabled (bnc#1012382).\n\n - scsi: zfcp: trace HBA FSF response by default on dismiss or timedout late response (bnc#1012382).\n\n - scsi: zfcp: trace high part of 'new' 64 bit SCSI LUN (bnc#1012382).\n\n - seccomp: fix the usage of get/put_seccomp_filter() in seccomp_get_filter() (bnc#1012382).\n\n - skd: Avoid that module unloading triggers a use-after-free (bnc#1012382).\n\n - skd: Submit requests to firmware before triggering the doorbell (bnc#1012382).\n\n - smb3: Do not ignore O_SYNC/O_DSYNC and O_DIRECT flags (bnc#1012382).\n\n - smb: Validate negotiate (to protect against downgrade) even if signing off (bnc#1012382).\n\n - swiotlb-xen: implement xen_swiotlb_dma_mmap callback (bnc#1012382).\n\n - timer/sysclt: Restrict timer migration sysctl values to 0 and 1 (bnc#1012382).\n\n - tracing: Apply trace_clock changes to instance max buffer (bnc#1012382).\n\n - tracing: Erase irqsoff trace with empty write (bnc#1012382).\n\n - tracing: Fix trace_pipe behavior for instance traces (bnc#1012382).\n\n - tty: fix __tty_insert_flip_char regression (bnc#1012382).\n\n - tty: improve tty_insert_flip_char() fast path (bnc#1012382).\n\n - tty: improve tty_insert_flip_char() slow path (bnc#1012382).\n\n - Update patches.drivers/0029-perf-xgene-Remove-bogus-IS_ERR-chec k.patch (bsc#1036737).\n\n - vfs: Return -ENXIO for negative SEEK_HOLE / SEEK_DATA offsets (bnc#1012382).\n\n - video: fbdev: aty: do not leak uninitialized padding in clk to userspace (bnc#1012382).\n\n - Workaround for kABI compatibility with DP-MST patches (bsc#1055493).\n\n - x86/cpu/amd: Hide unused legacy_fixup_core_id() function (bsc#1060229).\n\n - x86/cpu/amd: Limit cpu_core_id fixup to families older than F17h (bsc#1060229).\n\n - x86/fpu: Do not let userspace set bogus xcomp_bv (bnc#1012382).\n\n - x86/fsgsbase/64: Report FSBASE and GSBASE correctly in core dumps (bnc#1012382).\n\n - x86/ldt: Fix off by one in get_segment_base() (bsc#1061872).\n\n - x86/mm: Fix boot crash caused by incorrect loop count calculation in sync_global_pgds() (bsc#1058512).\n\n - x86/mm: Fix fault error path using unsafe vma pointer (fate#321300).", "cvss3": {}, "published": "2017-10-23T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2017-1160)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000252", "CVE-2017-12153", "CVE-2017-12154", "CVE-2017-14489"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-docs-html", "p-cpe:/a:novell:opensuse:kernel-docs-pdf", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-base", "p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2017-1160.NASL", "href": "https://www.tenable.com/plugins/nessus/104075", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-1160.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104075);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-1000252\", \"CVE-2017-12153\", \"CVE-2017-12154\", \"CVE-2017-14489\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2017-1160)\");\n script_summary(english:\"Check for the openSUSE-2017-1160 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The openSUSE Leap 42.3 kernel was updated to 4.4.90 to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2017-1000252: The KVM subsystem in the Linux kernel\n allowed guest OS users to cause a denial of service\n (assertion failure, and hypervisor hang or crash) via an\n out-of bounds guest_irq value, related to\n arch/x86/kvm/vmx.c and virt/kvm/eventfd.c (bnc#1058038).\n\n - CVE-2017-14489: The iscsi_if_rx function in\n drivers/scsi/scsi_transport_iscsi.c in the Linux kernel\n allowed local users to cause a denial of service (panic)\n by leveraging incorrect length validation (bnc#1059051).\n\n - CVE-2017-12153: A security flaw was discovered in the\n nl80211_set_rekey_data() function in\n net/wireless/nl80211.c in the Linux kernel This function\n did not check whether the required attributes are\n present in a Netlink request. This request can be issued\n by a user with the CAP_NET_ADMIN capability and may\n result in a NULL pointer dereference and system crash\n (bnc#1058410).\n\n - CVE-2017-12154: The prepare_vmcs02 function in\n arch/x86/kvm/vmx.c in the Linux kernel did not ensure\n that the 'CR8-load exiting' and 'CR8-store exiting' L0\n vmcs02 controls exist in cases where L1 omits the 'use\n TPR shadow' vmcs12 control, which allowed KVM L2 guest\n OS users to obtain read and write access to the hardware\n CR8 register (bnc#1058507).\n\nThe following non-security bugs were fixed :\n\n - arc: Re-enable MMU upon Machine Check exception\n (bnc#1012382).\n\n - arm64: fault: Route pte translation faults via\n do_translation_fault (bnc#1012382).\n\n - arm64: Make sure SPsel is always set (bnc#1012382).\n\n - arm: pxa: add the number of DMA requestor lines\n (bnc#1012382).\n\n - arm: pxa: fix the number of DMA requestor lines\n (bnc#1012382).\n\n - bcache: correct cache_dirty_target in\n __update_writeback_rate() (bnc#1012382).\n\n - bcache: Correct return value for sysfs attach errors\n (bnc#1012382).\n\n - bcache: do not subtract sectors_to_gc for bypassed IO\n (bnc#1012382).\n\n - bcache: fix bch_hprint crash and improve output\n (bnc#1012382).\n\n - bcache: fix for gc and write-back race (bnc#1012382).\n\n - bcache: Fix leak of bdev reference (bnc#1012382).\n\n - bcache: initialize dirty stripes in flash_dev_run()\n (bnc#1012382).\n\n - block: Relax a check in blk_start_queue() (bnc#1012382).\n\n - bsg-lib: do not free job in bsg_prepare_job\n (bnc#1012382).\n\n - btrfs: change how we decide to commit transactions\n during flushing (bsc#1060197).\n\n - btrfs: fix NULL pointer dereference from\n free_reloc_roots() (bnc#1012382).\n\n - btrfs: prevent to set invalid default subvolid\n (bnc#1012382).\n\n - btrfs: propagate error to btrfs_cmp_data_prepare caller\n (bnc#1012382).\n\n - btrfs: qgroup: move noisy underflow warning to debugging\n build (bsc#1055755).\n\n - cifs: Fix SMB3.1.1 guest authentication to Samba\n (bnc#1012382).\n\n - cifs: release auth_key.response for reconnect\n (bnc#1012382).\n\n - crypto: AF_ALG - remove SGL terminator indicator when\n chaining (bnc#1012382).\n\n - crypto: talitos - Do not provide setkey for non hmac\n hashing algs (bnc#1012382).\n\n - crypto: talitos - fix sha224 (bnc#1012382).\n\n - cxl: Fix driver use count (bnc#1012382).\n\n - dmaengine: mmp-pdma: add number of requestors\n (bnc#1012382).\n\n - drivers: net: phy: xgene: Fix mdio write (bsc#1057383).\n\n - drm: Add driver-private objects to atomic state\n (bsc#1055493).\n\n - drm/dp: Introduce MST topology state to track available\n link bandwidth (bsc#1055493).\n\n - efi/fb: Avoid reconfiguration of BAR that covers the\n framebuffer (bsc#1051987).\n\n - efi/fb: Correct PCI_STD_RESOURCE_END usage\n (bsc#1051987).\n\n - ext4: fix incorrect quotaoff if the quota feature is\n enabled (bnc#1012382).\n\n - ext4: fix quota inconsistency during orphan cleanup for\n read-only mounts (bnc#1012382).\n\n - f2fs: check hot_data for roll-forward recovery\n (bnc#1012382).\n\n - fix xen_swiotlb_dma_mmap prototype (bnc#1012382).\n\n - ftrace: Fix memleak when unregistering dynamic ops when\n tracing disabled (bnc#1012382).\n\n - ftrace: Fix selftest goto location on error\n (bnc#1012382).\n\n - genirq: Fix for_each_action_of_desc() macro\n (bsc#1061064).\n\n - getcwd: Close race with d_move called by lustre\n (bsc#1052593).\n\n - gfs2: Fix debugfs glocks dump (bnc#1012382).\n\n - gianfar: Fix Tx flow control deactivation (bnc#1012382).\n\n - hid: usbhid: Add HID_QUIRK_NOGET for Aten CS-1758 KVM\n switch (bnc#1022967).\n\n - input: i8042 - add Gigabyte P57 to the keyboard reset\n table (bnc#1012382).\n\n - iommu/vt-d: Avoid calling virt_to_phys() on NULL pointer\n (bsc#1061067).\n\n - ipv6: accept 64k - 1 packet length in\n ip6_find_1stfragopt() (bnc#1012382).\n\n - ipv6: add rcu grace period before freeing fib6_node\n (bnc#1012382).\n\n - ipv6: fix memory leak with multiple tables during netns\n destruction (bnc#1012382).\n\n - ipv6: fix sparse warning on rt6i_node (bnc#1012382).\n\n - ipv6: fix typo in fib6_net_exit() (bnc#1012382).\n\n - iw_cxgb4: put ep reference in pass_accept_req()\n (fate#321658 bsc#1005778 fate#321660 bsc#1005780\n fate#321661 bsc#1005781).\n\n - KABI fix drivers/nvme/target/nvmet.h (bsc#1058550).\n\n - kabi/severities: ignore nfs_pgio_data_destroy\n\n - kABI: Workaround kABI breakage of AMD-AVIC fixes\n (bsc#1044503).\n\n - keys: fix writing past end of user-supplied buffer in\n keyring_read() (bnc#1012382).\n\n - keys: prevent creating a different user's keyrings\n (bnc#1012382).\n\n - keys: prevent KEYCTL_READ on negative key (bnc#1012382).\n\n - kvm: Add struct kvm_vcpu pointer parameter to\n get_enable_apicv() (bsc#1044503).\n\n - kvm: async_pf: Fix #DF due to inject 'Page not Present'\n and 'Page Ready' exceptions simultaneously\n (bsc#1061017).\n\n - kvm: PPC: Book3S: Fix race and leak in\n kvm_vm_ioctl_create_spapr_tce() (bnc#1012382).\n\n - kvm: SVM: Add a missing 'break' statement (bsc#1061017).\n\n - kvm: SVM: Add irqchip_split() checks before enabling\n AVIC (bsc#1044503).\n\n - kvm: SVM: delete avic_vm_id_bitmap (2 megabyte static\n array) (bsc#1059500).\n\n - kvm: SVM: Refactor AVIC vcpu initialization into\n avic_init_vcpu() (bsc#1044503).\n\n - kvm: VMX: do not change SN bit in vmx_update_pi_irte()\n (bsc#1061017).\n\n - kvm: VMX: remove WARN_ON_ONCE in\n kvm_vcpu_trigger_posted_interrupt (bsc#1061017).\n\n - kvm: VMX: use cmpxchg64 (bnc#1012382).\n\n - mac80211: flush hw_roc_start work before cancelling the\n ROC (bnc#1012382).\n\n - md/bitmap: disable bitmap_resize for file-backed bitmaps\n (bsc#1061172).\n\n - md/raid5: preserve STRIPE_ON_UNPLUG_LIST in\n break_stripe_batch_list (bnc#1012382).\n\n - md/raid5: release/flush io in raid5_do_work()\n (bnc#1012382).\n\n - media: uvcvideo: Prevent heap overflow when accessing\n mapped controls (bnc#1012382).\n\n - media: v4l2-compat-ioctl32: Fix timespec conversion\n (bnc#1012382).\n\n - mips: math-emu: <MAXA|MINA>.<D|S>: Fix cases of both\n infinite inputs (bnc#1012382).\n\n - mips: math-emu: <MAXA|MINA>.<D|S>: Fix cases of input\n values with opposite signs (bnc#1012382).\n\n - mips: math-emu: <MAX|MAXA|MIN|MINA>.<D|S>: Fix cases of\n both inputs zero (bnc#1012382).\n\n - mips: math-emu: <MAX|MAXA|MIN|MINA>.<D|S>: Fix quiet NaN\n propagation (bnc#1012382).\n\n - mips: math-emu: <MAX|MIN>.<D|S>: Fix cases of both\n inputs negative (bnc#1012382).\n\n - mips: math-emu: MINA.<D|S>: Fix some cases of infinity\n and zero inputs (bnc#1012382).\n\n - mm: prevent double decrease of nr_reserved_highatomic\n (bnc#1012382).\n\n - nfsd: Fix general protection fault in\n release_lock_stateid() (bnc#1012382).\n\n - nvme-fabrics: generate spec-compliant UUID NQNs\n (bsc#1057498).\n\n - nvmet: Move serial number from controller to subsystem\n (bsc#1058550).\n\n - nvmet: preserve controller serial number between reboots\n (bsc#1058550).\n\n - pci: Allow PCI express root ports to find themselves\n (bsc#1061046).\n\n - pci: fix oops when try to find Root Port for a PCI\n device (bsc#1061046).\n\n - pci: Fix race condition with driver_override\n (bnc#1012382).\n\n - pci: Mark AMD Stoney GPU ATS as broken (bsc#1061046).\n\n - pci: shpchp: Enable bridge bus mastering if MSI is\n enabled (bnc#1012382).\n\n - perf/x86: Fix RDPMC vs. mm_struct tracking\n (bsc#1061831).\n\n - perf/x86: kABI Workaround for 'perf/x86: Fix RDPMC vs.\n mm_struct tracking' (bsc#1061831).\n\n - perf: xgene: Add APM X-Gene SoC Performance Monitoring\n Unit driver (bsc#1036737).\n\n - perf: xgene: Include module.h (bsc#1036737).\n\n - perf: xgene: Move PMU leaf functions into function\n pointer structure (bsc#1036737).\n\n - perf: xgene: Parse PMU subnode from the match table\n (bsc#1036737).\n\n - powerpc: Fix DAR reporting when alignment handler faults\n (bnc#1012382).\n\n - powerpc/perf: Cleanup of PM_BR_CMPL vs. PM_BRU_CMPL in\n Power9 event list (bsc#1056686, fate#321438,\n bsc#1047238, git-fixes 34922527a2bc).\n\n - powerpc/perf: Factor out PPMU_ONLY_COUNT_RUN check code\n from power8 (fate#321438, bsc#1053043, git-fixes\n efe881afdd999).\n\n - powerpc/pseries: Fix parent_dn reference leak in\n add_dt_node() (bnc#1012382).\n\n - qlge: avoid memcpy buffer overflow (bnc#1012382).\n\n - rdma/bnxt_re: Allocate multiple notification queues\n (bsc#1037579).\n\n - rdma/bnxt_re: Implement the alloc/get_hw_stats callback\n (bsc#1037579).\n\n - Revert 'net: fix percpu memory leaks' (bnc#1012382).\n\n - Revert 'net: phy: Correctly process PHY_HALTED in\n phy_stop_machine()' (bnc#1012382).\n\n - Revert 'net: use lib/percpu_counter API for\n fragmentation mem accounting' (bnc#1012382).\n\n - Revert 'Update\n patches.fixes/xfs-refactor-log-record-unpack-and-data-pr\n ocessing.patch (bsc#1043598, bsc#1036215).' \n\n - Revert 'xfs: detect and handle invalid iclog size set by\n mkfs (bsc#1043598).'\n\n - Revert 'xfs: detect and trim torn writes during log\n recovery (bsc#1036215).' \n\n - Revert 'xfs: refactor and open code log record crc check\n (bsc#1036215).'\n\n - Revert 'xfs: refactor log record start detection into a\n new helper (bsc#1036215).'\n\n - Revert 'xfs: return start block of first bad log record\n during recovery (bsc#1036215).'\n\n - Revert 'xfs: support a crc verification only log record\n pass (bsc#1036215).'\n\n - scsi: ILLEGAL REQUEST + ASC==27 => target failure\n (bsc#1059465).\n\n - scsi: megaraid_sas: Check valid aen class range to avoid\n kernel panic (bnc#1012382).\n\n - scsi: megaraid_sas: Return pended IOCTLs with cmd_status\n MFI_STAT_WRONG_STATE in case adapter is dead\n (bnc#1012382).\n\n - scsi: sg: factor out sg_fill_request_table()\n (bnc#1012382).\n\n - scsi: sg: fixup infoleak when using SG_GET_REQUEST_TABLE\n (bnc#1012382).\n\n - scsi: sg: off by one in sg_ioctl() (bnc#1012382).\n\n - scsi: sg: remove 'save_scat_len' (bnc#1012382).\n\n - scsi: sg: use standard lists for sg_requests\n (bnc#1012382).\n\n - scsi: storvsc: fix memory leak on ring buffer busy\n (bnc#1012382).\n\n - scsi_transport_fc: Also check for NOTPRESENT in\n fc_remote_port_add() (bsc#1037890).\n\n - scsi: zfcp: add handling for FCP_RESID_OVER to the fcp\n ingress path (bnc#1012382).\n\n - scsi: zfcp: fix capping of unsuccessful GPN_FT SAN\n response trace records (bnc#1012382).\n\n - scsi: zfcp: fix missing trace records for early returns\n in TMF eh handlers (bnc#1012382).\n\n - scsi: zfcp: fix passing fsf_req to SCSI trace on TMF to\n correlate with HBA (bnc#1012382).\n\n - scsi: zfcp: fix payload with full FCP_RSP IU in SCSI\n trace records (bnc#1012382).\n\n - scsi: zfcp: fix queuecommand for scsi_eh commands when\n DIX enabled (bnc#1012382).\n\n - scsi: zfcp: trace HBA FSF response by default on dismiss\n or timedout late response (bnc#1012382).\n\n - scsi: zfcp: trace high part of 'new' 64 bit SCSI LUN\n (bnc#1012382).\n\n - seccomp: fix the usage of get/put_seccomp_filter() in\n seccomp_get_filter() (bnc#1012382).\n\n - skd: Avoid that module unloading triggers a\n use-after-free (bnc#1012382).\n\n - skd: Submit requests to firmware before triggering the\n doorbell (bnc#1012382).\n\n - smb3: Do not ignore O_SYNC/O_DSYNC and O_DIRECT flags\n (bnc#1012382).\n\n - smb: Validate negotiate (to protect against downgrade)\n even if signing off (bnc#1012382).\n\n - swiotlb-xen: implement xen_swiotlb_dma_mmap callback\n (bnc#1012382).\n\n - timer/sysclt: Restrict timer migration sysctl values to\n 0 and 1 (bnc#1012382).\n\n - tracing: Apply trace_clock changes to instance max\n buffer (bnc#1012382).\n\n - tracing: Erase irqsoff trace with empty write\n (bnc#1012382).\n\n - tracing: Fix trace_pipe behavior for instance traces\n (bnc#1012382).\n\n - tty: fix __tty_insert_flip_char regression\n (bnc#1012382).\n\n - tty: improve tty_insert_flip_char() fast path\n (bnc#1012382).\n\n - tty: improve tty_insert_flip_char() slow path\n (bnc#1012382).\n\n - Update\n patches.drivers/0029-perf-xgene-Remove-bogus-IS_ERR-chec\n k.patch (bsc#1036737).\n\n - vfs: Return -ENXIO for negative SEEK_HOLE / SEEK_DATA\n offsets (bnc#1012382).\n\n - video: fbdev: aty: do not leak uninitialized padding in\n clk to userspace (bnc#1012382).\n\n - Workaround for kABI compatibility with DP-MST patches\n (bsc#1055493).\n\n - x86/cpu/amd: Hide unused legacy_fixup_core_id() function\n (bsc#1060229).\n\n - x86/cpu/amd: Limit cpu_core_id fixup to families older\n than F17h (bsc#1060229).\n\n - x86/fpu: Do not let userspace set bogus xcomp_bv\n (bnc#1012382).\n\n - x86/fsgsbase/64: Report FSBASE and GSBASE correctly in\n core dumps (bnc#1012382).\n\n - x86/ldt: Fix off by one in get_segment_base()\n (bsc#1061872).\n\n - x86/mm: Fix boot crash caused by incorrect loop count\n calculation in sync_global_pgds() (bsc#1058512).\n\n - x86/mm: Fix fault error path using unsafe vma pointer\n (fate#321300).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1005778\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1005780\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1005781\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1012382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1022967\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1036215\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1036737\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1037579\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1037890\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1043598\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1044503\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1047238\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1051987\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052593\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1053043\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1055493\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1055755\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1056686\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1057383\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1057498\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1058038\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1058410\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1058507\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1058512\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1058550\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1059051\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1059465\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1059500\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1060197\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1060229\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1061017\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1061046\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1061064\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1061067\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1061172\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1061831\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1061872\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected the Linux Kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-pdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-4.4.90-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-base-4.4.90-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-base-debuginfo-4.4.90-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-debuginfo-4.4.90-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-debugsource-4.4.90-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-devel-4.4.90-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-devel-debuginfo-4.4.90-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-default-4.4.90-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-default-base-4.4.90-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-default-base-debuginfo-4.4.90-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-default-debuginfo-4.4.90-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-default-debugsource-4.4.90-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-default-devel-4.4.90-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-devel-4.4.90-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-docs-html-4.4.90-28.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-docs-pdf-4.4.90-28.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-macros-4.4.90-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-obs-build-4.4.90-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-obs-build-debugsource-4.4.90-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-obs-qa-4.4.90-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-source-4.4.90-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-source-vanilla-4.4.90-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-syms-4.4.90-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-vanilla-4.4.90-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-vanilla-base-4.4.90-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-vanilla-base-debuginfo-4.4.90-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-vanilla-debuginfo-4.4.90-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-vanilla-debugsource-4.4.90-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-vanilla-devel-4.4.90-28.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-devel / kernel-macros / kernel-source / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:19:37", "description": "The openSUSE Leap 42.2 Kernel was updated to 4.4.90 to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2017-1000252: The KVM subsystem in the Linux kernel allowed guest OS users to cause a denial of service (assertion failure, and hypervisor hang or crash) via an out-of bounds guest_irq value, related to arch/x86/kvm/vmx.c and virt/kvm/eventfd.c (bnc#1058038).\n\n - CVE-2017-14489: The iscsi_if_rx function in drivers/scsi/scsi_transport_iscsi.c in the Linux kernel allowed local users to cause a denial of service (panic) by leveraging incorrect length validation (bnc#1059051).\n\n - CVE-2017-12153: A security flaw was discovered in the nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux kernel This function did not check whether the required attributes are present in a Netlink request. This request can be issued by a user with the CAP_NET_ADMIN capability and may result in a NULL pointer dereference and system crash (bnc#1058410).\n\n - CVE-2017-12154: The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel did not ensure that the 'CR8-load exiting' and 'CR8-store exiting' L0 vmcs02 controls exist in cases where L1 omits the 'use TPR shadow' vmcs12 control, which allowed KVM L2 guest OS users to obtain read and write access to the hardware CR8 register (bnc#1058507).\n\nThe following non-security bugs were fixed :\n\n - arc: Re-enable MMU upon Machine Check exception (bnc#1012382).\n\n - arm64: fault: Route pte translation faults via do_translation_fault (bnc#1012382).\n\n - arm64: Make sure SPsel is always set (bnc#1012382).\n\n - arm: pxa: add the number of DMA requestor lines (bnc#1012382).\n\n - arm: pxa: fix the number of DMA requestor lines (bnc#1012382).\n\n - bcache: correct cache_dirty_target in\n __update_writeback_rate() (bnc#1012382).\n\n - bcache: Correct return value for sysfs attach errors (bnc#1012382).\n\n - bcache: do not subtract sectors_to_gc for bypassed IO (bnc#1012382).\n\n - bcache: fix bch_hprint crash and improve output (bnc#1012382).\n\n - bcache: fix for gc and write-back race (bnc#1012382).\n\n - bcache: Fix leak of bdev reference (bnc#1012382).\n\n - bcache: initialize dirty stripes in flash_dev_run() (bnc#1012382).\n\n - blacklist.conf: Add commit b5accbb0dfae\n\n - blacklist.conf: add one more\n\n - block: Relax a check in blk_start_queue() (bnc#1012382).\n\n - bsg-lib: do not free job in bsg_prepare_job (bnc#1012382).\n\n - btrfs: change how we decide to commit transactions during flushing (bsc#1060197).\n\n - btrfs: fix NULL pointer dereference from free_reloc_roots() (bnc#1012382).\n\n - btrfs: prevent to set invalid default subvolid (bnc#1012382).\n\n - btrfs: propagate error to btrfs_cmp_data_prepare caller (bnc#1012382).\n\n - btrfs: qgroup: move noisy underflow warning to debugging build (bsc#1055755).\n\n - cifs: Fix SMB3.1.1 guest authentication to Samba (bnc#1012382).\n\n - cifs: release auth_key.response for reconnect (bnc#1012382).\n\n - crypto: AF_ALG - remove SGL terminator indicator when chaining (bnc#1012382).\n\n - crypto: talitos - Do not provide setkey for non hmac hashing algs (bnc#1012382).\n\n - crypto: talitos - fix sha224 (bnc#1012382).\n\n - cxl: Fix driver use count (bnc#1012382).\n\n - dmaengine: mmp-pdma: add number of requestors (bnc#1012382).\n\n - drm: Add driver-private objects to atomic state (bsc#1055493).\n\n - drm/dp: Introduce MST topology state to track available link bandwidth (bsc#1055493).\n\n - ext4: fix incorrect quotaoff if the quota feature is enabled (bnc#1012382).\n\n - ext4: fix quota inconsistency during orphan cleanup for read-only mounts (bnc#1012382).\n\n - f2fs: check hot_data for roll-forward recovery (bnc#1012382).\n\n - fix xen_swiotlb_dma_mmap prototype (bnc#1012382).\n\n - ftrace: Fix memleak when unregistering dynamic ops when tracing disabled (bnc#1012382).\n\n - ftrace: Fix selftest goto location on error (bnc#1012382).\n\n - genirq: Fix for_each_action_of_desc() macro (bsc#1061064).\n\n - getcwd: Close race with d_move called by lustre (bsc#1052593).\n\n - gfs2: Fix debugfs glocks dump (bnc#1012382).\n\n - gianfar: Fix Tx flow control deactivation (bnc#1012382).\n\n - hid: usbhid: Add HID_QUIRK_NOGET for Aten CS-1758 KVM switch (bnc#1022967).\n\n - input: i8042 - add Gigabyte P57 to the keyboard reset table (bnc#1012382).\n\n - iommu/vt-d: Avoid calling virt_to_phys() on NULL pointer (bsc#1061067).\n\n - ipv6: accept 64k - 1 packet length in ip6_find_1stfragopt() (bnc#1012382).\n\n - ipv6: add rcu grace period before freeing fib6_node (bnc#1012382).\n\n - ipv6: fix memory leak with multiple tables during netns destruction (bnc#1012382).\n\n - ipv6: fix sparse warning on rt6i_node (bnc#1012382).\n\n - ipv6: fix typo in fib6_net_exit() (bnc#1012382).\n\n - kabi/severities: ignore nfs_pgio_data_destroy\n\n - keys: fix writing past end of user-supplied buffer in keyring_read() (bnc#1012382).\n\n - keys: prevent creating a different user's keyrings (bnc#1012382).\n\n - keys: prevent KEYCTL_READ on negative key (bnc#1012382).\n\n - kvm: async_pf: Fix #DF due to inject 'Page not Present' and 'Page Ready' exceptions simultaneously (bsc#1061017).\n\n - kvm: PPC: Book3S: Fix race and leak in kvm_vm_ioctl_create_spapr_tce() (bnc#1012382).\n\n - kvm: SVM: Add a missing 'break' statement (bsc#1061017).\n\n - kvm: VMX: do not change SN bit in vmx_update_pi_irte() (bsc#1061017).\n\n - kvm: VMX: remove WARN_ON_ONCE in kvm_vcpu_trigger_posted_interrupt (bsc#1061017).\n\n - kvm: VMX: use cmpxchg64 (bnc#1012382).\n\n - mac80211: flush hw_roc_start work before cancelling the ROC (bnc#1012382).\n\n - md/bitmap: disable bitmap_resize for file-backed bitmaps (bsc#1061172).\n\n - md/raid5: preserve STRIPE_ON_UNPLUG_LIST in break_stripe_batch_list (bnc#1012382).\n\n - md/raid5: release/flush io in raid5_do_work() (bnc#1012382).\n\n - media: uvcvideo: Prevent heap overflow when accessing mapped controls (bnc#1012382).\n\n - media: v4l2-compat-ioctl32: Fix timespec conversion (bnc#1012382).\n\n - mips: math-emu: <MAXA|MINA>.<D|S>: Fix cases of both infinite inputs (bnc#1012382).\n\n - mips: math-emu: <MAXA|MINA>.<D|S>: Fix cases of input values with opposite signs (bnc#1012382).\n\n - mips: math-emu: <MAX|MAXA|MIN|MINA>.<D|S>: Fix cases of both inputs zero (bnc#1012382).\n\n - mips: math-emu: <MAX|MAXA|MIN|MINA>.<D|S>: Fix quiet NaN propagation (bnc#1012382).\n\n - mips: math-emu: <MAX|MIN>.<D|S>: Fix cases of both inputs negative (bnc#1012382).\n\n - mips: math-emu: MINA.<D|S>: Fix some cases of infinity and zero inputs (bnc#1012382).\n\n - mm: prevent double decrease of nr_reserved_highatomic (bnc#1012382).\n\n - nfsd: Fix general protection fault in release_lock_stateid() (bnc#1012382).\n\n - pci: Allow PCI express root ports to find themselves (bsc#1061046).\n\n - pci: fix oops when try to find Root Port for a PCI device (bsc#1061046).\n\n - pci: Fix race condition with driver_override (bnc#1012382).\n\n - pci: shpchp: Enable bridge bus mastering if MSI is enabled (bnc#1012382).\n\n - perf/x86: Fix RDPMC vs. mm_struct tracking (bsc#1061831).\n\n - perf/x86: kABI Workaround for 'perf/x86: Fix RDPMC vs.\n mm_struct tracking' (bsc#1061831).\n\n - powerpc: Fix DAR reporting when alignment handler faults (bnc#1012382).\n\n - powerpc/pseries: Fix parent_dn reference leak in add_dt_node() (bnc#1012382).\n\n - qlge: avoid memcpy buffer overflow (bnc#1012382).\n\n - Revert 'net: fix percpu memory leaks' (bnc#1012382).\n\n - Revert 'net: phy: Correctly process PHY_HALTED in phy_stop_machine()' (bnc#1012382).\n\n - Revert 'net: use lib/percpu_counter API for fragmentation mem accounting' (bnc#1012382).\n\n - scsi: ILLEGAL REQUEST + ASC==27 => target failure (bsc#1059465).\n\n - scsi: megaraid_sas: Check valid aen class range to avoid kernel panic (bnc#1012382).\n\n - scsi: megaraid_sas: Return pended IOCTLs with cmd_status MFI_STAT_WRONG_STATE in case adapter is dead (bnc#1012382).\n\n - scsi: sg: factor out sg_fill_request_table() (bnc#1012382).\n\n - scsi: sg: fixup infoleak when using SG_GET_REQUEST_TABLE (bnc#1012382).\n\n - scsi: sg: off by one in sg_ioctl() (bnc#1012382).\n\n - scsi: sg: remove 'save_scat_len' (bnc#1012382).\n\n - scsi: sg: use standard lists for sg_requests (bnc#1012382).\n\n - scsi: storvsc: fix memory leak on ring buffer busy (bnc#1012382).\n\n - scsi: zfcp: add handling for FCP_RESID_OVER to the fcp ingress path (bnc#1012382).\n\n - scsi: zfcp: fix capping of unsuccessful GPN_FT SAN response trace records (bnc#1012382).\n\n - scsi: zfcp: fix missing trace records for early returns in TMF eh handlers (bnc#1012382).\n\n - scsi: zfcp: fix passing fsf_req to SCSI trace on TMF to correlate with HBA (bnc#1012382).\n\n - scsi: zfcp: fix payload with full FCP_RSP IU in SCSI trace records (bnc#1012382).\n\n - scsi: zfcp: fix queuecommand for scsi_eh commands when DIX enabled (bnc#1012382).\n\n - scsi: zfcp: trace HBA FSF response by default on dismiss or timedout late response (bnc#1012382).\n\n - scsi: zfcp: trace high part of 'new' 64 bit SCSI LUN (bnc#1012382).\n\n - seccomp: fix the usage of get/put_seccomp_filter() in seccomp_get_filter() (bnc#1012382).\n\n - skd: Avoid that module unloading triggers a use-after-free (bnc#1012382).\n\n - skd: Submit requests to firmware before triggering the doorbell (bnc#1012382).\n\n - smb3: Do not ignore O_SYNC/O_DSYNC and O_DIRECT flags (bnc#1012382).\n\n - smb: Validate negotiate (to protect against downgrade) even if signing off (bnc#1012382).\n\n - swiotlb-xen: implement xen_swiotlb_dma_mmap callback (bnc#1012382).\n\n - timer/sysclt: Restrict timer migration sysctl values to 0 and 1 (bnc#1012382).\n\n - tracing: Apply trace_clock changes to instance max buffer (bnc#1012382).\n\n - tracing: Erase irqsoff trace with empty write (bnc#1012382).\n\n - tracing: Fix trace_pipe behavior for instance traces (bnc#1012382).\n\n - tty: fix __tty_insert_flip_char regression (bnc#1012382).\n\n - tty: improve tty_insert_flip_char() fast path (bnc#1012382).\n\n - tty: improve tty_insert_flip_char() slow path (bnc#1012382).\n\n - vfs: Return -ENXIO for negative SEEK_HOLE / SEEK_DATA offsets (bnc#1012382).\n\n - video: fbdev: aty: do not leak uninitialized padding in clk to userspace (bnc#1012382).\n\n - Workaround for kABI compatibility with DP-MST patches (bsc#1055493).\n\n - x86/fpu: Do not let userspace set bogus xcomp_bv (bnc#1012382).\n\n - x86/fsgsbase/64: Report FSBASE and GSBASE correctly in core dumps (bnc#1012382).\n\n - x86/ldt: Fix off by one in get_segment_base() (bsc#1061872).\n\n - xfs/dmapi: fix incorrect file->f_path.dentry->d_inode usage (bsc#1055896).", "cvss3": {}, "published": "2017-10-23T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2017-1159)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000252", "CVE-2017-12153", "CVE-2017-12154", "CVE-2017-14489"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-docs-html", "p-cpe:/a:novell:opensuse:kernel-docs-pdf", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-base", "p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "cpe:/o:novell:opensuse:42.2"], "id": "OPENSUSE-2017-1159.NASL", "href": "https://www.tenable.com/plugins/nessus/104074", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-1159.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104074);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-1000252\", \"CVE-2017-12153\", \"CVE-2017-12154\", \"CVE-2017-14489\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2017-1159)\");\n script_summary(english:\"Check for the openSUSE-2017-1159 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The openSUSE Leap 42.2 Kernel was updated to 4.4.90 to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2017-1000252: The KVM subsystem in the Linux kernel\n allowed guest OS users to cause a denial of service\n (assertion failure, and hypervisor hang or crash) via an\n out-of bounds guest_irq value, related to\n arch/x86/kvm/vmx.c and virt/kvm/eventfd.c (bnc#1058038).\n\n - CVE-2017-14489: The iscsi_if_rx function in\n drivers/scsi/scsi_transport_iscsi.c in the Linux kernel\n allowed local users to cause a denial of service (panic)\n by leveraging incorrect length validation (bnc#1059051).\n\n - CVE-2017-12153: A security flaw was discovered in the\n nl80211_set_rekey_data() function in\n net/wireless/nl80211.c in the Linux kernel This function\n did not check whether the required attributes are\n present in a Netlink request. This request can be issued\n by a user with the CAP_NET_ADMIN capability and may\n result in a NULL pointer dereference and system crash\n (bnc#1058410).\n\n - CVE-2017-12154: The prepare_vmcs02 function in\n arch/x86/kvm/vmx.c in the Linux kernel did not ensure\n that the 'CR8-load exiting' and 'CR8-store exiting' L0\n vmcs02 controls exist in cases where L1 omits the 'use\n TPR shadow' vmcs12 control, which allowed KVM L2 guest\n OS users to obtain read and write access to the hardware\n CR8 register (bnc#1058507).\n\nThe following non-security bugs were fixed :\n\n - arc: Re-enable MMU upon Machine Check exception\n (bnc#1012382).\n\n - arm64: fault: Route pte translation faults via\n do_translation_fault (bnc#1012382).\n\n - arm64: Make sure SPsel is always set (bnc#1012382).\n\n - arm: pxa: add the number of DMA requestor lines\n (bnc#1012382).\n\n - arm: pxa: fix the number of DMA requestor lines\n (bnc#1012382).\n\n - bcache: correct cache_dirty_target in\n __update_writeback_rate() (bnc#1012382).\n\n - bcache: Correct return value for sysfs attach errors\n (bnc#1012382).\n\n - bcache: do not subtract sectors_to_gc for bypassed IO\n (bnc#1012382).\n\n - bcache: fix bch_hprint crash and improve output\n (bnc#1012382).\n\n - bcache: fix for gc and write-back race (bnc#1012382).\n\n - bcache: Fix leak of bdev reference (bnc#1012382).\n\n - bcache: initialize dirty stripes in flash_dev_run()\n (bnc#1012382).\n\n - blacklist.conf: Add commit b5accbb0dfae\n\n - blacklist.conf: add one more\n\n - block: Relax a check in blk_start_queue() (bnc#1012382).\n\n - bsg-lib: do not free job in bsg_prepare_job\n (bnc#1012382).\n\n - btrfs: change how we decide to commit transactions\n during flushing (bsc#1060197).\n\n - btrfs: fix NULL pointer dereference from\n free_reloc_roots() (bnc#1012382).\n\n - btrfs: prevent to set invalid default subvolid\n (bnc#1012382).\n\n - btrfs: propagate error to btrfs_cmp_data_prepare caller\n (bnc#1012382).\n\n - btrfs: qgroup: move noisy underflow warning to debugging\n build (bsc#1055755).\n\n - cifs: Fix SMB3.1.1 guest authentication to Samba\n (bnc#1012382).\n\n - cifs: release auth_key.response for reconnect\n (bnc#1012382).\n\n - crypto: AF_ALG - remove SGL terminator indicator when\n chaining (bnc#1012382).\n\n - crypto: talitos - Do not provide setkey for non hmac\n hashing algs (bnc#1012382).\n\n - crypto: talitos - fix sha224 (bnc#1012382).\n\n - cxl: Fix driver use count (bnc#1012382).\n\n - dmaengine: mmp-pdma: add number of requestors\n (bnc#1012382).\n\n - drm: Add driver-private objects to atomic state\n (bsc#1055493).\n\n - drm/dp: Introduce MST topology state to track available\n link bandwidth (bsc#1055493).\n\n - ext4: fix incorrect quotaoff if the quota feature is\n enabled (bnc#1012382).\n\n - ext4: fix quota inconsistency during orphan cleanup for\n read-only mounts (bnc#1012382).\n\n - f2fs: check hot_data for roll-forward recovery\n (bnc#1012382).\n\n - fix xen_swiotlb_dma_mmap prototype (bnc#1012382).\n\n - ftrace: Fix memleak when unregistering dynamic ops when\n tracing disabled (bnc#1012382).\n\n - ftrace: Fix selftest goto location on error\n (bnc#1012382).\n\n - genirq: Fix for_each_action_of_desc() macro\n (bsc#1061064).\n\n - getcwd: Close race with d_move called by lustre\n (bsc#1052593).\n\n - gfs2: Fix debugfs glocks dump (bnc#1012382).\n\n - gianfar: Fix Tx flow control deactivation (bnc#1012382).\n\n - hid: usbhid: Add HID_QUIRK_NOGET for Aten CS-1758 KVM\n switch (bnc#1022967).\n\n - input: i8042 - add Gigabyte P57 to the keyboard reset\n table (bnc#1012382).\n\n - iommu/vt-d: Avoid calling virt_to_phys() on NULL pointer\n (bsc#1061067).\n\n - ipv6: accept 64k - 1 packet length in\n ip6_find_1stfragopt() (bnc#1012382).\n\n - ipv6: add rcu grace period before freeing fib6_node\n (bnc#1012382).\n\n - ipv6: fix memory leak with multiple tables during netns\n destruction (bnc#1012382).\n\n - ipv6: fix sparse warning on rt6i_node (bnc#1012382).\n\n - ipv6: fix typo in fib6_net_exit() (bnc#1012382).\n\n - kabi/severities: ignore nfs_pgio_data_destroy\n\n - keys: fix writing past end of user-supplied buffer in\n keyring_read() (bnc#1012382).\n\n - keys: prevent creating a different user's keyrings\n (bnc#1012382).\n\n - keys: prevent KEYCTL_READ on negative key (bnc#1012382).\n\n - kvm: async_pf: Fix #DF due to inject 'Page not Present'\n and 'Page Ready' exceptions simultaneously\n (bsc#1061017).\n\n - kvm: PPC: Book3S: Fix race and leak in\n kvm_vm_ioctl_create_spapr_tce() (bnc#1012382).\n\n - kvm: SVM: Add a missing 'break' statement (bsc#1061017).\n\n - kvm: VMX: do not change SN bit in vmx_update_pi_irte()\n (bsc#1061017).\n\n - kvm: VMX: remove WARN_ON_ONCE in\n kvm_vcpu_trigger_posted_interrupt (bsc#1061017).\n\n - kvm: VMX: use cmpxchg64 (bnc#1012382).\n\n - mac80211: flush hw_roc_start work before cancelling the\n ROC (bnc#1012382).\n\n - md/bitmap: disable bitmap_resize for file-backed bitmaps\n (bsc#1061172).\n\n - md/raid5: preserve STRIPE_ON_UNPLUG_LIST in\n break_stripe_batch_list (bnc#1012382).\n\n - md/raid5: release/flush io in raid5_do_work()\n (bnc#1012382).\n\n - media: uvcvideo: Prevent heap overflow when accessing\n mapped controls (bnc#1012382).\n\n - media: v4l2-compat-ioctl32: Fix timespec conversion\n (bnc#1012382).\n\n - mips: math-emu: <MAXA|MINA>.<D|S>: Fix cases of both\n infinite inputs (bnc#1012382).\n\n - mips: math-emu: <MAXA|MINA>.<D|S>: Fix cases of input\n values with opposite signs (bnc#1012382).\n\n - mips: math-emu: <MAX|MAXA|MIN|MINA>.<D|S>: Fix cases of\n both inputs zero (bnc#1012382).\n\n - mips: math-emu: <MAX|MAXA|MIN|MINA>.<D|S>: Fix quiet NaN\n propagation (bnc#1012382).\n\n - mips: math-emu: <MAX|MIN>.<D|S>: Fix cases of both\n inputs negative (bnc#1012382).\n\n - mips: math-emu: MINA.<D|S>: Fix some cases of infinity\n and zero inputs (bnc#1012382).\n\n - mm: prevent double decrease of nr_reserved_highatomic\n (bnc#1012382).\n\n - nfsd: Fix general protection fault in\n release_lock_stateid() (bnc#1012382).\n\n - pci: Allow PCI express root ports to find themselves\n (bsc#1061046).\n\n - pci: fix oops when try to find Root Port for a PCI\n device (bsc#1061046).\n\n - pci: Fix race condition with driver_override\n (bnc#1012382).\n\n - pci: shpchp: Enable bridge bus mastering if MSI is\n enabled (bnc#1012382).\n\n - perf/x86: Fix RDPMC vs. mm_struct tracking\n (bsc#1061831).\n\n - perf/x86: kABI Workaround for 'perf/x86: Fix RDPMC vs.\n mm_struct tracking' (bsc#1061831).\n\n - powerpc: Fix DAR reporting when alignment handler faults\n (bnc#1012382).\n\n - powerpc/pseries: Fix parent_dn reference leak in\n add_dt_node() (bnc#1012382).\n\n - qlge: avoid memcpy buffer overflow (bnc#1012382).\n\n - Revert 'net: fix percpu memory leaks' (bnc#1012382).\n\n - Revert 'net: phy: Correctly process PHY_HALTED in\n phy_stop_machine()' (bnc#1012382).\n\n - Revert 'net: use lib/percpu_counter API for\n fragmentation mem accounting' (bnc#1012382).\n\n - scsi: ILLEGAL REQUEST + ASC==27 => target failure\n (bsc#1059465).\n\n - scsi: megaraid_sas: Check valid aen class range to avoid\n kernel panic (bnc#1012382).\n\n - scsi: megaraid_sas: Return pended IOCTLs with cmd_status\n MFI_STAT_WRONG_STATE in case adapter is dead\n (bnc#1012382).\n\n - scsi: sg: factor out sg_fill_request_table()\n (bnc#1012382).\n\n - scsi: sg: fixup infoleak when using SG_GET_REQUEST_TABLE\n (bnc#1012382).\n\n - scsi: sg: off by one in sg_ioctl() (bnc#1012382).\n\n - scsi: sg: remove 'save_scat_len' (bnc#1012382).\n\n - scsi: sg: use standard lists for sg_requests\n (bnc#1012382).\n\n - scsi: storvsc: fix memory leak on ring buffer busy\n (bnc#1012382).\n\n - scsi: zfcp: add handling for FCP_RESID_OVER to the fcp\n ingress path (bnc#1012382).\n\n - scsi: zfcp: fix capping of unsuccessful GPN_FT SAN\n response trace records (bnc#1012382).\n\n - scsi: zfcp: fix missing trace records for early returns\n in TMF eh handlers (bnc#1012382).\n\n - scsi: zfcp: fix passing fsf_req to SCSI trace on TMF to\n correlate with HBA (bnc#1012382).\n\n - scsi: zfcp: fix payload with full FCP_RSP IU in SCSI\n trace records (bnc#1012382).\n\n - scsi: zfcp: fix queuecommand for scsi_eh commands when\n DIX enabled (bnc#1012382).\n\n - scsi: zfcp: trace HBA FSF response by default on dismiss\n or timedout late response (bnc#1012382).\n\n - scsi: zfcp: trace high part of 'new' 64 bit SCSI LUN\n (bnc#1012382).\n\n - seccomp: fix the usage of get/put_seccomp_filter() in\n seccomp_get_filter() (bnc#1012382).\n\n - skd: Avoid that module unloading triggers a\n use-after-free (bnc#1012382).\n\n - skd: Submit requests to firmware before triggering the\n doorbell (bnc#1012382).\n\n - smb3: Do not ignore O_SYNC/O_DSYNC and O_DIRECT flags\n (bnc#1012382).\n\n - smb: Validate negotiate (to protect against downgrade)\n even if signing off (bnc#1012382).\n\n - swiotlb-xen: implement xen_swiotlb_dma_mmap callback\n (bnc#1012382).\n\n - timer/sysclt: Restrict timer migration sysctl values to\n 0 and 1 (bnc#1012382).\n\n - tracing: Apply trace_clock changes to instance max\n buffer (bnc#1012382).\n\n - tracing: Erase irqsoff trace with empty write\n (bnc#1012382).\n\n - tracing: Fix trace_pipe behavior for instance traces\n (bnc#1012382).\n\n - tty: fix __tty_insert_flip_char regression\n (bnc#1012382).\n\n - tty: improve tty_insert_flip_char() fast path\n (bnc#1012382).\n\n - tty: improve tty_insert_flip_char() slow path\n (bnc#1012382).\n\n - vfs: Return -ENXIO for negative SEEK_HOLE / SEEK_DATA\n offsets (bnc#1012382).\n\n - video: fbdev: aty: do not leak uninitialized padding in\n clk to userspace (bnc#1012382).\n\n - Workaround for kABI compatibility with DP-MST patches\n (bsc#1055493).\n\n - x86/fpu: Do not let userspace set bogus xcomp_bv\n (bnc#1012382).\n\n - x86/fsgsbase/64: Report FSBASE and GSBASE correctly in\n core dumps (bnc#1012382).\n\n - x86/ldt: Fix off by one in get_segment_base()\n (bsc#1061872).\n\n - xfs/dmapi: fix incorrect file->f_path.dentry->d_inode\n usage (bsc#1055896).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1012382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1022967\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052593\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1055493\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1055755\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1055896\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1058038\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1058410\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1058507\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1059051\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1059465\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1060197\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1061017\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1061046\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1061064\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1061067\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1061172\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1061831\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1061872\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected the Linux Kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-pdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-debug-4.4.90-18.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-debug-base-4.4.90-18.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-debug-base-debuginfo-4.4.90-18.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-debug-debuginfo-4.4.90-18.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-debug-debugsource-4.4.90-18.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-debug-devel-4.4.90-18.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-debug-devel-debuginfo-4.4.90-18.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-default-4.4.90-18.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-default-base-4.4.90-18.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-default-base-debuginfo-4.4.90-18.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-default-debuginfo-4.4.90-18.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-default-debugsource-4.4.90-18.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-default-devel-4.4.90-18.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-devel-4.4.90-18.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-docs-html-4.4.90-18.32.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-docs-pdf-4.4.90-18.32.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-macros-4.4.90-18.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-obs-build-4.4.90-18.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-obs-build-debugsource-4.4.90-18.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-obs-qa-4.4.90-18.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-source-4.4.90-18.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-source-vanilla-4.4.90-18.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-syms-4.4.90-18.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-vanilla-4.4.90-18.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-vanilla-base-4.4.90-18.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-vanilla-base-debuginfo-4.4.90-18.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-vanilla-debuginfo-4.4.90-18.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-vanilla-debugsource-4.4.90-18.32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-vanilla-devel-4.4.90-18.32.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-docs-html / kernel-docs-pdf / kernel-devel / kernel-macros / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:14:26", "description": "An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be jmp'ed over, this affects Linux Kernel versions 4.11.5 and earlier (the stackguard page was introduced in 2010). (CVE-2017-1000364)\n\nThe offset2lib patch as used by the Linux Kernel contains a vulnerability, if RLIMIT_STACK is set to RLIMIT_INFINITY and 1 Gigabyte of memory is allocated (the maximum under the 1/4 restriction) then the stack will be grown down to 0x80000000, and as the PIE binary is mapped above 0x80000000 the minimum distance between the end of the PIE binary's read-write segment and the start of the stack becomes small enough that the stack guard page can be jumped over by an attacker. This is a different issue than CVE-2017-1000370 and CVE-2017-1000365 . (CVE-2017-1000371)", "cvss3": {}, "published": "2017-06-20T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : kernel (ALAS-2017-845) (Stack Clash)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000364", "CVE-2017-1000365", "CVE-2017-1000370", "CVE-2017-1000371"], "modified": "2019-04-10T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-doc", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2017-845.NASL", "href": "https://www.tenable.com/plugins/nessus/100874", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2017-845.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(100874);\n script_version(\"3.9\");\n script_cvs_date(\"Date: 2019/04/10 16:10:16\");\n\n script_cve_id(\"CVE-2017-1000364\", \"CVE-2017-1000371\");\n script_xref(name:\"ALAS\", value:\"2017-845\");\n\n script_name(english:\"Amazon Linux AMI : kernel (ALAS-2017-845) (Stack Clash)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An issue was discovered in the size of the stack guard page on Linux,\nspecifically a 4k stack guard page is not sufficiently large and can\nbe jmp'ed over, this affects Linux Kernel versions 4.11.5 and earlier\n(the stackguard page was introduced in 2010). (CVE-2017-1000364)\n\nThe offset2lib patch as used by the Linux Kernel contains a\nvulnerability, if RLIMIT_STACK is set to RLIMIT_INFINITY and 1\nGigabyte of memory is allocated (the maximum under the 1/4\nrestriction) then the stack will be grown down to 0x80000000, and as\nthe PIE binary is mapped above 0x80000000 the minimum distance between\nthe end of the PIE binary's read-write segment and the start of the\nstack becomes small enough that the stack guard page can be jumped\nover by an attacker. This is a different issue than CVE-2017-1000370\nand CVE-2017-1000365 . (CVE-2017-1000371)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2017-845.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update kernel' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'rsh_stack_clash_priv_esc.rb');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/19\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"kernel-4.9.27-14.33.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-debuginfo-4.9.27-14.33.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"i686\", reference:\"kernel-debuginfo-common-i686-4.9.27-14.33.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-4.9.27-14.33.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-devel-4.9.27-14.33.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-doc-4.9.27-14.33.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-headers-4.9.27-14.33.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-4.9.27-14.33.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-debuginfo-4.9.27-14.33.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-devel-4.9.27-14.33.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perf-4.9.27-14.33.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perf-debuginfo-4.9.27-14.33.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-debuginfo-common-i686 / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:08:26", "description": "Dmitry Vyukov discovered that the KVM implementation in the Linux kernel did not properly initialize the Code Segment (CS) in certain error cases. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2016-9756)\n\nAndrey Konovalov discovered that signed integer overflows existed in the setsockopt() system call when handling the SO_SNDBUFFORCE and SO_RCVBUFFORCE options. A local attacker with the CAP_NET_ADMIN capability could use this to cause a denial of service (system crash or memory corruption). (CVE-2016-9793)\n\nBaozeng Ding discovered a race condition that could lead to a use-after- free in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-9794)\n\nBaozeng Ding discovered a double free in the netlink_dump() function in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-9806).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-01-12T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : linux vulnerabilities (USN-3168-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9756", "CVE-2016-9793", "CVE-2016-9794", "CVE-2016-9806"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3168-1.NASL", "href": "https://www.tenable.com/plugins/nessus/96437", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3168-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(96437);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2016-9756\", \"CVE-2016-9793\", \"CVE-2016-9794\", \"CVE-2016-9806\");\n script_xref(name:\"USN\", value:\"3168-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS : linux vulnerabilities (USN-3168-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Dmitry Vyukov discovered that the KVM implementation in the Linux\nkernel did not properly initialize the Code Segment (CS) in certain\nerror cases. A local attacker could use this to expose sensitive\ninformation (kernel memory). (CVE-2016-9756)\n\nAndrey Konovalov discovered that signed integer overflows existed in\nthe setsockopt() system call when handling the SO_SNDBUFFORCE and\nSO_RCVBUFFORCE options. A local attacker with the CAP_NET_ADMIN\ncapability could use this to cause a denial of service (system crash\nor memory corruption). (CVE-2016-9793)\n\nBaozeng Ding discovered a race condition that could lead to a\nuse-after- free in the Advanced Linux Sound Architecture (ALSA)\nsubsystem of the Linux kernel. A local attacker could use this to\ncause a denial of service (system crash). (CVE-2016-9794)\n\nBaozeng Ding discovered a double free in the netlink_dump() function\nin the Linux kernel. A local attacker could use this to cause a denial\nof service (system crash). (CVE-2016-9806).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3168-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2016-9756\", \"CVE-2016-9793\", \"CVE-2016-9794\", \"CVE-2016-9806\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3168-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-107-generic\", pkgver:\"3.13.0-107.154\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-107-generic-lpae\", pkgver:\"3.13.0-107.154\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-107-lowlatency\", pkgver:\"3.13.0-107.154\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-generic\", pkgver:\"3.13.0.107.115\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-generic-lpae\", pkgver:\"3.13.0.107.115\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-lowlatency\", pkgver:\"3.13.0.107.115\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.13-generic / linux-image-3.13-generic-lpae / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:07:57", "description": "USN-3168-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS.\n\nDmitry Vyukov discovered that the KVM implementation in the Linux kernel did not properly initialize the Code Segment (CS) in certain error cases. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2016-9756)\n\nAndrey Konovalov discovered that signed integer overflows existed in the setsockopt() system call when handling the SO_SNDBUFFORCE and SO_RCVBUFFORCE options. A local attacker with the CAP_NET_ADMIN capability could use this to cause a denial of service (system crash or memory corruption). (CVE-2016-9793)\n\nBaozeng Ding discovered a race condition that could lead to a use-after- free in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-9794)\n\nBaozeng Ding discovered a double free in the netlink_dump() function in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-9806).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-01-12T00:00:00", "type": "nessus", "title": "Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-3168-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9756", "CVE-2016-9793", "CVE-2016-9794", "CVE-2016-9806"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-trusty", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-trusty", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-3168-2.NASL", "href": "https://www.tenable.com/plugins/nessus/96438", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3168-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(96438);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2016-9756\", \"CVE-2016-9793\", \"CVE-2016-9794\", \"CVE-2016-9806\");\n script_xref(name:\"USN\", value:\"3168-2\");\n\n script_name(english:\"Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-3168-2)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"USN-3168-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04\nLTS. This update provides the corresponding updates for the Linux\nHardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu\n12.04 LTS.\n\nDmitry Vyukov discovered that the KVM implementation in the Linux\nkernel did not properly initialize the Code Segment (CS) in certain\nerror cases. A local attacker could use this to expose sensitive\ninformation (kernel memory). (CVE-2016-9756)\n\nAndrey Konovalov discovered that signed integer overflows existed in\nthe setsockopt() system call when handling the SO_SNDBUFFORCE and\nSO_RCVBUFFORCE options. A local attacker with the CAP_NET_ADMIN\ncapability could use this to cause a denial of service (system crash\nor memory corruption). (CVE-2016-9793)\n\nBaozeng Ding discovered a race condition that could lead to a\nuse-after- free in the Advanced Linux Sound Architecture (ALSA)\nsubsystem of the Linux kernel. A local attacker could use this to\ncause a denial of service (system crash). (CVE-2016-9794)\n\nBaozeng Ding discovered a double free in the netlink_dump() function\nin the Linux kernel. A local attacker could use this to cause a denial\nof service (system crash). (CVE-2016-9806).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3168-2/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-trusty\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-trusty\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2016-9756\", \"CVE-2016-9793\", \"CVE-2016-9794\", \"CVE-2016-9806\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3168-2\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.13.0-107-generic\", pkgver:\"3.13.0-107.154~precise1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.13.0-107-generic-lpae\", pkgver:\"3.13.0-107.154~precise1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-generic-lpae-lts-trusty\", pkgver:\"3.13.0.107.98\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-generic-lts-trusty\", pkgver:\"3.13.0.107.98\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.13-generic / linux-image-3.13-generic-lpae / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:18:49", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to privilege escalation, denial of service or information leaks.\n\n - CVE-2017-7518 Andy Lutomirski discovered that KVM is prone to an incorrect debug exception (#DB) error occurring while emulating a syscall instruction. A process inside a guest can take advantage of this flaw for privilege escalation inside a guest.\n\n - CVE-2017-7558 (stretch only) Stefano Brivio of Red Hat discovered that the SCTP subsystem is prone to a data leak vulnerability due to an out-of-bounds read flaw, allowing to leak up to 100 uninitialized bytes to userspace.\n\n - CVE-2017-10661 (jessie only) Dmitry Vyukov of Google reported that the timerfd facility does not properly handle certain concurrent operations on a single file descriptor. This allows a local attacker to cause a denial of service or potentially execute arbitrary code.\n\n - CVE-2017-11600 Bo Zhang reported that the xfrm subsystem does not properly validate one of the parameters to a netlink message. Local users with the CAP_NET_ADMIN capability can use this to cause a denial of service or potentially to execute arbitrary code.\n\n - CVE-2017-12134 / #866511 / XSA-229 Jan H. Schoenherr of Amazon discovered that when Linux is running in a Xen PV domain on an x86 system, it may incorrectly merge block I/O requests. A buggy or malicious guest may trigger this bug in dom0 or a PV driver domain, causing a denial of service or potentially execution of arbitrary code.\n\n This issue can be mitigated by disabling merges on the underlying back-end block devices, e.g.:echo 2 > /sys/block/nvme0n1/queue/nomerges\n\n - CVE-2017-12146 (stretch only) Adrian Salido of Google reported a race condition in access to the'driver_override' attribute for platform devices in sysfs. If unprivileged users are permitted to access this attribute, this might allow them to gain privileges.\n\n - CVE-2017-12153 Bo Zhang reported that the cfg80211 (wifi) subsystem does not properly validate the parameters to a netlink message. Local users with the CAP_NET_ADMIN capability (in any user namespace with a wifi device) can use this to cause a denial of service.\n\n - CVE-2017-12154 Jim Mattson of Google reported that the KVM implementation for Intel x86 processors did not correctly handle certain nested hypervisor configurations. A malicious guest (or nested guest in a suitable L1 hypervisor) could use this for denial of service.\n\n - CVE-2017-14106 Andrey Konovalov discovered that a user-triggerable division by zero in the tcp_disconnect() function could result in local denial of service.\n\n - CVE-2017-14140 Otto Ebeling reported that the move_pages() system call performed insufficient validation of the UIDs of the calling and target processes, resulting in a partial ASLR bypass. This made it easier for local users to exploit vulnerabilities in programs installed with the set-UID permission bit set.\n\n - CVE-2017-14156 'sohu0106' reported an information leak in the atyfb video driver. A local user with access to a framebuffer device handled by this driver could use this to obtain sensitive information.\n\n - CVE-2017-14340 Richard Wareing discovered that the XFS implementation allows the creation of files with the 'realtime' flag on a filesystem with no realtime device, which can result in a crash (oops). A local user with access to an XFS filesystem that does not have a realtime device can use this for denial of service.\n\n - CVE-2017-14489 ChunYu Wang of Red Hat discovered that the iSCSI subsystem does not properly validate the length of a netlink message, leading to memory corruption. A local user with permission to manage iSCSI devices can use this for denial of service or possibly to execute arbitrary code.\n\n - CVE-2017-14497 (stretch only) Benjamin Poirier of SUSE reported that vnet headers are not properly handled within the tpacket_rcv() function in the raw packet (af_packet) feature. A local user with the CAP_NET_RAW capability can take advantage of this flaw to cause a denial of service (buffer overflow, and disk and memory corruption) or have other impact.\n\n - CVE-2017-1000111 Andrey Konovalov of Google reported a race condition in the raw packet (af_packet) feature. Local users with the CAP_NET_RAW capability can use this for denial of service or possibly to execute arbitrary code.\n\n - CVE-2017-1000112 Andrey Konovalov of Google reported a race condition flaw in the UDP Fragmentation Offload (UFO) code. A local user can use this flaw for denial of service or possibly to execute arbitrary code.\n\n - CVE-2017-1000251 / #875881 Armis Labs discovered that the Bluetooth subsystem does not properly validate L2CAP configuration responses, leading to a stack-based buffer overflow. This is one of several vulnerabilities dubbed 'Blueborne'. A nearby attacker can use this to cause a denial of service or possibly to execute arbitrary code on a system with Bluetooth enabled.\n\n - CVE-2017-1000252 (stretch only) Jan H. Schoenherr of Amazon reported that the KVM implementation for Intel x86 processors did not correctly validate interrupt injection requests. A local user with permission to use KVM could use this for denial of service.\n\n - CVE-2017-1000370 The Qualys Research Labs reported that a large argument or environment list can result in ASLR bypass for 32-bit PIE binaries.\n\n - CVE-2017-1000371 The Qualys Research Labs reported that a large argument or environment list can result in a stack/heap clash for 32-bit PIE binaries.\n\n - CVE-2017-1000380 Alexander Potapenko of Google reported a race condition in the ALSA (sound) timer driver, leading to an information leak. A local user with permission to access sound devices could use this to obtain sensitive information.\n\nDebian disables unprivileged user namespaces by default, but if they are enabled (via the kernel.unprivileged_userns_clone sysctl) then CVE-2017-11600, CVE-2017-14497 and CVE-2017-1000111 can be exploited by any local user.", "cvss3": {}, "published": "2017-09-21T00:00:00", "type": "nessus", "title": "Debian DSA-3981-1 : linux - security update (BlueBorne) (Stack Clash)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000111", "CVE-2017-1000112", "CVE-2017-1000251", "CVE-2017-1000252", "CVE-2017-1000370", "CVE-2017-1000371", "CVE-2017-1000380", "CVE-2017-10661", "CVE-2017-11600", "CVE-2017-12134", "CVE-2017-12146", "CVE-2017-12153", "CVE-2017-12154", "CVE-2017-14106", "CVE-2017-14140", "CVE-2017-14156", "CVE-2017-14340", "CVE-2017-14489", "CVE-2017-14497", "CVE-2017-7518", "CVE-2017-7558"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:linux", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-3981.NASL", "href": "https://www.tenable.com/plugins/nessus/103365", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3981. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103365);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-1000111\", \"CVE-2017-1000112\", \"CVE-2017-1000251\", \"CVE-2017-1000252\", \"CVE-2017-1000370\", \"CVE-2017-1000371\", \"CVE-2017-1000380\", \"CVE-2017-10661\", \"CVE-2017-11600\", \"CVE-2017-12134\", \"CVE-2017-12146\", \"CVE-2017-12153\", \"CVE-2017-12154\", \"CVE-2017-14106\", \"CVE-2017-14140\", \"CVE-2017-14156\", \"CVE-2017-14340\", \"CVE-2017-14489\", \"CVE-2017-14497\", \"CVE-2017-7518\", \"CVE-2017-7558\");\n script_xref(name:\"DSA\", value:\"3981\");\n\n script_name(english:\"Debian DSA-3981-1 : linux - security update (BlueBorne) (Stack Clash)\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to privilege escalation, denial of service or information\nleaks.\n\n - CVE-2017-7518\n Andy Lutomirski discovered that KVM is prone to an\n incorrect debug exception (#DB) error occurring while\n emulating a syscall instruction. A process inside a\n guest can take advantage of this flaw for privilege\n escalation inside a guest.\n\n - CVE-2017-7558 (stretch only)\n Stefano Brivio of Red Hat discovered that the SCTP\n subsystem is prone to a data leak vulnerability due to\n an out-of-bounds read flaw, allowing to leak up to 100\n uninitialized bytes to userspace.\n\n - CVE-2017-10661 (jessie only)\n Dmitry Vyukov of Google reported that the timerfd\n facility does not properly handle certain concurrent\n operations on a single file descriptor. This allows a\n local attacker to cause a denial of service or\n potentially execute arbitrary code.\n\n - CVE-2017-11600\n Bo Zhang reported that the xfrm subsystem does not\n properly validate one of the parameters to a netlink\n message. Local users with the CAP_NET_ADMIN capability\n can use this to cause a denial of service or potentially\n to execute arbitrary code.\n\n - CVE-2017-12134 / #866511 / XSA-229\n Jan H. Schoenherr of Amazon discovered that when Linux\n is running in a Xen PV domain on an x86 system, it may\n incorrectly merge block I/O requests. A buggy or\n malicious guest may trigger this bug in dom0 or a PV\n driver domain, causing a denial of service or\n potentially execution of arbitrary code.\n\n This issue can be mitigated by disabling merges on the underlying\n back-end block devices, e.g.:echo 2 >\n /sys/block/nvme0n1/queue/nomerges\n\n - CVE-2017-12146 (stretch only)\n Adrian Salido of Google reported a race condition in\n access to the'driver_override' attribute for platform\n devices in sysfs. If unprivileged users are permitted to\n access this attribute, this might allow them to gain\n privileges.\n\n - CVE-2017-12153\n Bo Zhang reported that the cfg80211 (wifi) subsystem\n does not properly validate the parameters to a netlink\n message. Local users with the CAP_NET_ADMIN capability\n (in any user namespace with a wifi device) can use this\n to cause a denial of service.\n\n - CVE-2017-12154\n Jim Mattson of Google reported that the KVM\n implementation for Intel x86 processors did not\n correctly handle certain nested hypervisor\n configurations. A malicious guest (or nested guest in a\n suitable L1 hypervisor) could use this for denial of\n service.\n\n - CVE-2017-14106\n Andrey Konovalov discovered that a user-triggerable\n division by zero in the tcp_disconnect() function could\n result in local denial of service.\n\n - CVE-2017-14140\n Otto Ebeling reported that the move_pages() system call\n performed insufficient validation of the UIDs of the\n calling and target processes, resulting in a partial\n ASLR bypass. This made it easier for local users to\n exploit vulnerabilities in programs installed with the\n set-UID permission bit set.\n\n - CVE-2017-14156\n 'sohu0106' reported an information leak in the atyfb\n video driver. A local user with access to a framebuffer\n device handled by this driver could use this to obtain\n sensitive information.\n\n - CVE-2017-14340\n Richard Wareing discovered that the XFS implementation\n allows the creation of files with the 'realtime' flag on\n a filesystem with no realtime device, which can result\n in a crash (oops). A local user with access to an XFS\n filesystem that does not have a realtime device can use\n this for denial of service.\n\n - CVE-2017-14489\n ChunYu Wang of Red Hat discovered that the iSCSI\n subsystem does not properly validate the length of a\n netlink message, leading to memory corruption. A local\n user with permission to manage iSCSI devices can use\n this for denial of service or possibly to execute\n arbitrary code.\n\n - CVE-2017-14497 (stretch only)\n Benjamin Poirier of SUSE reported that vnet headers are\n not properly handled within the tpacket_rcv() function\n in the raw packet (af_packet) feature. A local user with\n the CAP_NET_RAW capability can take advantage of this\n flaw to cause a denial of service (buffer overflow, and\n disk and memory corruption) or have other impact.\n\n - CVE-2017-1000111\n Andrey Konovalov of Google reported a race condition in\n the raw packet (af_packet) feature. Local users with the\n CAP_NET_RAW capability can use this for denial of\n service or possibly to execute arbitrary code.\n\n - CVE-2017-1000112\n Andrey Konovalov of Google reported a race condition\n flaw in the UDP Fragmentation Offload (UFO) code. A\n local user can use this flaw for denial of service or\n possibly to execute arbitrary code.\n\n - CVE-2017-1000251 / #875881\n Armis Labs discovered that the Bluetooth subsystem does\n not properly validate L2CAP configuration responses,\n leading to a stack-based buffer overflow. This is one of\n several vulnerabilities dubbed 'Blueborne'. A nearby\n attacker can use this to cause a denial of service or\n possibly to execute arbitrary code on a system with\n Bluetooth enabled.\n\n - CVE-2017-1000252 (stretch only)\n Jan H. Schoenherr of Amazon reported that the KVM\n implementation for Intel x86 processors did not\n correctly validate interrupt injection requests. A local\n user with permission to use KVM could use this for\n denial of service.\n\n - CVE-2017-1000370\n The Qualys Research Labs reported that a large argument\n or environment list can result in ASLR bypass for 32-bit\n PIE binaries.\n\n - CVE-2017-1000371\n The Qualys Research Labs reported that a large argument\n or environment list can result in a stack/heap clash for\n 32-bit PIE binaries.\n\n - CVE-2017-1000380\n Alexander Potapenko of Google reported a race condition\n in the ALSA (sound) timer driver, leading to an\n information leak. A local user with permission to access\n sound devices could use this to obtain sensitive\n information.\n\nDebian disables unprivileged user namespaces by default, but if they\nare enabled (via the kernel.unprivileged_userns_clone sysctl) then\nCVE-2017-11600, CVE-2017-14497 and CVE-2017-1000111 can be exploited\nby any local user.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866511\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875881\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-7518\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-7558\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-10661\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-11600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-12134\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-12146\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-12153\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-12154\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-14106\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-14140\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-14156\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-14340\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-14489\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-14497\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-1000111\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-1000112\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-1000251\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-1000252\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-1000370\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-1000371\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-1000380\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-11600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-14497\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-1000111\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/linux\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/linux\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2017/dsa-3981\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade the linux packages.\n\nFor the oldstable distribution (jessie), these problems have been\nfixed in version 3.16.43-2+deb8u5.\n\nFor the stable distribution (stretch), these problems have been fixed\nin version 4.9.30-2+deb9u5.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux Kernel UDP Fragmentation Offset (UFO) Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/21\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"linux-compiler-gcc-4.8-arm\", reference:\"3.16.43-2+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-compiler-gcc-4.8-x86\", reference:\"3.16.43-2+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-compiler-gcc-4.9-x86\", reference:\"3.16.43-2+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-doc-3.16\", reference:\"3.16.43-2+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-586\", reference:\"3.16.43-2+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-686-pae\", reference:\"3.16.43-2+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all\", reference:\"3.16.43-2+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-amd64\", reference:\"3.16.43-2+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-armel\", reference:\"3.16.43-2+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-armhf\", reference:\"3.16.43-2+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-i386\", reference:\"3.16.43-2+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-amd64\", reference:\"3.16.43-2+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-armmp\", reference:\"3.16.43-2+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-armmp-lpae\", reference:\"3.16.43-2+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-common\", reference:\"3.16.43-2+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-ixp4xx\", reference:\"3.16.43-2+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-kirkwood\", reference:\"3.16.43-2+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-orion5x\", reference:\"3.16.43-2+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-versatile\", reference:\"3.16.43-2+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-586\", reference:\"3.16.43-2+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-686-pae\", reference:\"3.16.43-2+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-686-pae-dbg\", reference:\"3.16.43-2+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-amd64\", reference:\"3.16.43-2+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-amd64-dbg\", reference:\"3.16.43-2+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-armmp\", reference:\"3.16.43-2+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-armmp-lpae\", reference:\"3.16.43-2+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-ixp4xx\", reference:\"3.16.43-2+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-kirkwood\", reference:\"3.16.43-2+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-orion5x\", reference:\"3.16.43-2+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-versatile\", reference:\"3.16.43-2+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-libc-dev\", reference:\"3.16.43-2+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-manual-3.16\", reference:\"3.16.43-2+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-source-3.16\", reference:\"3.16.43-2+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-support-3.16.0-9\", reference:\"3.16.43-2+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"xen-linux-system-3.16.0-9-amd64\", reference:\"3.16.43-2+deb8u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"hyperv-daemons\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcpupower-dev\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcpupower1\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libusbip-dev\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-compiler-gcc-6-arm\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-compiler-gcc-6-s390\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-compiler-gcc-6-x86\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-cpupower\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-doc-4.9\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-4kc-malta\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-5kc-malta\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-686\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-686-pae\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-amd64\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-arm64\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-armel\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-armhf\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-i386\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-mips\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-mips64el\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-mipsel\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-ppc64el\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-s390x\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-amd64\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-arm64\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-armmp\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-armmp-lpae\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-common\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-common-rt\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-loongson-3\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-marvell\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-octeon\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-powerpc64le\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-rt-686-pae\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-rt-amd64\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-s390x\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-4kc-malta\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-4kc-malta-dbg\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-5kc-malta\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-5kc-malta-dbg\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686-dbg\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686-pae\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686-pae-dbg\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-amd64\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-amd64-dbg\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-arm64\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-arm64-dbg\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp-dbg\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp-lpae\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp-lpae-dbg\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-loongson-3\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-loongson-3-dbg\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-marvell\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-marvell-dbg\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-octeon\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-octeon-dbg\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-powerpc64le\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-powerpc64le-dbg\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-686-pae\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-686-pae-dbg\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-amd64\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-amd64-dbg\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-s390x\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-s390x-dbg\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-kbuild-4.9\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-libc-dev\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-manual-4.9\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-perf-4.9\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-source-4.9\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-support-4.9.0-9\", reference:\"4.9.30-2+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"usbip\", reference:\"4.9.30-2+deb9u5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-04T14:36:25", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.\n\nCVE-2017-7482\n\nShi Lei discovered that RxRPC Kerberos 5 ticket handling code does not properly verify metadata, leading to information disclosure, denial of service or potentially execution of arbitrary code.\n\nCVE-2017-7542\n\nAn integer overflow vulnerability in the ip6_find_1stfragopt() function was found allowing a local attacker with privileges to open raw sockets to cause a denial of service.\n\nCVE-2017-7889\n\nTommi Rantala and Brad Spengler reported that the mm subsystem does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, allowing a local attacker with access to /dev/mem to obtain sensitive information or potentially execute arbitrary code.\n\nCVE-2017-10661\n\nDmitry Vyukov of Google reported that the timerfd facility does not properly handle certain concurrent operations on a single file descriptor. This allows a local attacker to cause a denial of service or potentially to execute arbitrary code.\n\nCVE-2017-10911 / XSA-216\n\nAnthony Perard of Citrix discovered an information leak flaw in Xen blkif response handling, allowing a malicious unprivileged guest to obtain sensitive information from the host or other guests.\n\nCVE-2017-11176\n\nIt was discovered that the mq_notify() function does not set the sock pointer to NULL upon entry into the retry logic. An attacker can take advantage of this flaw during a userspace close of a Netlink socket to cause a denial of service or potentially cause other impact.\n\nCVE-2017-11600\n\nbo Zhang reported that the xfrm subsystem does not properly validate one of the parameters to a netlink message. Local users with the CAP_NET_ADMIN capability can use this to cause a denial of service or potentially to execute arbitrary code.\n\nCVE-2017-12134 / #866511 / XSA-229\n\nJan H. Schönherr of Amazon discovered that when Linux is running in a Xen PV domain on an x86 system, it may incorrectly merge block I/O requests. A buggy or malicious guest may trigger this bug in dom0 or a PV driver domain, causing a denial of service or potentially execution of arbitrary code.\n\nThis issue can be mitigated by disabling merges on the underlying back-end block devices, e.g.: echo 2 > /sys/block/nvme0n1/queue/nomerges\n\nCVE-2017-12153\n\nbo Zhang reported that the cfg80211 (wifi) subsystem does not properly validate the parameters to a netlink message. Local users with the CAP_NET_ADMIN capability on a system with a wifi device can use this to cause a denial of service.\n\nCVE-2017-12154\n\nJim Mattson of Google reported that the KVM implementation for Intel x86 processors did not correctly handle certain nested hypervisor configurations. A malicious guest (or nested guest in a suitable L1 hypervisor) could use this for denial of service.\n\nCVE-2017-14106\n\nAndrey Konovalov of Google reported that a specific sequence of operations on a TCP socket could lead to division by zero. A local user could use this for denial of service.\n\nCVE-2017-14140\n\nOtto Ebeling reported that the move_pages() system call permitted users to discover the memory layout of a set-UID process running under their real user-ID. This made it easier for local users to exploit vulnerabilities in programs installed with the set-UID permission bit set.\n\nCVE-2017-14156\n\n'sohu0106' reported an information leak in the atyfb video driver. A local user with access to a framebuffer device handled by this driver could use this to obtain sensitive information.\n\nCVE-2017-14340\n\nRichard Wareing discovered that the XFS implementation allows the creation of files with the 'realtime' flag on a filesystem with no realtime device, which can result in a crash (oops). A local user with access to an XFS filesystem that does not have a realtime device can use this for denial of service.\n\nCVE-2017-14489\n\nChunYu of Red Hat discovered that the iSCSI subsystem does not properly validate the length of a netlink message, leading to memory corruption. A local user with permission to manage iSCSI devices can use this for denial of service or possibly to execute arbitrary code.\n\nCVE-2017-1000111\n\nAndrey Konovalov of Google reported that a race condition in the raw packet (af_packet) feature. Local users with the CAP_NET_RAW capability can use this to cause a denial of service or possibly to execute arbitrary code.\n\nCVE-2017-1000251 / #875881\n\nArmis Labs discovered that the Bluetooth subsystem does not properly validate L2CAP configuration responses, leading to a stack buffer overflow. This is one of several vulnerabilities dubbed 'Blueborne'. A nearby attacker can use this to cause a denial of service or possibly to execute arbitrary code on a system with Bluetooth enabled.\n\nCVE-2017-1000363\n\nRoee Hay reported that the lp driver does not properly bounds-check passed arguments. This has no security impact in Debian.\n\nCVE-2017-1000365\n\nIt was discovered that argument and environment pointers are not properly taken into account by the size restrictions on arguments and environmental strings passed through execve(). A local attacker can take advantage of this flaw in conjunction with other flaws to execute arbitrary code.\n\nCVE-2017-1000380\n\nAlexander Potapenko of Google reported a race condition in the ALSA (sound) timer driver, leading to an information leak. A local user with permission to access sound devices could use this to obtain sensitive information.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 3.2.93-1. This version also includes bug fixes from upstream versions up to and including 3.2.93.\n\nFor Debian 8 'Jessie', these problems have been fixed in version 3.16.43-2+deb8u4 or were fixed in an earlier version.\n\nFor Debian 9 'Stretch', these problems have been fixed in version 4.9.30-2+deb9u4 or were fixed in an earlier version.\n\nWe recommend that you upgrade your linux packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-09-21T00:00:00", "type": "nessus", "title": "Debian DLA-1099-1 : linux security update (BlueBorne) (Stack Clash)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000111", "CVE-2017-1000251", "CVE-2017-1000363", "CVE-2017-1000365", "CVE-2017-1000380", "CVE-2017-10661", "CVE-2017-10911", "CVE-2017-11176", "CVE-2017-11600", "CVE-2017-12134", "CVE-2017-12153", "CVE-2017-12154", "CVE-2017-14106", "CVE-2017-14140", "CVE-2017-14156", "CVE-2017-14340", "CVE-2017-14489", "CVE-2017-7482", "CVE-2017-7542", "CVE-2017-7889"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:linux", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-1099.NASL", "href": "https://www.tenable.com/plugins/nessus/103363", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1099-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103363);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-1000111\", \"CVE-2017-1000251\", \"CVE-2017-1000363\", \"CVE-2017-1000365\", \"CVE-2017-1000380\", \"CVE-2017-10661\", \"CVE-2017-10911\", \"CVE-2017-11176\", \"CVE-2017-11600\", \"CVE-2017-12134\", \"CVE-2017-12153\", \"CVE-2017-12154\", \"CVE-2017-14106\", \"CVE-2017-14140\", \"CVE-2017-14156\", \"CVE-2017-14340\", \"CVE-2017-14489\", \"CVE-2017-7482\", \"CVE-2017-7542\", \"CVE-2017-7889\");\n\n script_name(english:\"Debian DLA-1099-1 : linux security update (BlueBorne) (Stack Clash)\");\n script_summary(english:\"Checks dpkg output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2017-7482\n\nShi Lei discovered that RxRPC Kerberos 5 ticket handling code does not\nproperly verify metadata, leading to information disclosure, denial of\nservice or potentially execution of arbitrary code.\n\nCVE-2017-7542\n\nAn integer overflow vulnerability in the ip6_find_1stfragopt()\nfunction was found allowing a local attacker with privileges to open\nraw sockets to cause a denial of service.\n\nCVE-2017-7889\n\nTommi Rantala and Brad Spengler reported that the mm subsystem does\nnot properly enforce the CONFIG_STRICT_DEVMEM protection mechanism,\nallowing a local attacker with access to /dev/mem to obtain sensitive\ninformation or potentially execute arbitrary code.\n\nCVE-2017-10661\n\nDmitry Vyukov of Google reported that the timerfd facility does not\nproperly handle certain concurrent operations on a single file\ndescriptor. This allows a local attacker to cause a denial of service\nor potentially to execute arbitrary code.\n\nCVE-2017-10911 / XSA-216\n\nAnthony Perard of Citrix discovered an information leak flaw in Xen\nblkif response handling, allowing a malicious unprivileged guest to\nobtain sensitive information from the host or other guests.\n\nCVE-2017-11176\n\nIt was discovered that the mq_notify() function does not set the sock\npointer to NULL upon entry into the retry logic. An attacker can take\nadvantage of this flaw during a userspace close of a Netlink socket to\ncause a denial of service or potentially cause other impact.\n\nCVE-2017-11600\n\nbo Zhang reported that the xfrm subsystem does not properly validate\none of the parameters to a netlink message. Local users with the\nCAP_NET_ADMIN capability can use this to cause a denial of service or\npotentially to execute arbitrary code.\n\nCVE-2017-12134 / #866511 / XSA-229\n\nJan H. Schönherr of Amazon discovered that when Linux is running\nin a Xen PV domain on an x86 system, it may incorrectly merge block\nI/O requests. A buggy or malicious guest may trigger this bug in dom0\nor a PV driver domain, causing a denial of service or potentially\nexecution of arbitrary code.\n\nThis issue can be mitigated by disabling merges on the\nunderlying back-end block devices, e.g.: echo 2 >\n/sys/block/nvme0n1/queue/nomerges\n\nCVE-2017-12153\n\nbo Zhang reported that the cfg80211 (wifi) subsystem does not properly\nvalidate the parameters to a netlink message. Local users with the\nCAP_NET_ADMIN capability on a system with a wifi device can use this\nto cause a denial of service.\n\nCVE-2017-12154\n\nJim Mattson of Google reported that the KVM implementation for Intel\nx86 processors did not correctly handle certain nested hypervisor\nconfigurations. A malicious guest (or nested guest in a suitable L1\nhypervisor) could use this for denial of service.\n\nCVE-2017-14106\n\nAndrey Konovalov of Google reported that a specific sequence of\noperations on a TCP socket could lead to division by zero. A local\nuser could use this for denial of service.\n\nCVE-2017-14140\n\nOtto Ebeling reported that the move_pages() system call permitted\nusers to discover the memory layout of a set-UID process running under\ntheir real user-ID. This made it easier for local users to exploit\nvulnerabilities in programs installed with the set-UID permission bit\nset.\n\nCVE-2017-14156\n\n'sohu0106' reported an information leak in the atyfb video driver. A\nlocal user with access to a framebuffer device handled by this driver\ncould use this to obtain sensitive information.\n\nCVE-2017-14340\n\nRichard Wareing discovered that the XFS implementation allows the\ncreation of files with the 'realtime' flag on a filesystem with no\nrealtime device, which can result in a crash (oops). A local user with\naccess to an XFS filesystem that does not have a realtime device can\nuse this for denial of service.\n\nCVE-2017-14489\n\nChunYu of Red Hat discovered that the iSCSI subsystem does not\nproperly validate the length of a netlink message, leading to memory\ncorruption. A local user with permission to manage iSCSI devices can\nuse this for denial of service or possibly to execute arbitrary code.\n\nCVE-2017-1000111\n\nAndrey Konovalov of Google reported that a race condition in the raw\npacket (af_packet) feature. Local users with the CAP_NET_RAW\ncapability can use this to cause a denial of service or possibly to\nexecute arbitrary code.\n\nCVE-2017-1000251 / #875881\n\nArmis Labs discovered that the Bluetooth subsystem does not properly\nvalidate L2CAP configuration responses, leading to a stack buffer\noverflow. This is one of several vulnerabilities dubbed 'Blueborne'. A\nnearby attacker can use this to cause a denial of service or possibly\nto execute arbitrary code on a system with Bluetooth enabled.\n\nCVE-2017-1000363\n\nRoee Hay reported that the lp driver does not properly bounds-check\npassed arguments. This has no security impact in Debian.\n\nCVE-2017-1000365\n\nIt was discovered that argument and environment pointers are not\nproperly taken into account by the size restrictions on arguments and\nenvironmental strings passed through execve(). A local attacker can\ntake advantage of this flaw in conjunction with other flaws to execute\narbitrary code.\n\nCVE-2017-1000380\n\nAlexander Potapenko of Google reported a race condition in the ALSA\n(sound) timer driver, leading to an information leak. A local user\nwith permission to access sound devices could use this to obtain\nsensitive information.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n3.2.93-1. This version also includes bug fixes from upstream versions\nup to and including 3.2.93.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n3.16.43-2+deb8u4 or were fixed in an earlier version.\n\nFor Debian 9 'Stretch', these problems have been fixed in version\n4.9.30-2+deb9u4 or were fixed in an earlier version.\n\nWe recommend that you upgrade your linux packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/09/msg00017.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected linux package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/21\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"linux\", reference:\"3.2.93-1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:18:32", "description": "According to the versions of the parallels-server-bm-release / vzkernel / etc packages installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities :\n\n - An integer overflow vulnerability in ip6_find_1stfragopt() function was found. A local attacker that has privileges (of CAP_NET_RAW) to open raw socket can cause an infinite loop inside the ip6_find_1stfragopt() function.\n\n - Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing.\n\n - A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets are implemented in the Linux kernel networking subsystem handling synchronization. A local user able to open a raw packet socket (requires the CAP_NET_RAW capability) could use this flaw to elevate their privileges on the system.\n\n - Andrey Konovalov discovered a race condition in the UDP Fragmentation Offload (UFO) code in the Linux kernel. A local attacker could use this to cause a denial of service or execute arbitrary code.\n\n - Kernel memory corruption due to a buffer overflow was found in brcmf_cfg80211_mgmt_tx() function in Linux kernels from v3.9-rc1 to v4.13-rc1. The vulnerability can be triggered by sending a crafted NL80211_CMD_FRAME packet via netlink. This flaw is unlikely to be triggered remotely as certain userspace code is needed for this. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.\n\n - The mq_notify function in the Linux kernel through 4.11.9 does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allows attackers to possibly cause a situation where a value may be used after being freed (use after free) which may lead to memory corruption or other unspecified other impact.\n\n - The tcp_disconnect function in net/ipv4/tcp.c in the Linux kernel before 4.12 allows local users to cause a denial of service (__tcp_select_window divide-by-zero error and system crash) by triggering a disconnect within a certain tcp_recvmsg code path.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-09-05T00:00:00", "type": "nessus", "title": "Virtuozzo 6 : parallels-server-bm-release / vzkernel / etc (VZA-2017-076)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000111", "CVE-2017-1000112", "CVE-2017-10661", "CVE-2017-11176", "CVE-2017-14106", "CVE-2017-7541", "CVE-2017-7542"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:virtuozzo:virtuozzo:parallels-server-bm-release", "p-cpe:/a:virtuozzo:virtuozzo:vzkernel", "p-cpe:/a:virtuozzo:virtuozzo:vzkernel-devel", "p-cpe:/a:virtuozzo:virtuozzo:vzkernel-firmware", "p-cpe:/a:virtuozzo:virtuozzo:vzmodules", "p-cpe:/a:virtuozzo:virtuozzo:vzmodules-devel", "cpe:/o:virtuozzo:virtuozzo:6"], "id": "VIRTUOZZO_VZA-2017-076.NASL", "href": "https://www.tenable.com/plugins/nessus/102922", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102922);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\n \"CVE-2017-1000111\",\n \"CVE-2017-1000112\",\n \"CVE-2017-10661\",\n \"CVE-2017-11176\",\n \"CVE-2017-14106\",\n \"CVE-2017-7541\",\n \"CVE-2017-7542\"\n );\n\n script_name(english:\"Virtuozzo 6 : parallels-server-bm-release / vzkernel / etc (VZA-2017-076)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the parallels-server-bm-release /\nvzkernel / etc packages installed, the Virtuozzo installation on the\nremote host is affected by the following vulnerabilities :\n\n - An integer overflow vulnerability in\n ip6_find_1stfragopt() function was found. A local\n attacker that has privileges (of CAP_NET_RAW) to open\n raw socket can cause an infinite loop inside the\n ip6_find_1stfragopt() function.\n\n - Race condition in fs/timerfd.c in the Linux kernel\n before 4.10.15 allows local users to gain privileges or\n cause a denial of service (list corruption or\n use-after-free) via simultaneous file-descriptor\n operations that leverage improper might_cancel\n queueing.\n\n - A race condition issue leading to a use-after-free flaw\n was found in the way the raw packet sockets are\n implemented in the Linux kernel networking subsystem\n handling synchronization. A local user able to open a\n raw packet socket (requires the CAP_NET_RAW capability)\n could use this flaw to elevate their privileges on the\n system.\n\n - Andrey Konovalov discovered a race condition in the UDP\n Fragmentation Offload (UFO) code in the Linux kernel. A\n local attacker could use this to cause a denial of\n service or execute arbitrary code.\n\n - Kernel memory corruption due to a buffer overflow was\n found in brcmf_cfg80211_mgmt_tx() function in Linux\n kernels from v3.9-rc1 to v4.13-rc1. The vulnerability\n can be triggered by sending a crafted NL80211_CMD_FRAME\n packet via netlink. This flaw is unlikely to be\n triggered remotely as certain userspace code is needed\n for this. An unprivileged local user could use this\n flaw to induce kernel memory corruption on the system,\n leading to a crash. Due to the nature of the flaw,\n privilege escalation cannot be fully ruled out,\n although we believe it is unlikely.\n\n - The mq_notify function in the Linux kernel through\n 4.11.9 does not set the sock pointer to NULL upon entry\n into the retry logic. During a user-space close of a\n Netlink socket, it allows attackers to possibly cause a\n situation where a value may be used after being freed\n (use after free) which may lead to memory corruption or\n other unspecified other impact.\n\n - The tcp_disconnect function in net/ipv4/tcp.c in the\n Linux kernel before 4.12 allows local users to cause a\n denial of service (__tcp_select_window divide-by-zero\n error and system crash) by triggering a disconnect\n within a certain tcp_recvmsg code path.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://help.virtuozzo.com/customer/portal/articles/2869792\");\n script_set_attribute(attribute:\"see_also\", value:\"https://rhn.redhat.com/errata/RHBA-2017-2504.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://rhn.redhat.com/errata/RHSA-2017-0892.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://rhn.redhat.com/errata/RHSA-2017-1372.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://rhn.redhat.com/errata/RHSA-2017-1486.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://rhn.redhat.com/errata/RHSA-2017-1723.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected parallels-server-bm-release / vzkernel / etc packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux Kernel UDP Fragmentation Offset (UFO) Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:parallels-server-bm-release\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:vzkernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:vzkernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:vzkernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:vzmodules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:vzmodules-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 6.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nflag = 0;\n\npkgs = [\"parallels-server-bm-release-6.0.12-3683\",\n \"vzkernel-2.6.32-042stab124.2\",\n \"vzkernel-devel-2.6.32-042stab124.2\",\n \"vzkernel-firmware-2.6.32-042stab124.2\",\n \"vzmodules-2.6.32-042stab124.2\",\n \"vzmodules-devel-2.6.32-042stab124.2\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"Virtuozzo-6\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"parallels-server-bm-release / vzkernel / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:07:54", "description": "Baozeng Ding discovered a race condition that could lead to a use-after- free in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-9794)\n\nAndrey Konovalov discovered that signed integer overflows existed in the setsockopt() system call when handling the SO_SNDBUFFORCE and SO_RCVBUFFORCE options. A local attacker with the CAP_NET_ADMIN capability could use this to cause a denial of service (system crash or memory corruption). (CVE-2016-9793).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-01-12T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : linux-raspi2 vulnerabilities (USN-3169-3)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9793", "CVE-2016-9794"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "UBUNTU_USN-3169-3.NASL", "href": "https://www.tenable.com/plugins/nessus/96441", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3169-3. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(96441);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2016-9793\", \"CVE-2016-9794\");\n script_xref(name:\"USN\", value:\"3169-3\");\n\n script_name(english:\"Ubuntu 16.04 LTS : linux-raspi2 vulnerabilities (USN-3169-3)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Baozeng Ding discovered a race condition that could lead to a\nuse-after- free in the Advanced Linux Sound Architecture (ALSA)\nsubsystem of the Linux kernel. A local attacker could use this to\ncause a denial of service (system crash). (CVE-2016-9794)\n\nAndrey Konovalov discovered that signed integer overflows existed in\nthe setsockopt() system call when handling the SO_SNDBUFFORCE and\nSO_RCVBUFFORCE options. A local attacker with the CAP_NET_ADMIN\ncapability could use this to cause a denial of service (system crash\nor memory corruption). (CVE-2016-9793).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3169-3/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected linux-image-4.4-raspi2 and / or linux-image-raspi2\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2016-9793\", \"CVE-2016-9794\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3169-3\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1040-raspi2\", pkgver:\"4.4.0-1040.47\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-raspi2\", pkgver:\"4.4.0.1040.39\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.4-raspi2 / linux-image-raspi2\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:07:38", "description": "Baozeng Ding discovered a race condition that could lead to a use-after- free in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-9794)\n\nAndrey Konovalov discovered that signed integer overflows existed in the setsockopt() system call when handling the SO_SNDBUFFORCE and SO_RCVBUFFORCE options. A local attacker with the CAP_NET_ADMIN capability could use this to cause a denial of service (system crash or memory corruption). (CVE-2016-9793).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-01-12T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : linux-snapdragon vulnerabilities (USN-3169-4)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9793", "CVE-2016-9794"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "UBUNTU_USN-3169-4.NASL", "href": "https://www.tenable.com/plugins/nessus/96442", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3169-4. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(96442);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2016-9793\", \"CVE-2016-9794\");\n script_xref(name:\"USN\", value:\"3169-4\");\n\n script_name(english:\"Ubuntu 16.04 LTS : linux-snapdragon vulnerabilities (USN-3169-4)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Baozeng Ding discovered a race condition that could lead to a\nuse-after- free in the Advanced Linux Sound Architecture (ALSA)\nsubsystem of the Linux kernel. A local attacker could use this to\ncause a denial of service (system crash). (CVE-2016-9794)\n\nAndrey Konovalov discovered that signed integer overflows existed in\nthe setsockopt() system call when handling the SO_SNDBUFFORCE and\nSO_RCVBUFFORCE options. A local attacker with the CAP_NET_ADMIN\ncapability could use this to cause a denial of service (system crash\nor memory corruption). (CVE-2016-9793).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3169-4/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected linux-image-4.4-snapdragon and / or\nlinux-image-snapdragon packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2016-9793\", \"CVE-2016-9794\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3169-4\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1044-snapdragon\", pkgver:\"4.4.0-1044.48\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-snapdragon\", pkgver:\"4.4.0.1044.36\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.4-snapdragon / linux-image-snapdragon\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:14:19", "description": "New kernel packages are available for Slackware 14.1 to fix security issues.", "cvss3": {}, "published": "2017-06-30T00:00:00", "type": "nessus", "title": "Slackware 14.1 : Slackware 14.1 kernel (SSA:2017-180-01) (Stack Clash)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000364", "CVE-2017-1000365"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:kernel-generic", "p-cpe:/a:slackware:slackware_linux:kernel-generic-smp", "p-cpe:/a:slackware:slackware_linux:kernel-headers", "p-cpe:/a:slackware:slackware_linux:kernel-huge", "p-cpe:/a:slackware:slackware_linux:kernel-huge-smp", "p-cpe:/a:slackware:slackware_linux:kernel-modules", "p-cpe:/a:slackware:slackware_linux:kernel-modules-smp", "p-cpe:/a:slackware:slackware_linux:kernel-source", "cpe:/o:slackware:slackware_linux:14.1"], "id": "SLACKWARE_SSA_2017-180-01.NASL", "href": "https://www.tenable.com/plugins/nessus/101115", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2017-180-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101115);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2017-1000364\", \"CVE-2017-1000365\");\n script_xref(name:\"SSA\", value:\"2017-180-01\");\n\n script_name(english:\"Slackware 14.1 : Slackware 14.1 kernel (SSA:2017-180-01) (Stack Clash)\");\n script_summary(english:\"Checks for updated packages in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New kernel packages are available for Slackware 14.1 to fix security\nissues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2017&m=slackware-security.696048\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bac2e0dd\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'rsh_stack_clash_priv_esc.rb');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-generic-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-huge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-huge-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-modules-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/29\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.1\", pkgname:\"kernel-generic\", pkgver:\"3.10.107\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.1\", pkgname:\"kernel-generic-smp\", pkgver:\"3.10.107_smp\", pkgarch:\"i686\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.1\", pkgname:\"kernel-headers\", pkgver:\"3.10.107_smp\", pkgarch:\"x86\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.1\", pkgname:\"kernel-huge\", pkgver:\"3.10.107\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.1\", pkgname:\"kernel-huge-smp\", pkgver:\"3.10.107_smp\", pkgarch:\"i686\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.1\", pkgname:\"kernel-modules\", pkgver:\"3.10.107\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.1\", pkgname:\"kernel-modules-smp\", pkgver:\"3.10.107_smp\", pkgarch:\"i686\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.1\", pkgname:\"kernel-source\", pkgver:\"3.10.107_smp\", pkgarch:\"noarch\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"kernel-generic\", pkgver:\"3.10.107\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"kernel-headers\", pkgver:\"3.10.107\", pkgarch:\"x86\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"kernel-huge\", pkgver:\"3.10.107\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"kernel-modules\", pkgver:\"3.10.107\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"kernel-source\", pkgver:\"3.10.107\", pkgarch:\"noarch\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:13:49", "description": "New kernel packages are available for Slackware 14.2 and -current to fix security issues.", "cvss3": {}, "published": "2017-06-27T00:00:00", "type": "nessus", "title": "Slackware 14.2 / current : kernel (SSA:2017-177-01) (Stack Clash)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000364", "CVE-2017-1000365"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:kernel-firmware", "p-cpe:/a:slackware:slackware_linux:kernel-generic", "p-cpe:/a:slackware:slackware_linux:kernel-generic-smp", "p-cpe:/a:slackware:slackware_linux:kernel-headers", "p-cpe:/a:slackware:slackware_linux:kernel-huge", "p-cpe:/a:slackware:slackware_linux:kernel-huge-smp", "p-cpe:/a:slackware:slackware_linux:kernel-modules", "p-cpe:/a:slackware:slackware_linux:kernel-modules-smp", "p-cpe:/a:slackware:slackware_linux:kernel-source", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:14.2"], "id": "SLACKWARE_SSA_2017-177-01.NASL", "href": "https://www.tenable.com/plugins/nessus/101051", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2017-177-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101051);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2017-1000364\", \"CVE-2017-1000365\");\n script_xref(name:\"SSA\", value:\"2017-177-01\");\n\n script_name(english:\"Slackware 14.2 / current : kernel (SSA:2017-177-01) (Stack Clash)\");\n script_summary(english:\"Checks for updated packages in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New kernel packages are available for Slackware 14.2 and -current to\nfix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2017&m=slackware-security.943584\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bd4a4e0b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'rsh_stack_clash_priv_esc.rb');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-generic-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-huge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-huge-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-modules-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/26\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.2\", pkgname:\"kernel-firmware\", pkgver:\"20170626git\", pkgarch:\"noarch\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", pkgname:\"kernel-generic\", pkgver:\"4.4.74\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", pkgname:\"kernel-generic-smp\", pkgver:\"4.4.74_smp\", pkgarch:\"i686\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", pkgname:\"kernel-headers\", pkgver:\"4.4.74_smp\", pkgarch:\"x86\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", pkgname:\"kernel-huge\", pkgver:\"4.4.74\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", pkgname:\"kernel-huge-smp\", pkgver:\"4.4.74_smp\", pkgarch:\"i686\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", pkgname:\"kernel-modules\", pkgver:\"4.4.74\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", pkgname:\"kernel-modules-smp\", pkgver:\"4.4.74_smp\", pkgarch:\"i686\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", pkgname:\"kernel-source\", pkgver:\"4.4.74_smp\", pkgarch:\"noarch\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"kernel-firmware\", pkgver:\"20170626git\", pkgarch:\"noarch\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"kernel-generic\", pkgver:\"4.4.74\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"kernel-headers\", pkgver:\"4.4.74\", pkgarch:\"x86\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"kernel-huge\", pkgver:\"4.4.74\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"kernel-modules\", pkgver:\"4.4.74\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"kernel-source\", pkgver:\"4.4.74\", pkgarch:\"noarch\", pkgnum:\"1\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"kernel-firmware\", pkgver:\"20170626git\", pkgarch:\"noarch\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", pkgname:\"kernel-generic\", pkgver:\"4.9.34\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", pkgname:\"kernel-generic-smp\", pkgver:\"4.9.34_smp\", pkgarch:\"i686\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", pkgname:\"kernel-headers\", pkgver:\"4.9.34_smp\", pkgarch:\"x86\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", pkgname:\"kernel-huge\", pkgver:\"4.9.34\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", pkgname:\"kernel-huge-smp\", pkgver:\"4.9.34_smp\", pkgarch:\"i686\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", pkgname:\"kernel-modules\", pkgver:\"4.9.34\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", pkgname:\"kernel-modules-smp\", pkgver:\"4.9.34_smp\", pkgarch:\"i686\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", pkgname:\"kernel-source\", pkgver:\"4.9.34_smp\", pkgarch:\"noarch\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"kernel-firmware\", pkgver:\"20170626git\", pkgarch:\"noarch\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"kernel-generic\", pkgver:\"4.9.34\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"kernel-headers\", pkgver:\"4.9.34\", pkgarch:\"x86\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"kernel-huge\", pkgver:\"4.9.34\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"kernel-modules\", pkgver:\"4.9.34\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"kernel-source\", pkgver:\"4.9.34\", pkgarch:\"noarch\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:14:30", "description": "The 4.11.6 update contains a number of important fixes across the tree, including the recently announced 'stack clash'\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-06-28T00:00:00", "type": "nessus", "title": "Fedora 24 : kernel (2017-05f10e29f4) (Stack Clash)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000364", "CVE-2017-1000365", "CVE-2017-1000370", "CVE-2017-1000371", "CVE-2017-1000379"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2017-05F10E29F4.NASL", "href": "https://www.tenable.com/plugins/nessus/101068", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-05f10e29f4.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101068);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-1000364\", \"CVE-2017-1000365\", \"CVE-2017-1000370\", \"CVE-2017-1000371\", \"CVE-2017-1000379\");\n script_xref(name:\"FEDORA\", value:\"2017-05f10e29f4\");\n\n script_name(english:\"Fedora 24 : kernel (2017-05f10e29f4) (Stack Clash)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 4.11.6 update contains a number of important fixes across the\ntree, including the recently announced 'stack clash'\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-05f10e29f4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'rsh_stack_clash_priv_esc.rb');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/28\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-1000364\", \"CVE-2017-1000365\", \"CVE-2017-1000370\", \"CVE-2017-1000371\", \"CVE-2017-1000379\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2017-05f10e29f4\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"kernel-4.11.6-101.fc24\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:13:47", "description": "The 4.11.6 update contains a number of important fixes across the tree, including the recently announced 'stack clash'\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-06-26T00:00:00", "type": "nessus", "title": "Fedora 25 : kernel (2017-d7bc1b3056) (Stack Clash)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000364", "CVE-2017-1000365", "CVE-2017-1000370", "CVE-2017-1000371", "CVE-2017-1000379"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:25"], "id": "FEDORA_2017-D7BC1B3056.NASL", "href": "https://www.tenable.com/plugins/nessus/101037", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-d7bc1b3056.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101037);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-1000364\", \"CVE-2017-1000365\", \"CVE-2017-1000370\", \"CVE-2017-1000371\", \"CVE-2017-1000379\");\n script_xref(name:\"FEDORA\", value:\"2017-d7bc1b3056\");\n\n script_name(english:\"Fedora 25 : kernel (2017-d7bc1b3056) (Stack Clash)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 4.11.6 update contains a number of important fixes across the\ntree, including the recently announced 'stack clash'\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-d7bc1b3056\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'rsh_stack_clash_priv_esc.rb');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/26\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-1000364\", \"CVE-2017-1000365\", \"CVE-2017-1000370\", \"CVE-2017-1000371\", \"CVE-2017-1000379\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2017-d7bc1b3056\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"kernel-4.11.6-201.fc25\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:14:56", "description": "The 4.11.6 update contains a number of important fixes across the tree, including the recently announced 'stack clash'\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-07-17T00:00:00", "type": "nessus", "title": "Fedora 26 : kernel (2017-d3ed702fe4) (Stack Clash)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000364", "CVE-2017-1000365", "CVE-2017-1000370", "CVE-2017-1000371", "CVE-2017-1000379"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2017-D3ED702FE4.NASL", "href": "https://www.tenable.com/plugins/nessus/101723", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-d3ed702fe4.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101723);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-1000364\", \"CVE-2017-1000365\", \"CVE-2017-1000370\", \"CVE-2017-1000371\", \"CVE-2017-1000379\");\n script_xref(name:\"FEDORA\", value:\"2017-d3ed702fe4\");\n\n script_name(english:\"Fedora 26 : kernel (2017-d3ed702fe4) (Stack Clash)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 4.11.6 update contains a number of important fixes across the\ntree, including the recently announced 'stack clash'\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-d3ed702fe4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'rsh_stack_clash_priv_esc.rb');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/17\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-1000364\", \"CVE-2017-1000365\", \"CVE-2017-1000370\", \"CVE-2017-1000371\", \"CVE-2017-1000379\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2017-d3ed702fe4\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"kernel-4.11.6-301.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-04T14:37:19", "description": "USN-3468-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04.\nThis update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS.\n\nIt was discovered that the KVM subsystem in the Linux kernel did not properly bound guest IRQs. A local attacker in a guest VM could use this to cause a denial of service (host system crash).\n(CVE-2017-1000252)\n\nIt was discovered that the Flash-Friendly File System (f2fs) implementation in the Linux kernel did not properly validate superblock metadata. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2017-10663)\n\nAnthony Perard discovered that the Xen virtual block driver did not properly initialize some data structures before passing them to user space. A local attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs.\n(CVE-2017-10911)\n\nIt was discovered that a use-after-free vulnerability existed in the POSIX message queue implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-11176)\n\nDave Chinner discovered that the XFS filesystem did not enforce that the realtime inode flag was settable only on filesystems on a realtime device. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-14340).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-11-01T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : linux-hwe vulnerabilities (USN-3468-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000252", "CVE-2017-10663", "CVE-2017-10911", "CVE-2017-11176", "CVE-2017-14340"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-16.04", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "UBUNTU_USN-3468-2.NASL", "href": "https://www.tenable.com/plugins/nessus/104318", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3468-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104318);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2017-1000252\", \"CVE-2017-10663\", \"CVE-2017-10911\", \"CVE-2017-11176\", \"CVE-2017-14340\");\n script_xref(name:\"USN\", value:\"3468-2\");\n\n script_name(english:\"Ubuntu 16.04 LTS : linux-hwe vulnerabilities (USN-3468-2)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"USN-3468-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04.\nThis update provides the corresponding updates for the Linux Hardware\nEnablement (HWE) kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS.\n\nIt was discovered that the KVM subsystem in the Linux kernel did not\nproperly bound guest IRQs. A local attacker in a guest VM could use\nthis to cause a denial of service (host system crash).\n(CVE-2017-1000252)\n\nIt was discovered that the Flash-Friendly File System (f2fs)\nimplementation in the Linux kernel did not properly validate\nsuperblock metadata. A local attacker could use this to cause a denial\nof service (system crash) or possibly execute arbitrary code.\n(CVE-2017-10663)\n\nAnthony Perard discovered that the Xen virtual block driver did not\nproperly initialize some data structures before passing them to user\nspace. A local attacker in a guest VM could use this to expose\nsensitive information from the host OS or other guest VMs.\n(CVE-2017-10911)\n\nIt was discovered that a use-after-free vulnerability existed in the\nPOSIX message queue implementation in the Linux kernel. A local\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2017-11176)\n\nDave Chinner discovered that the XFS filesystem did not enforce that\nthe realtime inode flag was settable only on filesystems on a realtime\ndevice. A local attacker could use this to cause a denial of service\n(system crash). (CVE-2017-14340).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3468-2/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-1000252\", \"CVE-2017-10663\", \"CVE-2017-10911\", \"CVE-2017-11176\", \"CVE-2017-14340\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3468-2\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.10.0-38-generic\", pkgver:\"4.10.0-38.42~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.10.0-38-generic-lpae\", pkgver:\"4.10.0-38.42~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.10.0-38-lowlatency\", pkgver:\"4.10.0-38.42~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-hwe-16.04\", pkgver:\"4.10.0.38.40\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-lpae-hwe-16.04\", pkgver:\"4.10.0.38.40\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-lowlatency-hwe-16.04\", pkgver:\"4.10.0.38.40\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.10-generic / linux-image-4.10-generic-lpae / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-04T14:37:19", "description": "It was discovered that the KVM subsystem in the Linux kernel did not properly bound guest IRQs. A local attacker in a guest VM could use this to cause a denial of service (host system crash).\n(CVE-2017-1000252)\n\nIt was discovered that the Flash-Friendly File System (f2fs) implementation in the Linux kernel did not properly validate superblock metadata. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2017-10663)\n\nAnthony Perard discovered that the Xen virtual block driver did not properly initialize some data structures before passing them to user space. A local attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs.\n(CVE-2017-10911)\n\nIt was discovered that a use-after-free vulnerability existed in the POSIX message queue implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-11176)\n\nDave Chinner discovered that the XFS filesystem did not enforce that the realtime inode flag was settable only on filesystems on a realtime device. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-14340).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-11-01T00:00:00", "type": "nessus", "title": "Ubuntu 17.04 : linux, linux-raspi2 vulnerabilities (USN-3468-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000252", "CVE-2017-10663", "CVE-2017-10911", "CVE-2017-11176", "CVE-2017-14340"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "cpe:/o:canonical:ubuntu_linux:17.04"], "id": "UBUNTU_USN-3468-1.NASL", "href": "https://www.tenable.com/plugins/nessus/104317", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3468-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104317);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2017-1000252\", \"CVE-2017-10663\", \"CVE-2017-10911\", \"CVE-2017-11176\", \"CVE-2017-14340\");\n script_xref(name:\"USN\", value:\"3468-1\");\n\n script_name(english:\"Ubuntu 17.04 : linux, linux-raspi2 vulnerabilities (USN-3468-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that the KVM subsystem in the Linux kernel did not\nproperly bound guest IRQs. A local attacker in a guest VM could use\nthis to cause a denial of service (host system crash).\n(CVE-2017-1000252)\n\nIt was discovered that the Flash-Friendly File System (f2fs)\nimplementation in the Linux kernel did not properly validate\nsuperblock metadata. A local attacker could use this to cause a denial\nof service (system crash) or possibly execute arbitrary code.\n(CVE-2017-10663)\n\nAnthony Perard discovered that the Xen virtual block driver did not\nproperly initialize some data structures before passing them to user\nspace. A local attacker in a guest VM could use this to expose\nsensitive information from the host OS or other guest VMs.\n(CVE-2017-10911)\n\nIt was discovered that a use-after-free vulnerability existed in the\nPOSIX message queue implementation in the Linux kernel. A local\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2017-11176)\n\nDave Chinner discovered that the XFS filesystem did not enforce that\nthe realtime inode flag was settable only on filesystems on a realtime\ndevice. A local attacker could use this to cause a denial of service\n(system crash). (CVE-2017-14340).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3468-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(17\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 17.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-1000252\", \"CVE-2017-10663\", \"CVE-2017-10911\", \"CVE-2017-11176\", \"CVE-2017-14340\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3468-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-4.10.0-1020-raspi2\", pkgver:\"4.10.0-1020.23\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-4.10.0-38-generic\", pkgver:\"4.10.0-38.42\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-4.10.0-38-generic-lpae\", pkgver:\"4.10.0-38.42\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-4.10.0-38-lowlatency\", pkgver:\"4.10.0-38.42\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-generic\", pkgver:\"4.10.0.38.38\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-generic-lpae\", pkgver:\"4.10.0.38.38\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-lowlatency\", pkgver:\"4.10.0.38.38\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-raspi2\", pkgver:\"4.10.0.1020.21\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.10-generic / linux-image-4.10-generic-lpae / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-04T14:37:06", "description": "It was discovered that the KVM subsystem in the Linux kernel did not properly bound guest IRQs. A local attacker in a guest VM could use this to cause a denial of service (host system crash).\n(CVE-2017-1000252)\n\nIt was discovered that the Flash-Friendly File System (f2fs) implementation in the Linux kernel did not properly validate superblock metadata. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2017-10663)\n\nAnthony Perard discovered that the Xen virtual block driver did not properly initialize some data structures before passing them to user space. A local attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs.\n(CVE-2017-10911)\n\nIt was discovered that a use-after-free vulnerability existed in the POSIX message queue implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-11176)\n\nDave Chinner discovered that the XFS filesystem did not enforce that the realtime inode flag was settable only on filesystems on a realtime device. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-14340).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-11-01T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : linux-gcp vulnerabilities (USN-3468-3)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000252", "CVE-2017-10663", "CVE-2017-10911", "CVE-2017-11176", "CVE-2017-14340"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "UBUNTU_USN-3468-3.NASL", "href": "https://www.tenable.com/plugins/nessus/104319", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3468-3. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104319);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2017-1000252\", \"CVE-2017-10663\", \"CVE-2017-10911\", \"CVE-2017-11176\", \"CVE-2017-14340\");\n script_xref(name:\"USN\", value:\"3468-3\");\n\n script_name(english:\"Ubuntu 16.04 LTS : linux-gcp vulnerabilities (USN-3468-3)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that the KVM subsystem in the Linux kernel did not\nproperly bound guest IRQs. A local attacker in a guest VM could use\nthis to cause a denial of service (host system crash).\n(CVE-2017-1000252)\n\nIt was discovered that the Flash-Friendly File System (f2fs)\nimplementation in the Linux kernel did not properly validate\nsuperblock metadata. A local attacker could use this to cause a denial\nof service (system crash) or possibly execute arbitrary code.\n(CVE-2017-10663)\n\nAnthony Perard discovered that the Xen virtual block driver did not\nproperly initialize some data structures before passing them to user\nspace. A local attacker in a guest VM could use this to expose\nsensitive information from the host OS or other guest VMs.\n(CVE-2017-10911)\n\nIt was discovered that a use-after-free vulnerability existed in the\nPOSIX message queue implementation in the Linux kernel. A local\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2017-11176)\n\nDave Chinner discovered that the XFS filesystem did not enforce that\nthe realtime inode flag was settable only on filesystems on a realtime\ndevice. A local attacker could use this to cause a denial of service\n(system crash). (CVE-2017-14340).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3468-3/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected linux-image-4.10-gcp and / or linux-image-gcp\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-1000252\", \"CVE-2017-10663\", \"CVE-2017-10911\", \"CVE-2017-11176\", \"CVE-2017-14340\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3468-3\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.10.0-1008-gcp\", pkgver:\"4.10.0-1008.8\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-gcp\", pkgver:\"4.10.0.1008.10\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.10-gcp / linux-image-gcp\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-21T14:18:32", "description": "According to the version of the vzkernel package and the readykernel-patch installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities :\n\n - A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets are implemented in the Linux kernel networking subsystem handling synchronization. A local user able to open a raw packet socket (requires the CAP_NET_RAW capability) could use this flaw to elevate their privileges on the system.\n\n - Andrey Konovalov discovered a race condition in the UDP Fragmentation Offload (UFO) code in the Linux kernel. A local attacker could use this to cause a denial of service or execute arbitrary code.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-08-21T00:00:00", "type": "nessus", "title": "Virtuozzo 7 : readykernel-patch (VZA-2017-073)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000111", "CVE-2017-1000112"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:virtuozzo:virtuozzo:readykernel", "cpe:/o:virtuozzo:virtuozzo:7"], "id": "VIRTUOZZO_VZA-2017-073.NASL", "href": "https://www.tenable.com/plugins/nessus/102593", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102593);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\n \"CVE-2017-1000111\",\n \"CVE-2017-1000112\"\n );\n\n script_name(english:\"Virtuozzo 7 : readykernel-patch (VZA-2017-073)\");\n script_summary(english:\"Checks the readykernel output for the updated patch.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the vzkernel package and the\nreadykernel-patch installed, the Virtuozzo installation on the remote\nhost is affected by the following vulnerabilities :\n\n - A race condition issue leading to a use-after-free flaw\n was found in the way the raw packet sockets are\n implemented in the Linux kernel networking subsystem\n handling synchronization. A local user able to open a\n raw packet socket (requires the CAP_NET_RAW capability)\n could use this flaw to elevate their privileges on the\n system.\n\n - Andrey Konovalov discovered a race condition in the UDP\n Fragmentation Offload (UFO) code in the Linux kernel. A\n local attacker could use this to cause a denial of\n service or execute arbitrary code.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://help.virtuozzo.com/customer/portal/articles/2860787\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-33.22-29.1-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2bd516c2\");\n script_set_attribute(attribute:\"solution\", value:\"Update the readykernel patch.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux Kernel UDP Fragmentation Offset (UFO) Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:readykernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\", \"Host/readykernel-info\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"readykernel.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 7.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nrk_info = get_kb_item(\"Host/readykernel-info\");\nif (empty_or_null(rk_info)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\n\nchecks = make_list2(\n make_array(\n \"kernel\",\"vzkernel-3.10.0-514.26.1.vz7.33.22\",\n \"patch\",\"readykernel-patch-33.22-29.1-1.vl7\"\n )\n);\nreadykernel_execute_checks(checks:checks, severity:SECURITY_HOLE, release:\"Virtuozzo-7\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:17:22", "description": "Andrey Konovalov discovered a race condition in the UDP Fragmentation Offload (UFO) code in the Linux kernel. A local attacker could use this to cause a denial of service or execute arbitrary code.\n(CVE-2017-1000112)\n\nAndrey Konovalov discovered a race condition in AF_PACKET socket option handling code in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2017-1000111).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-08-11T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : linux, linux-aws, linux-gke, linux-raspi2, linux-snapdragon vulnerabilities (USN-3385-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000111", "CVE-2017-1000112"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "UBUNTU_USN-3385-1.NASL", "href": "https://www.tenable.com/plugins/nessus/102420", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3385-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(102420);\n script_version(\"3.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2017-1000111\", \"CVE-2017-1000112\");\n script_xref(name:\"USN\", value:\"3385-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS : linux, linux-aws, linux-gke, linux-raspi2, linux-snapdragon vulnerabilities (USN-3385-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Andrey Konovalov discovered a race condition in the UDP Fragmentation\nOffload (UFO) code in the Linux kernel. A local attacker could use\nthis to cause a denial of service or execute arbitrary code.\n(CVE-2017-1000112)\n\nAndrey Konovalov discovered a race condition in AF_PACKET socket\noption handling code in the Linux kernel. A local unprivileged\nattacker could use this to cause a denial of service or possibly\nexecute arbitrary code. (CVE-2017-1000111).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3385-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux Kernel UDP Fragmentation Offset (UFO) Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-1000111\", \"CVE-2017-1000112\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3385-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1026-gke\", pkgver:\"4.4.0-1026.26\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1030-aws\", pkgver:\"4.4.0-1030.39\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1069-raspi2\", pkgver:\"4.4.0-1069.77\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1071-snapdragon\", pkgver:\"4.4.0-1071.76\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-91-generic\", pkgver:\"4.4.0-91.114\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-91-generic-lpae\", pkgver:\"4.4.0-91.114\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-91-lowlatency\", pkgver:\"4.4.0-91.114\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-aws\", pkgver:\"4.4.0.1030.32\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic\", pkgver:\"4.4.0.91.96\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-lpae\", pkgver:\"4.4.0.91.96\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-gke\", pkgver:\"4.4.0.1026.27\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-lowlatency\", pkgver:\"4.4.0.91.96\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-raspi2\", pkgver:\"4.4.0.1069.69\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-snapdragon\", pkgver:\"4.4.0.1071.63\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.4-aws / linux-image-4.4-generic / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:17:21", "description": "USN-3385-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS.\n\nAndrey Konovalov discovered a race condition in the UDP Fragmentation Offload (UFO) code in the Linux kernel. A local attacker could use this to cause a denial of service or execute arbitrary code.\n(CVE-2017-1000112)\n\nAndrey Konovalov discovered a race condition in AF_PACKET socket option handling code in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2017-1000111).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-08-11T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : linux-lts-xenial vulnerabilities (USN-3385-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000111", "CVE-2017-1000112"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-xenial", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3385-2.NASL", "href": "https://www.tenable.com/plugins/nessus/102421", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3385-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(102421);\n script_version(\"3.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2017-1000111\", \"CVE-2017-1000112\");\n script_xref(name:\"USN\", value:\"3385-2\");\n\n script_name(english:\"Ubuntu 14.04 LTS : linux-lts-xenial vulnerabilities (USN-3385-2)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"USN-3385-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04\nLTS. This update provides the corresponding updates for the Linux\nHardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu\n14.04 LTS.\n\nAndrey Konovalov discovered a race condition in the UDP Fragmentation\nOffload (UFO) code in the Linux kernel. A local attacker could use\nthis to cause a denial of service or execute arbitrary code.\n(CVE-2017-1000112)\n\nAndrey Konovalov discovered a race condition in AF_PACKET socket\noption handling code in the Linux kernel. A local unprivileged\nattacker could use this to cause a denial of service or possibly\nexecute arbitrary code. (CVE-2017-1000111).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3385-2/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux Kernel UDP Fragmentation Offset (UFO) Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-1000111\", \"CVE-2017-1000112\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3385-2\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.4.0-91-generic\", pkgver:\"4.4.0-91.114~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.4.0-91-generic-lpae\", pkgver:\"4.4.0-91.114~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.4.0-91-lowlatency\", pkgver:\"4.4.0-91.114~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-generic-lpae-lts-xenial\", pkgver:\"4.4.0.91.75\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-generic-lts-xenial\", pkgver:\"4.4.0.91.75\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-lowlatency-lts-xenial\", pkgver:\"4.4.0.91.75\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.4-generic / linux-image-4.4-generic-lpae / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:16:48", "description": "Andrey Konovalov discovered a race condition in the UDP Fragmentation Offload (UFO) code in the Linux kernel. A local attacker could use this to cause a denial of service or execute arbitrary code.\n(CVE-2017-1000112)\n\nAndrey Konovalov discovered a race condition in AF_PACKET socket option handling code in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2017-1000111).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-08-11T00:00:00", "type": "nessus", "title": "Ubuntu 17.04 : linux, linux-raspi2 vulnerabilities (USN-3384-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000111", "CVE-2017-1000112"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "cpe:/o:canonical:ubuntu_linux:17.04"], "id": "UBUNTU_USN-3384-1.NASL", "href": "https://www.tenable.com/plugins/nessus/102418", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3384-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(102418);\n script_version(\"3.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2017-1000111\", \"CVE-2017-1000112\");\n script_xref(name:\"USN\", value:\"3384-1\");\n\n script_name(english:\"Ubuntu 17.04 : linux, linux-raspi2 vulnerabilities (USN-3384-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Andrey Konovalov discovered a race condition in the UDP Fragmentation\nOffload (UFO) code in the Linux kernel. A local attacker could use\nthis to cause a denial of service or execute arbitrary code.\n(CVE-2017-1000112)\n\nAndrey Konovalov discovered a race condition in AF_PACKET socket\noption handling code in the Linux kernel. A local unprivileged\nattacker could use this to cause a denial of service or possibly\nexecute arbitrary code. (CVE-2017-1000111).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3384-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux Kernel UDP Fragmentation Offset (UFO) Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(17\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 17.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-1000111\", \"CVE-2017-1000112\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3384-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-4.10.0-1015-raspi2\", pkgver:\"4.10.0-1015.18\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-4.10.0-32-generic\", pkgver:\"4.10.0-32.36\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-4.10.0-32-generic-lpae\", pkgver:\"4.10.0-32.36\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-4.10.0-32-lowlatency\", pkgver:\"4.10.0-32.36\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-generic\", pkgver:\"4.10.0.32.32\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-generic-lpae\", pkgver:\"4.10.0.32.32\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-lowlatency\", pkgver:\"4.10.0.32.32\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-raspi2\", pkgver:\"4.10.0.1015.16\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.10-generic / linux-image-4.10-generic-lpae / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:17:22", "description": "The SUSE Linux Enterprise 12 kernel was updated to 3.12.61 to the following security updates :\n\n - CVE-2017-1000111: fix race condition in net-packet code that could be exploited to cause out-of-bounds memory access (bsc#1052365).\n\n - CVE-2017-1000112: fix race condition in net-packet code that could have been exploited by unprivileged users to gain root access. (bsc#1052311).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-08-14T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2142-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000111", "CVE-2017-1000112"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-xen", "p-cpe:/a:novell:suse_linux:kernel-xen-base", "p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-xen-debugsource", "p-cpe:/a:novell:suse_linux:kernel-xen-devel", "p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_61-52_86-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_61-52_86-xen", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-2142-1.NASL", "href": "https://www.tenable.com/plugins/nessus/102475", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:2142-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102475);\n script_version(\"3.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-1000111\", \"CVE-2017-1000112\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2142-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 12 kernel was updated to 3.12.61 to the\nfollowing security updates :\n\n - CVE-2017-1000111: fix race condition in net-packet code\n that could be exploited to cause out-of-bounds memory\n access (bsc#1052365).\n\n - CVE-2017-1000112: fix race condition in net-packet code\n that could have been exploited by unprivileged users to\n gain root access. (bsc#1052311).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052311\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052365\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-1000111/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-1000112/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20172142-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?73414783\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12:zypper in -t patch\nSUSE-SLE-SAP-12-2017-1327=1\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2017-1327=1\n\nSUSE Linux Enterprise Module for Public Cloud 12:zypper in -t patch\nSUSE-SLE-Module-Public-Cloud-12-2017-1327=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux Kernel UDP Fragmentation Offset (UFO) Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_61-52_86-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_61-52_86-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-3.12.61-52.86.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.12.61-52.86.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-base-debuginfo-3.12.61-52.86.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-3.12.61-52.86.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-3.12.61-52.86.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.12.61-52.86.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_61-52_86-default-1-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_61-52_86-xen-1-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-default-man-3.12.61-52.86.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-3.12.61-52.86.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-base-3.12.61-52.86.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-base-debuginfo-3.12.61-52.86.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-debuginfo-3.12.61-52.86.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-debugsource-3.12.61-52.86.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-devel-3.12.61-52.86.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-syms-3.12.61-52.86.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:16:48", "description": "USN-3384-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04.\nThis update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS.\n\nAndrey Konovalov discovered a race condition in the UDP Fragmentation Offload (UFO) code in the Linux kernel. A local attacker could use this to cause a denial of service or execute arbitrary code.\n(CVE-2017-1000112)\n\nAndrey Konovalov discovered a race condition in AF_PACKET socket option handling code in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2017-1000111).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-08-11T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : linux-hwe vulnerabilities (USN-3384-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000111", "CVE-2017-1000112"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-16.04", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "UBUNTU_USN-3384-2.NASL", "href": "https://www.tenable.com/plugins/nessus/102419", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3384-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(102419);\n script_version(\"3.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2017-1000111\", \"CVE-2017-1000112\");\n script_xref(name:\"USN\", value:\"3384-2\");\n\n script_name(english:\"Ubuntu 16.04 LTS : linux-hwe vulnerabilities (USN-3384-2)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"USN-3384-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04.\nThis update provides the corresponding updates for the Linux Hardware\nEnablement (HWE) kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS.\n\nAndrey Konovalov discovered a race condition in the UDP Fragmentation\nOffload (UFO) code in the Linux kernel. A local attacker could use\nthis to cause a denial of service or execute arbitrary code.\n(CVE-2017-1000112)\n\nAndrey Konovalov discovered a race condition in AF_PACKET socket\noption handling code in the Linux kernel. A local unprivileged\nattacker could use this to cause a denial of service or possibly\nexecute arbitrary code. (CVE-2017-1000111).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3384-2/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux Kernel UDP Fragmentation Offset (UFO) Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-1000111\", \"CVE-2017-1000112\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3384-2\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.10.0-32-generic\", pkgver:\"4.10.0-32.36~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.10.0-32-generic-lpae\", pkgver:\"4.10.0-32.36~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.10.0-32-lowlatency\", pkgver:\"4.10.0-32.36~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-hwe-16.04\", pkgver:\"4.10.0.32.34\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-lpae-hwe-16.04\", pkgver:\"4.10.0.32.34\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-lowlatency-hwe-16.04\", pkgver:\"4.10.0.32.34\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.10-generic / linux-image-4.10-generic-lpae / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:16:49", "description": "The SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.74 to receive various security and bugfixes. The following security bugs were fixed :\n\n - CVE-2017-1000111: fix race condition in net-packet code that could be exploited to cause out-of-bounds memory access (bsc#1052365).\n\n - CVE-2017-1000112: fix race condition in net-packet code that could have been exploited by unprivileged users to gain root access. (bsc#1052311).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-08-11T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:2131-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000111", "CVE-2017-1000112"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-extra", "p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-2131-1.NASL", "href": "https://www.tenable.com/plugins/nessus/102415", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:2131-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102415);\n script_version(\"3.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-1000111\", \"CVE-2017-1000112\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:2131-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.74 to\nreceive various security and bugfixes. The following security bugs\nwere fixed :\n\n - CVE-2017-1000111: fix race condition in net-packet code\n that could be exploited to cause out-of-bounds memory\n access (bsc#1052365).\n\n - CVE-2017-1000112: fix race condition in net-packet code\n that could have been exploited by unprivileged users to\n gain root access. (bsc#1052311).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1038078\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043652\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048914\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052311\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052365\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-1000111/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-1000112/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20172131-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?71e11132\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP2:zypper in -t patch\nSUSE-SLE-WE-12-SP2-2017-1319=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2017-1319=1\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2017-1319=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2017-1319=1\n\nSUSE Linux Enterprise Live Patching 12:zypper in -t patch\nSUSE-SLE-Live-Patching-12-2017-1319=1\n\nSUSE Linux Enterprise High Availability 12-SP2:zypper in -t patch\nSUSE-SLE-HA-12-SP2-2017-1319=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2017-1319=1\n\nSUSE Container as a Service Platform ALL:zypper in -t patch\nSUSE-CAASP-ALL-2017-1319=1\n\nOpenStack Cloud Magnum Orchestration 7:zypper in -t patch\nSUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-1319=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux Kernel UDP Fragmentation Offset (UFO) Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"s390x\", reference:\"kernel-default-man-4.4.74-92.35.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-4.4.74-92.35.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-base-4.4.74-92.35.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-base-debuginfo-4.4.74-92.35.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-debuginfo-4.4.74-92.35.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-debugsource-4.4.74-92.35.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-devel-4.4.74-92.35.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-syms-4.4.74-92.35.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-4.4.74-92.35.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-debuginfo-4.4.74-92.35.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-debugsource-4.4.74-92.35.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-devel-4.4.74-92.35.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-extra-4.4.74-92.35.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-extra-debuginfo-4.4.74-92.35.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-syms-4.4.74-92.35.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:17:48", "description": "Andrey Konovalov discovered a race condition in the UDP Fragmentation Offload (UFO) code in the Linux kernel. A local attacker could use this to cause a denial of service or execute arbitrary code.\n(CVE-2017-1000112)\n\nAndrey Konovalov discovered a race condition in AF_PACKET socket option handling code in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2017-1000111).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-08-11T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : linux vulnerabilities (USN-3386-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000111", "CVE-2017-1000112"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3386-1.NASL", "href": "https://www.tenable.com/plugins/nessus/102422", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3386-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(102422);\n script_version(\"3.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2017-1000111\", \"CVE-2017-1000112\");\n script_xref(name:\"USN\", value:\"3386-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS : linux vulnerabilities (USN-3386-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Andrey Konovalov discovered a race condition in the UDP Fragmentation\nOffload (UFO) code in the Linux kernel. A local attacker could use\nthis to cause a denial of service or execute arbitrary code.\n(CVE-2017-1000112)\n\nAndrey Konovalov discovered a race condition in AF_PACKET socket\noption handling code in the Linux kernel. A local unprivileged\nattacker could use this to cause a denial of service or possibly\nexecute arbitrary code. (CVE-2017-1000111).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3386-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux Kernel UDP Fragmentation Offset (UFO) Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-1000111\", \"CVE-2017-1000112\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3386-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-128-generic\", pkgver:\"3.13.0-128.177\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-128-generic-lpae\", pkgver:\"3.13.0-128.177\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-128-lowlatency\", pkgver:\"3.13.0-128.177\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-generic\", pkgver:\"3.13.0.128.137\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-generic-lpae\", pkgver:\"3.13.0.128.137\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-lowlatency\", pkgver:\"3.13.0.128.137\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.13-generic / linux-image-3.13-generic-lpae / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:17:53", "description": "According to the version of the vzkernel package and the readykernel-patch installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities :\n\n - A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets are implemented in the Linux kernel networking subsystem handling synchronization. A local user able to open a raw packet socket (requires the CAP_NET_RAW capability) could use this flaw to elevate their privileges on the system.\n\n - Andrey Konovalov discovered a race condition in the UDP Fragmentation Offload (UFO) code in the Linux kernel. A local attacker could use this to cause a denial of service or execute arbitrary code.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-08-21T00:00:00", "type": "nessus", "title": "Virtuozzo 7 : readykernel-patch (VZA-2017-072)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000111", "CVE-2017-1000112"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:virtuozzo:virtuozzo:readykernel", "cpe:/o:virtuozzo:virtuozzo:7"], "id": "VIRTUOZZO_VZA-2017-072.NASL", "href": "https://www.tenable.com/plugins/nessus/102592", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102592);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\n \"CVE-2017-1000111\",\n \"CVE-2017-1000112\"\n );\n\n script_name(english:\"Virtuozzo 7 : readykernel-patch (VZA-2017-072)\");\n script_summary(english:\"Checks the readykernel output for the updated patch.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the vzkernel package and the\nreadykernel-patch installed, the Virtuozzo installation on the remote\nhost is affected by the following vulnerabilities :\n\n - A race condition issue leading to a use-after-free flaw\n was found in the way the raw packet sockets are\n implemented in the Linux kernel networking subsystem\n handling synchronization. A local user able to open a\n raw packet socket (requires the CAP_NET_RAW capability)\n could use this flaw to elevate their privileges on the\n system.\n\n - Andrey Konovalov discovered a race condition in the UDP\n Fragmentation Offload (UFO) code in the Linux kernel. A\n local attacker could use this to cause a denial of\n service or execute arbitrary code.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://help.virtuozzo.com/customer/portal/articles/2860785\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-30.10-29.0-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f3a07813\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-30.15-29.0-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?13d1f21f\");\n script_set_attribute(attribute:\"solution\", value:\"Update the readykernel patch.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux Kernel UDP Fragmentation Offset (UFO) Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:readykernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\", \"Host/readykernel-info\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"readykernel.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 7.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nrk_info = get_kb_item(\"Host/readykernel-info\");\nif (empty_or_null(rk_info)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\n\nchecks = make_list2(\n make_array(\n \"kernel\",\"vzkernel-3.10.0-514.16.1.vz7.30.10\",\n \"patch\",\"readykernel-patch-30.10-29.0-1.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-514.16.1.vz7.30.15\",\n \"patch\",\"readykernel-patch-30.15-29.0-1.vl7\"\n )\n);\nreadykernel_execute_checks(checks:checks, severity:SECURITY_HOLE, release:\"Virtuozzo-7\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-21T14:18:32", "description": "According to the version of the vzkernel package and the readykernel-patch installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities :\n\n - A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets are implemented in the Linux kernel networking subsystem handling synchronization. A local user able to open a raw packet socket (requires the CAP_NET_RAW capability) could use this flaw to elevate their privileges on the system.\n\n - Andrey Konovalov discovered a race condition in the UDP Fragmentation Offload (UFO) code in the Linux kernel. A local attacker could use this to cause a denial of service or execute arbitrary code.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-08-21T00:00:00", "type": "nessus", "title": "Virtuozzo 7 : readykernel-patch (VZA-2017-071)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000111", "CVE-2017-1000112"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:virtuozzo:virtuozzo:readykernel", "cpe:/o:virtuozzo:virtuozzo:7"], "id": "VIRTUOZZO_VZA-2017-071.NASL", "href": "https://www.tenable.com/plugins/nessus/102591", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102591);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\n \"CVE-2017-1000111\",\n \"CVE-2017-1000112\"\n );\n\n script_name(english:\"Virtuozzo 7 : readykernel-patch (VZA-2017-071)\");\n script_summary(english:\"Checks the readykernel output for the updated patch.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the vzkernel package and the\nreadykernel-patch installed, the Virtuozzo installation on the remote\nhost is affected by the following vulnerabilities :\n\n - A race condition issue leading to a use-after-free flaw\n was found in the way the raw packet sockets are\n implemented in the Linux kernel networking subsystem\n handling synchronization. A local user able to open a\n raw packet socket (requires the CAP_NET_RAW capability)\n could use this flaw to elevate their privileges on the\n system.\n\n - Andrey Konovalov discovered a race condition in the UDP\n Fragmentation Offload (UFO) code in the Linux kernel. A\n local attacker could use this to cause a denial of\n service or execute arbitrary code.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://help.virtuozzo.com/customer/portal/articles/2860784\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-15.2-29.0-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4df481da\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-18.7-29.0-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d315d201\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-20.18-29.0-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0541aa0f\");\n script_set_attribute(attribute:\"solution\", value:\"Update the readykernel patch.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux Kernel UDP Fragmentation Offset (UFO) Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:readykernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\", \"Host/readykernel-info\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"readykernel.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 7.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nrk_info = get_kb_item(\"Host/readykernel-info\");\nif (empty_or_null(rk_info)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\n\nchecks = make_list2(\n make_array(\n \"kernel\",\"vzkernel-3.10.0-327.18.2.vz7.15.2\",\n \"patch\",\"readykernel-patch-15.2-29.0-1.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-327.36.1.vz7.18.7\",\n \"patch\",\"readykernel-patch-18.7-29.0-1.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-327.36.1.vz7.20.18\",\n \"patch\",\"readykernel-patch-20.18-29.0-1.vl7\"\n )\n);\nreadykernel_execute_checks(checks:checks, severity:SECURITY_HOLE, release:\"Virtuozzo-7\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:16:29", "description": "The SUSE Linux Enterprise 12 SP1 kernel was updated to 3.12.74 to the following security updates :\n\n - CVE-2017-1000111: fix race condition in net-packet code that could be exploited to cause out-of-bounds memory access (bsc#1052365).\n\n - CVE-2017-1000112: fix race condition in net-packet code that could have been exploited by unprivileged users to gain root access. (bsc#1052311).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-08-14T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2150-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000111", "CVE-2017-1000112"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-xen", "p-cpe:/a:novell:suse_linux:kernel-xen-base", "p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-xen-debugsource", "p-cpe:/a:novell:suse_linux:kernel-xen-devel", "p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_74-60_64_54-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_74-60_64_54-xen", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-2150-1.NASL", "href": "https://www.tenable.com/plugins/nessus/102478", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:2150-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102478);\n script_version(\"3.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-1000111\", \"CVE-2017-1000112\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2150-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 12 SP1 kernel was updated to 3.12.74 to the\nfollowing security updates :\n\n - CVE-2017-1000111: fix race condition in net-packet code\n that could be exploited to cause out-of-bounds memory\n access (bsc#1052365).\n\n - CVE-2017-1000112: fix race condition in net-packet code\n that could have been exploited by unprivileged users to\n gain root access. (bsc#1052311).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052311\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052365\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-1000111/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-1000112/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20172150-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5c0f9e64\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 6:zypper in -t patch\nSUSE-OpenStack-Cloud-6-2017-1328=1\n\nSUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch\nSUSE-SLE-SAP-12-SP1-2017-1328=1\n\nSUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2017-1328=1\n\nSUSE Linux Enterprise Module for Public Cloud 12:zypper in -t patch\nSUSE-SLE-Module-Public-Cloud-12-2017-1328=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux Kernel UDP Fragmentation Offset (UFO) Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_74-60_64_54-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_74-60_64_54-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-3.12.74-60.64.54.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.12.74-60.64.54.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-base-debuginfo-3.12.74-60.64.54.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-3.12.74-60.64.54.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-3.12.74-60.64.54.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.12.74-60.64.54.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_74-60_64_54-default-1-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_74-60_64_54-xen-1-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-default-man-3.12.74-60.64.54.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-3.12.74-60.64.54.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-base-3.12.74-60.64.54.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-base-debuginfo-3.12.74-60.64.54.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-debuginfo-3.12.74-60.64.54.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-debugsource-3.12.74-60.64.54.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-devel-3.12.74-60.64.54.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-syms-3.12.74-60.64.54.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-04T14:36:52", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - The mq_notify function in the Linux kernel through 4.11.9 does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allows attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact.(CVE-2017-11176)\n\n - The brcmf_cfg80211_mgmt_tx function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/ cfg80211.c in the Linux kernel before 4.12.3 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted NL80211_CMD_FRAME Netlink packet.(CVE-2017-7541)\n\n - The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel through 4.12.3 allows local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket.(CVE-2017-7542)\n\n - Buffer overflow in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c in the Linux kernel through 4.12.2 allows local users to gain privileges via a crafted ACPI table.(CVE-2017-11473)\n\n - net/xfrm/xfrm_policy.c in the Linux kernel through 4.12.3, when CONFIG_XFRM_MIGRATE is enabled, does not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allows local users to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via an XFRM_MSG_MIGRATE xfrm Netlink message.(CVE-2017-11600)\n\n - It was discovered that root can gain direct access to an internal keyring, such as '.dns_resolver' in RHEL-7 or '.builtin_trusted_keys' upstream, by joining it as its session keyring. This allows root to bypass module signature verification by adding a new public key of its own devising to the keyring.(CVE-2016-9604)\n\n - A user-controlled buffer is copied into a local buffer of constant size using strcpy without a length check which can cause a buffer overflow. This affects the Linux kernel 4.9-stable tree, 4.12-stable tree, 3.18-stable tree, and 4.4-stable tree.(CVE-2017-12762)\n\n - The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but does not take the argument and environment pointers into account, which allows attackers to bypass this limitation. This affects Linux Kernel versions 4.11.5 and earlier. It appears that this feature was introduced in the Linux Kernel version 2.6.23.(CVE-2017-1000365)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-09-08T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP1 : kernel (EulerOS-SA-2017-1159)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9604", "CVE-2017-1000365", "CVE-2017-11176", "CVE-2017-11473", "CVE-2017-11600", "CVE-2017-12762", "CVE-2017-7541", "CVE-2017-7542"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-debug", "p-cpe:/a:huawei:euleros:kernel-debuginfo", "p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2017-1159.NASL", "href": "https://www.tenable.com/plugins/nessus/102997", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102997);\n script_version(\"3.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-9604\",\n \"CVE-2017-1000365\",\n \"CVE-2017-11176\",\n \"CVE-2017-11473\",\n \"CVE-2017-11600\",\n \"CVE-2017-12762\",\n \"CVE-2017-7541\",\n \"CVE-2017-7542\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : kernel (EulerOS-SA-2017-1159)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - The mq_notify function in the Linux kernel through\n 4.11.9 does not set the sock pointer to NULL upon entry\n into the retry logic. During a user-space close of a\n Netlink socket, it allows attackers to cause a denial\n of service (use-after-free) or possibly have\n unspecified other impact.(CVE-2017-11176)\n\n - The brcmf_cfg80211_mgmt_tx function in\n drivers/net/wireless/broadcom/brcm80211/brcmfmac/\n cfg80211.c in the Linux kernel before 4.12.3 allows\n local users to cause a denial of service (buffer\n overflow and system crash) or possibly gain privileges\n via a crafted NL80211_CMD_FRAME Netlink\n packet.(CVE-2017-7541)\n\n - The ip6_find_1stfragopt function in\n net/ipv6/output_core.c in the Linux kernel through\n 4.12.3 allows local users to cause a denial of service\n (integer overflow and infinite loop) by leveraging the\n ability to open a raw socket.(CVE-2017-7542)\n\n - Buffer overflow in the mp_override_legacy_irq()\n function in arch/x86/kernel/acpi/boot.c in the Linux\n kernel through 4.12.2 allows local users to gain\n privileges via a crafted ACPI table.(CVE-2017-11473)\n\n - net/xfrm/xfrm_policy.c in the Linux kernel through\n 4.12.3, when CONFIG_XFRM_MIGRATE is enabled, does not\n ensure that the dir value of xfrm_userpolicy_id is\n XFRM_POLICY_MAX or less, which allows local users to\n cause a denial of service (out-of-bounds access) or\n possibly have unspecified other impact via an\n XFRM_MSG_MIGRATE xfrm Netlink message.(CVE-2017-11600)\n\n - It was discovered that root can gain direct access to\n an internal keyring, such as '.dns_resolver' in RHEL-7\n or '.builtin_trusted_keys' upstream, by joining it as\n its session keyring. This allows root to bypass module\n signature verification by adding a new public key of\n its own devising to the keyring.(CVE-2016-9604)\n\n - A user-controlled buffer is copied into a local buffer\n of constant size using strcpy without a length check\n which can cause a buffer overflow. This affects the\n Linux kernel 4.9-stable tree, 4.12-stable tree,\n 3.18-stable tree, and 4.4-stable tree.(CVE-2017-12762)\n\n - The Linux Kernel imposes a size restriction on the\n arguments and environmental strings passed through\n RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but does\n not take the argument and environment pointers into\n account, which allows attackers to bypass this\n limitation. This affects Linux Kernel versions 4.11.5\n and earlier. It appears that this feature was\n introduced in the Linux Kernel version\n 2.6.23.(CVE-2017-1000365)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1159\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?dcc8f11e\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-229.49.1.142\",\n \"kernel-debug-3.10.0-229.49.1.142\",\n \"kernel-debuginfo-3.10.0-229.49.1.142\",\n \"kernel-debuginfo-common-x86_64-3.10.0-229.49.1.142\",\n \"kernel-devel-3.10.0-229.49.1.142\",\n \"kernel-headers-3.10.0-229.49.1.142\",\n \"kernel-tools-3.10.0-229.49.1.142\",\n \"kernel-tools-libs-3.10.0-229.49.1.142\",\n \"perf-3.10.0-229.49.1.142\",\n \"python-perf-3.10.0-229.49.1.142\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:16:58", "description": "The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.82 to receive various security and bugfixes. The following security bugs were fixed :\n\n - CVE-2017-1000111: Fixed a race condition in net-packet code that could be exploited to cause out-of-bounds memory access (bsc#1052365).\n\n - CVE-2017-1000112: Fixed a race condition in net-packet code that could have been exploited by unprivileged users to gain root access. (bsc#1052311).\n\n - CVE-2017-8831: The saa7164_bus_get function in drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact by changing a certain sequence-number value, aka a 'double fetch' vulnerability (bnc#1037994).\n\n - CVE-2017-7542: The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel allowed local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket (bnc#1049882).\n\n - CVE-2017-11473: Buffer overflow in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c in the Linux kernel allowed local users to gain privileges via a crafted ACPI table (bnc#1049603).\n\n - CVE-2017-7533: Race condition in the fsnotify implementation in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions (bnc#1049483 bnc#1050677).\n\n - CVE-2017-7541: The brcmf_cfg80211_mgmt_tx function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg8021 1.c in the Linux kernel allowed local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted NL80211_CMD_FRAME Netlink packet (bnc#1049645).\n\n - CVE-2017-10810: Memory leak in the virtio_gpu_object_create function in drivers/gpu/drm/virtio/virtgpu_object.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering object-initialization failures (bnc#1047277).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-08-30T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:2286-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000111", "CVE-2017-1000112", "CVE-2017-10810", "CVE-2017-11473", "CVE-2017-7533", "CVE-2017-7541", "CVE-2017-7542", "CVE-2017-8831"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-extra", "p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-2286-1.NASL", "href": "https://www.tenable.com/plugins/nessus/102838", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:2286-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102838);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-1000111\", \"CVE-2017-1000112\", \"CVE-2017-10810\", \"CVE-2017-11473\", \"CVE-2017-7533\", \"CVE-2017-7541\", \"CVE-2017-7542\", \"CVE-2017-8831\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:2286-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.82 to\nreceive various security and bugfixes. The following security bugs\nwere fixed :\n\n - CVE-2017-1000111: Fixed a race condition in net-packet\n code that could be exploited to cause out-of-bounds\n memory access (bsc#1052365).\n\n - CVE-2017-1000112: Fixed a race condition in net-packet\n code that could have been exploited by unprivileged\n users to gain root access. (bsc#1052311).\n\n - CVE-2017-8831: The saa7164_bus_get function in\n drivers/media/pci/saa7164/saa7164-bus.c in the Linux\n kernel allowed local users to cause a denial of service\n (out-of-bounds array access) or possibly have\n unspecified other impact by changing a certain\n sequence-number value, aka a 'double fetch'\n vulnerability (bnc#1037994).\n\n - CVE-2017-7542: The ip6_find_1stfragopt function in\n net/ipv6/output_core.c in the Linux kernel allowed local\n users to cause a denial of service (integer overflow and\n infinite loop) by leveraging the ability to open a raw\n socket (bnc#1049882).\n\n - CVE-2017-11473: Buffer overflow in the\n mp_override_legacy_irq() function in\n arch/x86/kernel/acpi/boot.c in the Linux kernel allowed\n local users to gain privileges via a crafted ACPI table\n (bnc#1049603).\n\n - CVE-2017-7533: Race condition in the fsnotify\n implementation in the Linux kernel allowed local users\n to gain privileges or cause a denial of service (memory\n corruption) via a crafted application that leverages\n simultaneous execution of the inotify_handle_event and\n vfs_rename functions (bnc#1049483 bnc#1050677).\n\n - CVE-2017-7541: The brcmf_cfg80211_mgmt_tx function in\n drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg8021\n 1.c in the Linux kernel allowed local users to cause a\n denial of service (buffer overflow and system crash) or\n possibly gain privileges via a crafted NL80211_CMD_FRAME\n Netlink packet (bnc#1049645).\n\n - CVE-2017-10810: Memory leak in the\n virtio_gpu_object_create function in\n drivers/gpu/drm/virtio/virtgpu_object.c in the Linux\n kernel allowed attackers to cause a denial of service\n (memory consumption) by triggering object-initialization\n failures (bnc#1047277).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005778\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1006180\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1011913\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012829\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013887\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1015337\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1015342\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1016119\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1019151\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1019695\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020645\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1022476\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1022600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1022604\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1023175\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1024346\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1024373\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1025461\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1026570\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1028173\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1028286\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1029693\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1030552\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031515\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031717\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031784\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1033587\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1034075\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1034113\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1034762\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1036215\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1036632\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1037344\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1037404\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1037838\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1037994\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1038078\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1038616\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1038792\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1039153\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1039348\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1039915\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1040307\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1040347\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1040351\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1041958\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042257\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042286\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042314\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042422\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042778\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043261\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043347\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043520\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043598\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043652\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043805\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043912\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044112\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044443\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044623\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044636\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045154\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045293\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045330\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045404\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045563\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045596\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045709\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045715\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045866\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045922\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045937\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046105\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046170\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046434\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046651\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046655\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046682\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046821\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046985\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047027\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047048\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047096\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047118\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047121\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047152\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047174\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047277\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047343\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047354\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047418\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047506\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047595\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047651\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047653\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047670\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047802\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048146\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048155\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048221\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048317\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048348\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048356\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048421\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048451\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048501\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048891\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048912\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048914\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048916\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048919\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049231\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049289\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049298\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049361\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049483\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049486\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049603\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049619\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049645\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049706\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049882\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050061\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050188\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050211\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050320\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050322\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050677\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051022\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051048\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051059\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051239\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051399\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051471\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051478\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051479\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051556\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051663\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051689\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051979\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052049\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052223\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052311\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052325\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052365\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052442\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052533\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052709\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052773\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052794\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052899\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052925\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1053043\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1053117\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=964063\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=974215\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=998664\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-1000111/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-1000112/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10810/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11473/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7533/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7541/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7542/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8831/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20172286-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?41510390\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP3:zypper in -t patch\nSUSE-SLE-WE-12-SP3-2017-1404=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2017-1404=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2017-1404=1\n\nSUSE Linux Enterprise Live Patching 12-SP3:zypper in -t patch\nSUSE-SLE-Live-Patching-12-SP3-2017-1404=1\n\nSUSE Linux Enterprise High Availability 12-SP3:zypper in -t patch\nSUSE-SLE-HA-12-SP3-2017-1404=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2017-1404=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux Kernel UDP Fragmentation Offset (UFO) Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-default-man-4.4.82-6.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-4.4.82-6.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-base-4.4.82-6.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-base-debuginfo-4.4.82-6.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-debuginfo-4.4.82-6.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-debugsource-4.4.82-6.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-devel-4.4.82-6.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-syms-4.4.82-6.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-default-4.4.82-6.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-default-debuginfo-4.4.82-6.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-default-debugsource-4.4.82-6.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-default-devel-4.4.82-6.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-default-extra-4.4.82-6.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-default-extra-debuginfo-4.4.82-6.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-syms-4.4.82-6.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:26:19", "description": "An update of the linux package has been released.", "cvss3": {}, "published": "2019-02-07T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Linux PHSA-2017-0001", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10088", "CVE-2016-9754", "CVE-2016-9793"], "modified": "2022-05-24T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:linux", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2017-0001_LINUX.NASL", "href": "https://www.tenable.com/plugins/nessus/121664", "sourceData": "#\n# (C) Tenable Network Security, Inc.`\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2017-0001. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(121664);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/24\");\n\n script_cve_id(\"CVE-2016-9754\", \"CVE-2016-9793\", \"CVE-2016-10088\");\n\n script_name(english:\"Photon OS 1.0: Linux PHSA-2017-0001\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the linux package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-16.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-9793\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-4.4.41-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-api-headers-4.4.41-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-debuginfo-4.4.41-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-dev-4.4.41-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-docs-4.4.41-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-drivers-gpu-4.4.41-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-4.4.41-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-debuginfo-4.4.41-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-devel-4.4.41-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-docs-4.4.41-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-oprofile-4.4.41-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-sound-4.4.41-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-tools-4.4.41-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-tools-debuginfo-4.4.41-1.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:36:09", "description": "This update for the Linux Kernel 3.12.60-52_60 fixes several issues.\nThe following security bugs were fixed :\n\n - CVE-2016-9806: Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel allowed local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that made sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated (bsc#1017589).\n\n - CVE-2016-9794: Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command (bsc#1013543).\n\n - CVE-2016-9576: The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel did not properly restrict the type of iterator, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device (bsc#1014271).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-01-25T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2017:0267-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9576", "CVE-2016-9794", "CVE-2016-9806"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_60-52_60-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_60-52_60-xen", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-0267-1.NASL", "href": "https://www.tenable.com/plugins/nessus/96761", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:0267-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96761);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-9576\", \"CVE-2016-9794\", \"CVE-2016-9806\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2017:0267-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for the Linux Kernel 3.12.60-52_60 fixes several issues.\nThe following security bugs were fixed :\n\n - CVE-2016-9806: Race condition in the netlink_dump\n function in net/netlink/af_netlink.c in the Linux kernel\n allowed local users to cause a denial of service (double\n free) or possibly have unspecified other impact via a\n crafted application that made sendmsg system calls,\n leading to a free operation associated with a new dump\n that started earlier than anticipated (bsc#1017589).\n\n - CVE-2016-9794: Race condition in the\n snd_pcm_period_elapsed function in sound/core/pcm_lib.c\n in the ALSA subsystem in the Linux kernel allowed local\n users to cause a denial of service (use-after-free) or\n possibly have unspecified other impact via a crafted\n SNDRV_PCM_TRIGGER_START command (bsc#1013543).\n\n - CVE-2016-9576: The blk_rq_map_user_iov function in\n block/blk-map.c in the Linux kernel did not properly\n restrict the type of iterator, which allowed local users\n to read or write to arbitrary kernel memory locations or\n cause a denial of service (use-after-free) by leveraging\n access to a /dev/sg device (bsc#1014271).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013543\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013604\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1014271\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1017589\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9576/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9794/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9806/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20170267-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e1ede93f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12:zypper in -t patch\nSUSE-SLE-SAP-12-2017-142=1\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2017-142=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_60-52_60-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_60-52_60-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_60-52_60-default-2-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_60-52_60-xen-2-2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:08:25", "description": "Dmitry Vyukov discovered that the KVM implementation in the Linux kernel did not properly initialize the Code Segment (CS) in certain error cases. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2016-9756)\n\nAndrey Konovalov discovered that signed integer overflows existed in the setsockopt() system call when handling the SO_SNDBUFFORCE and SO_RCVBUFFORCE options. A local attacker with the CAP_NET_ADMIN capability could use this to cause a denial of service (system crash or memory corruption). (CVE-2016-9793)\n\nBaozeng Ding discovered a race condition that could lead to a use-after- free in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-9794).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-01-12T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : linux vulnerabilities (USN-3169-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9756", "CVE-2016-9793", "CVE-2016-9794"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "UBUNTU_USN-3169-1.NASL", "href": "https://www.tenable.com/plugins/nessus/96439", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3169-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(96439);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2016-9756\", \"CVE-2016-9793\", \"CVE-2016-9794\");\n script_xref(name:\"USN\", value:\"3169-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS : linux vulnerabilities (USN-3169-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Dmitry Vyukov discovered that the KVM implementation in the Linux\nkernel did not properly initialize the Code Segment (CS) in certain\nerror cases. A local attacker could use this to expose sensitive\ninformation (kernel memory). (CVE-2016-9756)\n\nAndrey Konovalov discovered that signed integer overflows existed in\nthe setsockopt() system call when handling the SO_SNDBUFFORCE and\nSO_RCVBUFFORCE options. A local attacker with the CAP_NET_ADMIN\ncapability could use this to cause a denial of service (system crash\nor memory corruption). (CVE-2016-9793)\n\nBaozeng Ding discovered a race condition that could lead to a\nuse-after- free in the Advanced Linux Sound Architecture (ALSA)\nsubsystem of the Linux kernel. A local attacker could use this to\ncause a denial of service (system crash). (CVE-2016-9794).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3169-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2016-9756\", \"CVE-2016-9793\", \"CVE-2016-9794\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3169-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-59-generic\", pkgver:\"4.4.0-59.80\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-59-generic-lpae\", pkgver:\"4.4.0-59.80\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-59-lowlatency\", pkgver:\"4.4.0-59.80\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic\", pkgver:\"4.4.0.59.62\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-lpae\", pkgver:\"4.4.0.59.62\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-lowlatency\", pkgver:\"4.4.0.59.62\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.4-generic / linux-image-4.4-generic-lpae / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:07:54", "description": "USN-3169-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS.\n\nDmitry Vyukov discovered that the KVM implementation in the Linux kernel did not properly initialize the Code Segment (CS) in certain error cases. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2016-9756)\n\nAndrey Konovalov discovered that signed integer overflows existed in the setsockopt() system call when handling the SO_SNDBUFFORCE and SO_RCVBUFFORCE options. A local attacker with the CAP_NET_ADMIN capability could use this to cause a denial of service (system crash or memory corruption). (CVE-2016-9793)\n\nBaozeng Ding discovered a race condition that could lead to a use-after- free in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-9794).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-01-12T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : linux-lts-xenial vulnerabilities (USN-3169-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9756", "CVE-2016-9793", "CVE-2016-9794"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-xenial", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3169-2.NASL", "href": "https://www.tenable.com/plugins/nessus/96440", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3169-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(96440);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2016-9756\", \"CVE-2016-9793\", \"CVE-2016-9794\");\n script_xref(name:\"USN\", value:\"3169-2\");\n\n script_name(english:\"Ubuntu 14.04 LTS : linux-lts-xenial vulnerabilities (USN-3169-2)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"USN-3169-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04\nLTS. This update provides the corresponding updates for the Linux\nHardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu\n14.04 LTS.\n\nDmitry Vyukov discovered that the KVM implementation in the Linux\nkernel did not properly initialize the Code Segment (CS) in certain\nerror cases. A local attacker could use this to expose sensitive\ninformation (kernel memory). (CVE-2016-9756)\n\nAndrey Konovalov discovered that signed integer overflows existed in\nthe setsockopt() system call when handling the SO_SNDBUFFORCE and\nSO_RCVBUFFORCE options. A local attacker with the CAP_NET_ADMIN\ncapability could use this to cause a denial of service (system crash\nor memory corruption). (CVE-2016-9793)\n\nBaozeng Ding discovered a race condition that could lead to a\nuse-after- free in the Advanced Linux Sound Architecture (ALSA)\nsubsystem of the Linux kernel. A local attacker could use this to\ncause a denial of service (system crash). (CVE-2016-9794).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3169-2/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2016-9756\", \"CVE-2016-9793\", \"CVE-2016-9794\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3169-2\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.4.0-59-generic\", pkgver:\"4.4.0-59.80~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.4.0-59-generic-lpae\", pkgver:\"4.4.0-59.80~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.4.0-59-lowlatency\", pkgver:\"4.4.0-59.80~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-generic-lpae-lts-xenial\", pkgver:\"4.4.0.59.46\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-generic-lts-xenial\", pkgver:\"4.4.0.59.46\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-lowlatency-lts-xenial\", pkgver:\"4.4.0.59.46\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.4-generic / linux-image-4.4-generic-lpae / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-04T14:37:36", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - mqueue: fix a use-after-free in sys_mq_notify (Cong Wang) [Orabug: 26643556] (CVE-2017-11176)\n\n - ipv6: avoid overflow of offset in ip6_find_1stfragopt (Sabrina Dubroca) [Orabug: 27011273] (CVE-2017-7542)\n\n - packet: fix tp_reserve race in packet_set_ring (Willem de Bruijn) [Orabug: 27002450] (CVE-2017-1000111)\n\n - mlx4_core: calculate log_num_mtt based on total system memory (Wei Lin Guay) [Orabug: 26883934]\n\n - xen/x86: Add interface for querying amount of host memory (Boris Ostrovsky) [Orabug: 26883934]", "cvss3": {}, "published": "2017-10-27T00:00:00", "type": "nessus", "title": "OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0164)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000111", "CVE-2017-11176", "CVE-2017-7542"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:kernel-uek", "p-cpe:/a:oracle:vm:kernel-uek-firmware", "cpe:/o:oracle:vm_server:3.3"], "id": "ORACLEVM_OVMSA-2017-0164.NASL", "href": "https://www.tenable.com/plugins/nessus/104203", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2017-0164.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104203);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-1000111\", \"CVE-2017-11176\", \"CVE-2017-7542\");\n\n script_name(english:\"OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0164)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - mqueue: fix a use-after-free in sys_mq_notify (Cong\n Wang) [Orabug: 26643556] (CVE-2017-11176)\n\n - ipv6: avoid overflow of offset in ip6_find_1stfragopt\n (Sabrina Dubroca) [Orabug: 27011273] (CVE-2017-7542)\n\n - packet: fix tp_reserve race in packet_set_ring (Willem\n de Bruijn) [Orabug: 27002450] (CVE-2017-1000111)\n\n - mlx4_core: calculate log_num_mtt based on total system\n memory (Wei Lin Guay) [Orabug: 26883934]\n\n - xen/x86: Add interface for querying amount of host\n memory (Boris Ostrovsky) [Orabug: 26883934]\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2017-October/000794.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ab6a3e39\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel-uek / kernel-uek-firmware packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.3\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.3\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.3\", reference:\"kernel-uek-3.8.13-118.19.10.el6uek\")) flag++;\nif (rpm_check(release:\"OVS3.3\", reference:\"kernel-uek-firmware-3.8.13-118.19.10.el6uek\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-uek / kernel-uek-firmware\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:20:37", "description": "According to the version of the vzkernel package and the readykernel-patch installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities :\n\n - A flaw was found in the way the Linux kernel loaded ELF executables. Provided that an application was built as Position Independent Executable (PIE), the loader could allow part of that application's data segment to map over the memory area reserved for its stack, potentially resulting in memory corruption. An unprivileged local user with access to SUID (or otherwise privileged) PIE binary could use this flaw to escalate their privileges on the system.\n\n - A stack buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feature enabled in the kernel an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to crash the system. Due to the nature of the stack protection feature, code execution cannot be fully ruled out, although we believe it is unlikely.\n\n - The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel through 4.13.3 does not ensure that the 'CR8-load exiting' and 'CR8-store exiting' L0 vmcs02 controls exist in cases where L1 omits the 'use TPR shadow' vmcs12 control, which allows KVM L2 guest OS users to obtain read and write access to the hardware CR8 register.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-11-21T00:00:00", "type": "nessus", "title": "Virtuozzo 7 : readykernel-patch (VZA-2017-086)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000251", "CVE-2017-1000253", "CVE-2017-12154"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:virtuozzo:virtuozzo:readykernel", "cpe:/o:virtuozzo:virtuozzo:7"], "id": "VIRTUOZZO_VZA-2017-086.NASL", "href": "https://www.tenable.com/plugins/nessus/104703", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104703);\n script_version(\"3.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\n \"CVE-2017-1000251\",\n \"CVE-2017-1000253\",\n \"CVE-2017-12154\"\n );\n script_xref(name:\"IAVB\", value:\"2017-B-0135\");\n\n script_name(english:\"Virtuozzo 7 : readykernel-patch (VZA-2017-086)\");\n script_summary(english:\"Checks the readykernel output for the updated patch.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the vzkernel package and the\nreadykernel-patch installed, the Virtuozzo installation on the remote\nhost is affected by the following vulnerabilities :\n\n - A flaw was found in the way the Linux kernel loaded ELF\n executables. Provided that an application was built as\n Position Independent Executable (PIE), the loader could\n allow part of that application's data segment to map\n over the memory area reserved for its stack,\n potentially resulting in memory corruption. An\n unprivileged local user with access to SUID (or\n otherwise privileged) PIE binary could use this flaw to\n escalate their privileges on the system.\n\n - A stack buffer overflow flaw was found in the way the\n Bluetooth subsystem of the Linux kernel processed\n pending L2CAP configuration responses from a client. On\n systems with the stack protection feature enabled in\n the kernel an unauthenticated attacker able to initiate\n a connection to a system via Bluetooth could use this\n flaw to crash the system. Due to the nature of the\n stack protection feature, code execution cannot be\n fully ruled out, although we believe it is unlikely.\n\n - The prepare_vmcs02 function in arch/x86/kvm/vmx.c in\n the Linux kernel through 4.13.3 does not ensure that\n the 'CR8-load exiting' and 'CR8-store exiting' L0\n vmcs02 controls exist in cases where L1 omits the 'use\n TPR shadow' vmcs12 control, which allows KVM L2 guest\n OS users to obtain read and write access to the\n hardware CR8 register.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://help.virtuozzo.com/customer/portal/articles/2881453\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-15.2-32.1-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?80fa3656\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-18.7-32.1-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d9bfb930\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-20.18-32.1-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1666c1ac\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-30.10-32.1-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?692ae938\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-30.15-32.1-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?afeeded6\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-33.22-32.1-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?858ad3c2\");\n script_set_attribute(attribute:\"solution\", value:\"Update the readykernel patch.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:readykernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\", \"Host/readykernel-info\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"readykernel.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 7.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nrk_info = get_kb_item(\"Host/readykernel-info\");\nif (empty_or_null(rk_info)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\n\nchecks = make_list2(\n make_array(\n \"kernel\",\"vzkernel-3.10.0-327.18.2.vz7.15.2\",\n \"patch\",\"readykernel-patch-15.2-32.1-1.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-327.36.1.vz7.18.7\",\n \"patch\",\"readykernel-patch-18.7-32.1-1.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-327.36.1.vz7.20.18\",\n \"patch\",\"readykernel-patch-20.18-32.1-1.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-514.16.1.vz7.30.10\",\n \"patch\",\"readykernel-patch-30.10-32.1-1.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-514.16.1.vz7.30.15\",\n \"patch\",\"readykernel-patch-30.15-32.1-1.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-514.26.1.vz7.33.22\",\n \"patch\",\"readykernel-patch-33.22-32.1-1.vl7\"\n )\n);\nreadykernel_execute_checks(checks:checks, severity:SECURITY_HOLE, release:\"Virtuozzo-7\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:18:56", "description": "The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-3622 advisory.\n\n - The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability calculation.\n (CVE-2017-12134)\n\n - The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but does not take the argument and environment pointers into account, which allows attackers to bypass this limitation. This affects Linux Kernel versions 4.11.5 and earlier. It appears that this feature was introduced in the Linux Kernel version 2.6.23.\n (CVE-2017-1000365)\n\n - The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space. (CVE-2017-1000251)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2017-09-22T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2017-3622)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000251", "CVE-2017-1000365", "CVE-2017-12134"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2017-3622.NASL", "href": "https://www.tenable.com/plugins/nessus/103402", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2017-3622.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103402);\n script_version(\"3.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\"CVE-2017-12134\", \"CVE-2017-1000251\", \"CVE-2017-1000365\");\n script_xref(name:\"IAVB\", value:\"2017-B-0108-S\");\n script_xref(name:\"IAVA\", value:\"2017-A-0253-S\");\n\n script_name(english:\"Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2017-3622)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2017-3622 advisory.\n\n - The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users\n to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial\n of service, or gain host OS privileges by leveraging incorrect block IO merge-ability calculation.\n (CVE-2017-12134)\n\n - The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through\n RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but does not take the argument and environment pointers into\n account, which allows attackers to bypass this limitation. This affects Linux Kernel versions 4.11.5 and\n earlier. It appears that this feature was introduced in the Linux Kernel version 2.6.23.\n (CVE-2017-1000365)\n\n - The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up\n to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP\n configuration responses resulting in Remote code execution in kernel space. (CVE-2017-1000251)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2017-3622.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-1000251\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['2.6.39-400.297.8.el6uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2017-3622');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '2.6';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-2.6.39-400.297.8.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.39'},\n {'reference':'kernel-uek-2.6.39-400.297.8.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.39'},\n {'reference':'kernel-uek-debug-2.6.39-400.297.8.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.39'},\n {'reference':'kernel-uek-debug-2.6.39-400.297.8.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.39'},\n {'reference':'kernel-uek-debug-devel-2.6.39-400.297.8.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.39'},\n {'reference':'kernel-uek-debug-devel-2.6.39-400.297.8.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.39'},\n {'reference':'kernel-uek-devel-2.6.39-400.297.8.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.39'},\n {'reference':'kernel-uek-devel-2.6.39-400.297.8.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.39'},\n {'reference':'kernel-uek-doc-2.6.39-400.297.8.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-2.6.39'},\n {'reference':'kernel-uek-firmware-2.6.39-400.297.8.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-2.6.39'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:18:14", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - Bluetooth: Properly check L2CAP config option output buffer length (Ben Seri) [Orabug: 26796364] (CVE-2017-1000251)\n\n - xen: fix bio vec merging (Roger Pau Monne) [Orabug:\n 26645550] (CVE-2017-12134)\n\n - fs/exec.c: account for argv/envp pointers (Kees Cook) [Orabug: 26638921] (CVE-2017-1000365) (CVE-2017-1000365)", "cvss3": {}, "published": "2017-09-22T00:00:00", "type": "nessus", "title": "OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0152) (BlueBorne) (Stack Clash)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000251", "CVE-2017-1000365", "CVE-2017-12134"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:kernel-uek", "p-cpe:/a:oracle:vm:kernel-uek-firmware", "cpe:/o:oracle:vm_server:3.3"], "id": "ORACLEVM_OVMSA-2017-0152.NASL", "href": "https://www.tenable.com/plugins/nessus/103404", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2017-0152.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103404);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-1000251\", \"CVE-2017-1000365\", \"CVE-2017-12134\");\n\n script_name(english:\"OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0152) (BlueBorne) (Stack Clash)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - Bluetooth: Properly check L2CAP config option output\n buffer length (Ben Seri) [Orabug: 26796364]\n (CVE-2017-1000251)\n\n - xen: fix bio vec merging (Roger Pau Monne) [Orabug:\n 26645550] (CVE-2017-12134)\n\n - fs/exec.c: account for argv/envp pointers (Kees Cook)\n [Orabug: 26638921] (CVE-2017-1000365) (CVE-2017-1000365)\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2017-September/000781.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dd9815ba\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected kernel-uek / kernel-uek-firmware packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/22\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.3\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.3\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.3\", reference:\"kernel-uek-3.8.13-118.19.7.el6uek\")) flag++;\nif (rpm_check(release:\"OVS3.3\", reference:\"kernel-uek-firmware-3.8.13-118.19.7.el6uek\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-uek / kernel-uek-firmware\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:18:56", "description": "The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-3621 advisory.\n\n - The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability calculation.\n (CVE-2017-12134)\n\n - The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but does not take the argument and environment pointers into account, which allows attackers to bypass this limitation. This affects Linux Kernel versions 4.11.5 and earlier. It appears that this feature was introduced in the Linux Kernel version 2.6.23.\n (CVE-2017-1000365)\n\n - The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space. (CVE-2017-1000251)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2017-09-22T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3621)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000251", "CVE-2017-1000365", "CVE-2017-12134"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.19.7.el6uek", "p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.19.7.el7uek", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2017-3621.NASL", "href": "https://www.tenable.com/plugins/nessus/103401", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2017-3621.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103401);\n script_version(\"3.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\"CVE-2017-12134\", \"CVE-2017-1000251\", \"CVE-2017-1000365\");\n script_xref(name:\"IAVB\", value:\"2017-B-0108-S\");\n script_xref(name:\"IAVA\", value:\"2017-A-0253-S\");\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3621)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2017-3621 advisory.\n\n - The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users\n to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial\n of service, or gain host OS privileges by leveraging incorrect block IO merge-ability calculation.\n (CVE-2017-12134)\n\n - The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through\n RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but does not take the argument and environment pointers into\n account, which allows attackers to bypass this limitation. This affects Linux Kernel versions 4.11.5 and\n earlier. It appears that this feature was introduced in the Linux Kernel version 2.6.23.\n (CVE-2017-1000365)\n\n - The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up\n to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP\n configuration responses resulting in Remote code execution in kernel space. (CVE-2017-1000251)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2017-3621.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-1000251\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.19.7.el6uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.19.7.el7uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6 / 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['3.8.13-118.19.7.el6uek', '3.8.13-118.19.7.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2017-3621');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '3.8';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'dtrace-modules-3.8.13-118.19.7.el6uek-0.4.5-3.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-3.8.13-118.19.7.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-3.8.13'},\n {'reference':'kernel-uek-debug-3.8.13-118.19.7.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-3.8.13'},\n {'reference':'kernel-uek-debug-devel-3.8.13-118.19.7.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-3.8.13'},\n {'reference':'kernel-uek-devel-3.8.13-118.19.7.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-3.8.13'},\n {'reference':'kernel-uek-doc-3.8.13-118.19.7.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-3.8.13'},\n {'reference':'kernel-uek-firmware-3.8.13-118.19.7.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-3.8.13'},\n {'reference':'dtrace-modules-3.8.13-118.19.7.el7uek-0.4.5-3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-3.8.13-118.19.7.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-3.8.13'},\n {'reference':'kernel-uek-debug-3.8.13-118.19.7.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-3.8.13'},\n {'reference':'kernel-uek-debug-devel-3.8.13-118.19.7.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-3.8.13'},\n {'reference':'kernel-uek-devel-3.8.13-118.19.7.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-3.8.13'},\n {'reference':'kernel-uek-doc-3.8.13-118.19.7.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-3.8.13'},\n {'reference':'kernel-uek-firmware-3.8.13-118.19.7.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-3.8.13'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'dtrace-modules-3.8.13-118.19.7.el6uek / dtrace-modules-3.8.13-118.19.7.el7uek / kernel-uek / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:21:32", "description": "An update for kernel is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\n* A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets are implemented in the Linux kernel networking subsystem handling synchronization. A local user able to open a raw packet socket (requires the CAP_NET_RAW capability) could use this flaw to elevate their privileges on the system.\n(CVE-2017-1000111, Important)\n\n* An exploitable memory corruption flaw was found in the Linux kernel.\nThe append path can be erroneously switched from UFO to non-UFO in ip_ufo_append_data() when building an UFO packet with MSG_MORE option.\nIf unprivileged user namespaces are available, this flaw can be exploited to gain root privileges. (CVE-2017-1000112, Important)\n\n* A divide-by-zero vulnerability was found in the __tcp_select_window function in the Linux kernel. This can result in a kernel panic causing a local denial of service. (CVE-2017-14106, Moderate)\n\nRed Hat would like to thank Willem de Bruijn for reporting CVE-2017-1000111 and Andrey Konovalov for reporting CVE-2017-1000112.\n\nBug Fix(es) :\n\n* When the operating system was booted with Red Hat Enterprise Virtualization, and the eh_deadline sysfs parameter was set to 10s, the Storage Area Network (SAN) issues caused eh_deadline to trigger with no handler. Consequently, a kernel panic occurred. This update fixes the lpfc driver, thus preventing the kernel panic under described circumstances. (BZ #1487220)\n\n* When an NFS server returned the NFS4ERR_BAD_SEQID error to an OPEN request, the open-owner was removed from the state_owners rbtree.\nConsequently, NFS4 client infinite loop that required a reboot to recover occurred. This update changes NFS4ERR_BAD_SEQID handling to leave the open-owner in the state_owners rbtree by updating the create_time parameter so that it looks like a new open-owner. As a result, an NFS4 client is now able to recover without falling into the infinite recovery loop after receiving NFS4ERR_BAD_SEQID. (BZ#1491123)\n\n* If an NFS client attempted to mount NFSv3 shares from an NFS server exported directly to the client's IP address, and this NFS client had already mounted other shares that originated from the same server but were exported to the subnetwork which this client was part of, the auth.unix.ip cache expiration was not handled correctly. Consequently, the client received the 'stale file handle' errors when trying to mount the share. This update fixes handling of the cache expiration, and the NFSv3 shares now mount as expected without producing the 'stale file handle' errors. (BZ #1497976)\n\n* When running a script that raised the tx ring count to its maximum value supported by the Solarflare Network Interface Controller (NIC) driver, the EF10 family NICs allowed the settings exceeding the hardware's capability. Consequently, the Solarflare hardware became unusable with Red Hat Entepripse Linux 6. This update fixes the sfc driver, so that the tx ring can have maximum 2048 entries for all EF10 NICs. As a result, the Solarflare hardware no longer becomes unusable with Red Hat Entepripse Linux 6 due to this bug. (BZ#1498019)", "cvss3": {}, "published": "2017-11-16T00:00:00", "type": "nessus", "title": "CentOS 6 : kernel (CESA-2017:3200)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000111", "CVE-2017-1000112", "CVE-2017-14106"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-abi-whitelists", "p-cpe:/a:centos:centos:kernel-debug", "p-cpe:/a:centos:centos:kernel-debug-devel", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel-doc", "p-cpe:/a:centos:centos:kernel-firmware", "p-cpe:/a:centos:centos:kernel-headers", "p-cpe:/a:centos:centos:perf", "p-cpe:/a:centos:centos:python-perf", "cpe:/o:centos:centos:6"], "id": "CENTOS_RHSA-2017-3200.NASL", "href": "https://www.tenable.com/plugins/nessus/104583", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:3200 and \n# CentOS Errata and Security Advisory 2017:3200 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104583);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-1000111\", \"CVE-2017-1000112\", \"CVE-2017-14106\");\n script_xref(name:\"RHSA\", value:\"2017:3200\");\n\n script_name(english:\"CentOS 6 : kernel (CESA-2017:3200)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* A race condition issue leading to a use-after-free flaw was found in\nthe way the raw packet sockets are implemented in the Linux kernel\nnetworking subsystem handling synchronization. A local user able to\nopen a raw packet socket (requires the CAP_NET_RAW capability) could\nuse this flaw to elevate their privileges on the system.\n(CVE-2017-1000111, Important)\n\n* An exploitable memory corruption flaw was found in the Linux kernel.\nThe append path can be erroneously switched from UFO to non-UFO in\nip_ufo_append_data() when building an UFO packet with MSG_MORE option.\nIf unprivileged user namespaces are available, this flaw can be\nexploited to gain root privileges. (CVE-2017-1000112, Important)\n\n* A divide-by-zero vulnerability was found in the __tcp_select_window\nfunction in the Linux kernel. This can result in a kernel panic\ncausing a local denial of service. (CVE-2017-14106, Moderate)\n\nRed Hat would like to thank Willem de Bruijn for reporting\nCVE-2017-1000111 and Andrey Konovalov for reporting CVE-2017-1000112.\n\nBug Fix(es) :\n\n* When the operating system was booted with Red Hat Enterprise\nVirtualization, and the eh_deadline sysfs parameter was set to 10s,\nthe Storage Area Network (SAN) issues caused eh_deadline to trigger\nwith no handler. Consequently, a kernel panic occurred. This update\nfixes the lpfc driver, thus preventing the kernel panic under\ndescribed circumstances. (BZ #1487220)\n\n* When an NFS server returned the NFS4ERR_BAD_SEQID error to an OPEN\nrequest, the open-owner was removed from the state_owners rbtree.\nConsequently, NFS4 client infinite loop that required a reboot to\nrecover occurred. This update changes NFS4ERR_BAD_SEQID handling to\nleave the open-owner in the state_owners rbtree by updating the\ncreate_time parameter so that it looks like a new open-owner. As a\nresult, an NFS4 client is now able to recover without falling into the\ninfinite recovery loop after receiving NFS4ERR_BAD_SEQID. (BZ#1491123)\n\n* If an NFS client attempted to mount NFSv3 shares from an NFS server\nexported directly to the client's IP address, and this NFS client had\nalready mounted other shares that originated from the same server but\nwere exported to the subnetwork which this client was part of, the\nauth.unix.ip cache expiration was not handled correctly. Consequently,\nthe client received the 'stale file handle' errors when trying to\nmount the share. This update fixes handling of the cache expiration,\nand the NFSv3 shares now mount as expected without producing the\n'stale file handle' errors. (BZ #1497976)\n\n* When running a script that raised the tx ring count to its maximum\nvalue supported by the Solarflare Network Interface Controller (NIC)\ndriver, the EF10 family NICs allowed the settings exceeding the\nhardware's capability. Consequently, the Solarflare hardware became\nunusable with Red Hat Entepripse Linux 6. This update fixes the sfc\ndriver, so that the tx ring can have maximum 2048 entries for all EF10\nNICs. As a result, the Solarflare hardware no longer becomes unusable\nwith Red Hat Entepripse Linux 6 due to this bug. (BZ#1498019)\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2017-November/022624.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?88fd3a1f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-1000111\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux Kernel UDP Fragmentation Offset (UFO) Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-2.6.32-696.16.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-abi-whitelists-2.6.32-696.16.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-debug-2.6.32-696.16.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-debug-devel-2.6.32-696.16.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-devel-2.6.32-696.16.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-doc-2.6.32-696.16.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-firmware-2.6.32-696.16.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-headers-2.6.32-696.16.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"perf-2.6.32-696.16.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"python-perf-2.6.32-696.16.1.el6\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / kernel-debug-devel / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:17:50", "description": "The openSUSE Leap 42.2 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2017-1000111: Fixed a race condition in net-packet code that could be exploited to cause out-of-bounds memory access (bsc#1052365).\n\n - CVE-2017-1000112: Fixed a race condition in net-packet code that could have been exploited by unprivileged users to gain root access. (bsc#1052311).\n\n - CVE-2017-8831: The saa7164_bus_get function in drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact by changing a certain sequence-number value, aka a 'double fetch' vulnerability (bnc#1037994).\n\nThe following non-security bugs were fixed :\n\n - IB/hfi1: Wait for QSFP modules to initialize (bsc#1019151).\n\n - bcache: force trigger gc (bsc#1038078).\n\n - bcache: only recovery I/O error for writethrough mode (bsc#1043652).\n\n - block: do not allow updates through sysfs until registration completes (bsc#1047027).\n\n - ibmvnic: Check for transport event on driver resume (bsc#1051556, bsc#1052709).\n\n - ibmvnic: Initialize SCRQ's during login renegotiation (bsc#1052223).\n\n - ibmvnic: Report rx buffer return codes as netdev_dbg (bsc#1052794).\n\n - iommu/amd: Fix schedule-while-atomic BUG in initialization code (bsc1052533).\n\n - libnvdimm, pmem: fix a NULL pointer BUG in nd_pmem_notify (bsc#1023175).\n\n - libnvdimm: fix badblock range handling of ARS range (bsc#1023175).\n\n - qeth: fix L3 next-hop im xmit qeth hdr (bnc#1052773, LTC#157374).\n\n - scsi_devinfo: fixup string compare (bsc#1037404).\n\n - scsi_dh_alua: suppress errors from unsupported devices (bsc#1038792).\n\n - vfs: fix missing inode_get_dev sites (bsc#1052049).\n\n - x86/dmi: Switch dmi_remap() from ioremap() to ioremap_cache() (bsc#1051399).", "cvss3": {}, "published": "2017-08-16T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2017-929)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000111", "CVE-2017-1000112", "CVE-2017-8831"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-docs-html", "p-cpe:/a:novell:opensuse:kernel-docs-pdf", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-base", "p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "cpe:/o:novell:opensuse:42.2"], "id": "OPENSUSE-2017-929.NASL", "href": "https://www.tenable.com/plugins/nessus/102509", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-929.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102509);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-1000111\", \"CVE-2017-1000112\", \"CVE-2017-8831\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2017-929)\");\n script_summary(english:\"Check for the openSUSE-2017-929 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The openSUSE Leap 42.2 kernel was updated to receive various security\nand bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2017-1000111: Fixed a race condition in net-packet\n code that could be exploited to cause out-of-bounds\n memory access (bsc#1052365).\n\n - CVE-2017-1000112: Fixed a race condition in net-packet\n code that could have been exploited by unprivileged\n users to gain root access. (bsc#1052311).\n\n - CVE-2017-8831: The saa7164_bus_get function in\n drivers/media/pci/saa7164/saa7164-bus.c in the Linux\n kernel allowed local users to cause a denial of service\n (out-of-bounds array access) or possibly have\n unspecified other impact by changing a certain\n sequence-number value, aka a 'double fetch'\n vulnerability (bnc#1037994).\n\nThe following non-security bugs were fixed :\n\n - IB/hfi1: Wait for QSFP modules to initialize\n (bsc#1019151).\n\n - bcache: force trigger gc (bsc#1038078).\n\n - bcache: only recovery I/O error for writethrough mode\n (bsc#1043652).\n\n - block: do not allow updates through sysfs until\n registration completes (bsc#1047027).\n\n - ibmvnic: Check for transport event on driver resume\n (bsc#1051556, bsc#1052709).\n\n - ibmvnic: Initialize SCRQ's during login renegotiation\n (bsc#1052223).\n\n - ibmvnic: Report rx buffer return codes as netdev_dbg\n (bsc#1052794).\n\n - iommu/amd: Fix schedule-while-atomic BUG in\n initialization code (bsc1052533).\n\n - libnvdimm, pmem: fix a NULL pointer BUG in\n nd_pmem_notify (bsc#1023175).\n\n - libnvdimm: fix badblock range handling of ARS range\n (bsc#1023175).\n\n - qeth: fix L3 next-hop im xmit qeth hdr (bnc#1052773,\n LTC#157374).\n\n - scsi_devinfo: fixup string compare (bsc#1037404).\n\n - scsi_dh_alua: suppress errors from unsupported devices\n (bsc#1038792).\n\n - vfs: fix missing inode_get_dev sites (bsc#1052049).\n\n - x86/dmi: Switch dmi_remap() from ioremap() to\n ioremap_cache() (bsc#1051399).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1019151\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1023175\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1037404\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1037994\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1038078\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1038792\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1043652\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1047027\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1051399\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1051556\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052049\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052223\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052311\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052365\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052533\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052709\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052773\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052794\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected the Linux Kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux Kernel UDP Fragmentation Offset (UFO) Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-pdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-debug-4.4.79-18.26.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-debug-base-4.4.79-18.26.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-debug-base-debuginfo-4.4.79-18.26.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-debug-debuginfo-4.4.79-18.26.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-debug-debugsource-4.4.79-18.26.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-debug-devel-4.4.79-18.26.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-debug-devel-debuginfo-4.4.79-18.26.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-default-4.4.79-18.26.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-default-base-4.4.79-18.26.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-default-base-debuginfo-4.4.79-18.26.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-default-debuginfo-4.4.79-18.26.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-default-debugsource-4.4.79-18.26.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-default-devel-4.4.79-18.26.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-devel-4.4.79-18.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-docs-html-4.4.79-18.26.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-docs-pdf-4.4.79-18.26.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-macros-4.4.79-18.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-obs-build-4.4.79-18.26.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-obs-build-debugsource-4.4.79-18.26.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-obs-qa-4.4.79-18.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-source-4.4.79-18.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-source-vanilla-4.4.79-18.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-syms-4.4.79-18.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-vanilla-4.4.79-18.26.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-vanilla-base-4.4.79-18.26.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-vanilla-base-debuginfo-4.4.79-18.26.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-vanilla-debuginfo-4.4.79-18.26.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-vanilla-debugsource-4.4.79-18.26.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-vanilla-devel-4.4.79-18.26.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-docs-html / kernel-docs-pdf / kernel-devel / kernel-macros / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:17:56", "description": "The 4.12.8 stable kernel update contains a number of important fixes across the tree.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-08-24T00:00:00", "type": "nessus", "title": "Fedora 26 : kernel (2017-4336d64e21)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000111", "CVE-2017-1000112", "CVE-2017-12134"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2017-4336D64E21.NASL", "href": "https://www.tenable.com/plugins/nessus/102717", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-4336d64e21.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102717);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-1000111\", \"CVE-2017-1000112\", \"CVE-2017-12134\");\n script_xref(name:\"FEDORA\", value:\"2017-4336d64e21\");\n\n script_name(english:\"Fedora 26 : kernel (2017-4336d64e21)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 4.12.8 stable kernel update contains a number of important fixes\nacross the tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-4336d64e21\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux Kernel UDP Fragmentation Offset (UFO) Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-1000111\", \"CVE-2017-1000112\", \"CVE-2017-12134\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2017-4336d64e21\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"kernel-4.12.8-300.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:21:12", "description": "Security Fix(es) :\n\n - A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets are implemented in the Linux kernel networking subsystem handling synchronization. A local user able to open a raw packet socket (requires the CAP_NET_RAW capability) could use this flaw to elevate their privileges on the system. (CVE-2017-1000111, Important)\n\n - An exploitable memory corruption flaw was found in the Linux kernel. The append path can be erroneously switched from UFO to non-UFO in ip_ufo_append_data() when building an UFO packet with MSG_MORE option. If unprivileged user namespaces are available, this flaw can be exploited to gain root privileges.\n (CVE-2017-1000112, Important)\n\n - A divide-by-zero vulnerability was found in the\n __tcp_select_window function in the Linux kernel. This can result in a kernel panic causing a local denial of service. (CVE-2017-14106, Moderate)\n\nBug Fix(es) :\n\n - When the operating system was booted with RHEV/oVirt, and the eh_deadline sysfs parameter was set to 10s, the Storage Area Network (SAN) issues caused eh_deadline to trigger with no handler. Consequently, a kernel panic occurred. This update fixes the lpfc driver, thus preventing the kernel panic under described circumstances.\n\n - When an NFS server returned the NFS4ERR_BAD_SEQID error to an OPEN request, the open-owner was removed from the state_owners rbtree. Consequently, NFS4 client infinite loop that required a reboot to recover occurred. This update changes NFS4ERR_BAD_SEQID handling to leave the open-owner in the state_owners rbtree by updating the create_time parameter so that it looks like a new open-owner. As a result, an NFS4 client is now able to recover without falling into the infinite recovery loop after receiving NFS4ERR_BAD_SEQID.\n\n - If an NFS client attempted to mount NFSv3 shares from an NFS server exported directly to the client's IP address, and this NFS client had already mounted other shares that originated from the same server but were exported to the subnetwork which this client was part of, the auth.unix.ip cache expiration was not handled correctly.\n Consequently, the client received the 'stale file handle' errors when trying to mount the share. This update fixes handling of the cache expiration, and the NFSv3 shares now mount as expected without producing the 'stale file handle' errors.\n\n - When running a script that raised the tx ring count to its maximum value supported by the Solarflare Network Interface Controller (NIC) driver, the EF10 family NICs allowed the settings exceeding the hardware's capability. Consequently, the Solarflare hardware became unusable with Scientific Linux 6. This update fixes the sfc driver, so that the tx ring can have maximum 2048 entries for all EF10 NICs. As a result, the Solarflare hardware no longer becomes unusable.", "cvss3": {}, "published": "2017-11-16T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20171115)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000111", "CVE-2017-1000112", "CVE-2017-14106"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:kernel", "p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists", "p-cpe:/a:fermilab:scientific_linux:kernel-debug", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-i686", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:fermilab:scientific_linux:kernel-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-doc", "p-cpe:/a:fermilab:scientific_linux:kernel-firmware", "p-cpe:/a:fermilab:scientific_linux:kernel-headers", "p-cpe:/a:fermilab:scientific_linux:perf", "p-cpe:/a:fermilab:scientific_linux:perf-debuginfo", "p-cpe:/a:fermilab:scientific_linux:python-perf", "p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20171115_KERNEL_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/104623", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104623);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2017-1000111\", \"CVE-2017-1000112\", \"CVE-2017-14106\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20171115)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - A race condition issue leading to a use-after-free flaw\n was found in the way the raw packet sockets are\n implemented in the Linux kernel networking subsystem\n handling synchronization. A local user able to open a\n raw packet socket (requires the CAP_NET_RAW capability)\n could use this flaw to elevate their privileges on the\n system. (CVE-2017-1000111, Important)\n\n - An exploitable memory corruption flaw was found in the\n Linux kernel. The append path can be erroneously\n switched from UFO to non-UFO in ip_ufo_append_data()\n when building an UFO packet with MSG_MORE option. If\n unprivileged user namespaces are available, this flaw\n can be exploited to gain root privileges.\n (CVE-2017-1000112, Important)\n\n - A divide-by-zero vulnerability was found in the\n __tcp_select_window function in the Linux kernel. This\n can result in a kernel panic causing a local denial of\n service. (CVE-2017-14106, Moderate)\n\nBug Fix(es) :\n\n - When the operating system was booted with RHEV/oVirt,\n and the eh_deadline sysfs parameter was set to 10s, the\n Storage Area Network (SAN) issues caused eh_deadline to\n trigger with no handler. Consequently, a kernel panic\n occurred. This update fixes the lpfc driver, thus\n preventing the kernel panic under described\n circumstances.\n\n - When an NFS server returned the NFS4ERR_BAD_SEQID error\n to an OPEN request, the open-owner was removed from the\n state_owners rbtree. Consequently, NFS4 client infinite\n loop that required a reboot to recover occurred. This\n update changes NFS4ERR_BAD_SEQID handling to leave the\n open-owner in the state_owners rbtree by updating the\n create_time parameter so that it looks like a new\n open-owner. As a result, an NFS4 client is now able to\n recover without falling into the infinite recovery loop\n after receiving NFS4ERR_BAD_SEQID.\n\n - If an NFS client attempted to mount NFSv3 shares from an\n NFS server exported directly to the client's IP address,\n and this NFS client had already mounted other shares\n that originated from the same server but were exported\n to the subnetwork which this client was part of, the\n auth.unix.ip cache expiration was not handled correctly.\n Consequently, the client received the 'stale file\n handle' errors when trying to mount the share. This\n update fixes handling of the cache expiration, and the\n NFSv3 shares now mount as expected without producing the\n 'stale file handle' errors.\n\n - When running a script that raised the tx ring count to\n its maximum value supported by the Solarflare Network\n Interface Controller (NIC) driver, the EF10 family NICs\n allowed the settings exceeding the hardware's\n capability. Consequently, the Solarflare hardware became\n unusable with Scientific Linux 6. This update fixes the\n sfc driver, so that the tx ring can have maximum 2048\n entries for all EF10 NICs. As a result, the Solarflare\n hardware no longer becomes unusable.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1711&L=scientific-linux-errata&F=&S=&P=846\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?43c4509f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux Kernel UDP Fragmentation Offset (UFO) Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"kernel-2.6.32-696.16.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-abi-whitelists-2.6.32-696.16.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-2.6.32-696.16.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-debuginfo-2.6.32-696.16.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-devel-2.6.32-696.16.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debuginfo-2.6.32-696.16.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debuginfo-common-i686-2.6.32-696.16.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-2.6.32-696.16.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-devel-2.6.32-696.16.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-doc-2.6.32-696.16.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-firmware-2.6.32-696.16.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-headers-2.6.32-696.16.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perf-2.6.32-696.16.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perf-debuginfo-2.6.32-696.16.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"python-perf-2.6.32-696.16.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"python-perf-debuginfo-2.6.32-696.16.1.el6\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:20:31", "description": "An update for kernel is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\n* A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets are implemented in the Linux kernel networking subsystem handling synchronization. A local user able to open a raw packet socket (requires the CAP_NET_RAW capability) could use this flaw to elevate their privileges on the system.\n(CVE-2017-1000111, Important)\n\n* An exploitable memory corruption flaw was found in the Linux kernel.\nThe append path can be erroneously switched from UFO to non-UFO in ip_ufo_append_data() when building an UFO packet with MSG_MORE option.\nIf unprivileged user namespaces are available, this flaw can be exploited to gain root privileges. (CVE-2017-1000112, Important)\n\n* A divide-by-zero vulnerability was found in the __tcp_select_window function in the Linux kernel. This can result in a kernel panic causing a local denial of service. (CVE-2017-14106, Moderate)\n\nRed Hat would like to thank Willem de Bruijn for reporting CVE-2017-1000111 and Andrey Konovalov for reporting CVE-2017-1000112.\n\nBug Fix(es) :\n\n* When the operating system was booted with Red Hat Enterprise Virtualization, and the eh_deadline sysfs parameter was set to 10s, the Storage Area Network (SAN) issues caused eh_deadline to trigger with no handler. Consequently, a kernel panic occurred. This update fixes the lpfc driver, thus preventing the kernel panic under described circumstances. (BZ #1487220)\n\n* When an NFS server returned the NFS4ERR_BAD_SEQID error to an OPEN request, the open-owner was removed from the state_owners rbtree.\nConsequently, NFS4 client infinite loop that required a reboot to recover occurred. This update changes NFS4ERR_BAD_SEQID handling to leave the open-owner in the state_owners rbtree by updating the create_time parameter so that it looks like a new open-owner. As a result, an NFS4 client is now able to recover without falling into the infinite recovery loop after receiving NFS4ERR_BAD_SEQID. (BZ#1491123)\n\n* If an NFS client attempted to mount NFSv3 shares from an NFS server exported directly to the client's IP address, and this NFS client had already mounted other shares that originated from the same server but were exported to the subnetwork which this client was part of, the auth.unix.ip cache expiration was not handled correctly. Consequently, the client received the 'stale file handle' errors when trying to mount the share. This update fixes handling of the cache expiration, and the NFSv3 shares now mount as expected without producing the 'stale file handle' errors. (BZ #1497976)\n\n* When running a script that raised the tx ring count to its maximum value supported by the Solarflare Network Interface Controller (NIC) driver, the EF10 family NICs allowed the settings exceeding the hardware's capability. Consequently, the Solarflare hardware became unusable with Red Hat Entepripse Linux 6. This update fixes the sfc driver, so that the tx ring can have maximum 2048 entries for all EF10 NICs. As a result, the Solarflare hardware no longer becomes unusable with Red Hat Entepripse Linux 6 due to this bug. (BZ#1498019)", "cvss3": {}, "published": "2017-11-15T00:00:00", "type": "nessus", "title": "RHEL 6 : kernel (RHSA-2017:3200)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000111", "CVE-2017-1000112", "CVE-2017-14106"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-i686", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-firmware", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:python-perf", "p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2017-3200.NASL", "href": "https://www.tenable.com/plugins/nessus/104566", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:3200. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104566);\n script_version(\"3.13\");\n script_cvs_date(\"Date: 2019/10/24 15:35:43\");\n\n script_cve_id(\"CVE-2017-1000111\", \"CVE-2017-1000112\", \"CVE-2017-14106\");\n script_xref(name:\"RHSA\", value:\"2017:3200\");\n\n script_name(english:\"RHEL 6 : kernel (RHSA-2017:3200)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* A race condition issue leading to a use-after-free flaw was found in\nthe way the raw packet sockets are implemented in the Linux kernel\nnetworking subsystem handling synchronization. A local user able to\nopen a raw packet socket (requires the CAP_NET_RAW capability) could\nuse this flaw to elevate their privileges on the system.\n(CVE-2017-1000111, Important)\n\n* An exploitable memory corruption flaw was found in the Linux kernel.\nThe append path can be erroneously switched from UFO to non-UFO in\nip_ufo_append_data() when building an UFO packet with MSG_MORE option.\nIf unprivileged user namespaces are available, this flaw can be\nexploited to gain root privileges. (CVE-2017-1000112, Important)\n\n* A divide-by-zero vulnerability was found in the __tcp_select_window\nfunction in the Linux kernel. This can result in a kernel panic\ncausing a local denial of service. (CVE-2017-14106, Moderate)\n\nRed Hat would like to thank Willem de Bruijn for reporting\nCVE-2017-1000111 and Andrey Konovalov for reporting CVE-2017-1000112.\n\nBug Fix(es) :\n\n* When the operating system was booted with Red Hat Enterprise\nVirtualization, and the eh_deadline sysfs parameter was set to 10s,\nthe Storage Area Network (SAN) issues caused eh_deadline to trigger\nwith no handler. Consequently, a kernel panic occurred. This update\nfixes the lpfc driver, thus preventing the kernel panic under\ndescribed circumstances. (BZ #1487220)\n\n* When an NFS server returned the NFS4ERR_BAD_SEQID error to an OPEN\nrequest, the open-owner was removed from the state_owners rbtree.\nConsequently, NFS4 client infinite loop that required a reboot to\nrecover occurred. This update changes NFS4ERR_BAD_SEQID handling to\nleave the open-owner in the state_owners rbtree by updating the\ncreate_time parameter so that it looks like a new open-owner. As a\nresult, an NFS4 client is now able to recover without falling into the\ninfinite recovery loop after receiving NFS4ERR_BAD_SEQID. (BZ#1491123)\n\n* If an NFS client attempted to mount NFSv3 shares from an NFS server\nexported directly to the client's IP address, and this NFS client had\nalready mounted other shares that originated from the same server but\nwere exported to the subnetwork which this client was part of, the\nauth.unix.ip cache expiration was not handled correctly. Consequently,\nthe client received the 'stale file handle' errors when trying to\nmount the share. This update fixes handling of the cache expiration,\nand the NFSv3 shares now mount as expected without producing the\n'stale file handle' errors. (BZ #1497976)\n\n* When running a script that raised the tx ring count to its maximum\nvalue supported by the Solarflare Network Interface Controller (NIC)\ndriver, the EF10 family NICs allowed the settings exceeding the\nhardware's capability. Consequently, the Solarflare hardware became\nunusable with Red Hat Entepripse Linux 6. This update fixes the sfc\ndriver, so that the tx ring can have maximum 2048 entries for all EF10\nNICs. As a result, the Solarflare hardware no longer becomes unusable\nwith Red Hat Entepripse Linux 6 due to this bug. (BZ#1498019)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:3200\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-14106\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-1000111\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-1000112\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux Kernel UDP Fragmentation Offset (UFO) Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-1000111\", \"CVE-2017-1000112\", \"CVE-2017-14106\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2017:3200\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:3200\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-2.6.32-696.16.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-2.6.32-696.16.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-2.6.32-696.16.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-abi-whitelists-2.6.32-696.16.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-2.6.32-696.16.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-2.6.32-696.16.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.32-696.16.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-debuginfo-2.6.32-696.16.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-debuginfo-2.6.32-696.16.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-2.6.32-696.16.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-devel-2.6.32-696.16.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-devel-2.6.32-696.16.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.32-696.16.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debuginfo-2.6.32-696.16.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debuginfo-2.6.32-696.16.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-2.6.32-696.16.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debuginfo-common-i686-2.6.32-696.16.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debuginfo-common-s390x-2.6.32-696.16.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-2.6.32-696.16.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-devel-2.6.32-696.16.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-devel-2.6.32-696.16.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.32-696.16.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-doc-2.6.32-696.16.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-firmware-2.6.32-696.16.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-headers-2.6.32-696.16.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-headers-2.6.32-696.16.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.32-696.16.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-2.6.32-696.16.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-debuginfo-2.6.32-696.16.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-devel-2.6.32-696.16.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perf-2.6.32-696.16.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perf-2.6.32-696.16.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perf-2.6.32-696.16.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perf-debuginfo-2.6.32-696.16.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perf-debuginfo-2.6.32-696.16.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perf-debuginfo-2.6.32-696.16.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"python-perf-2.6.32-696.16.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"python-perf-2.6.32-696.16.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"python-perf-2.6.32-696.16.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"python-perf-debuginfo-2.6.32-696.16.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"python-perf-debuginfo-2.6.32-696.16.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-2.6.32-696.16.1.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-21T14:18:34", "description": "The openSUSE Leap 42.3 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2017-1000111: Fixed a race condition in net-packet code that could be exploited to cause out-of-bounds memory access (bsc#1052365).\n\n - CVE-2017-1000112: Fixed a race condition in net-packet code that could have been exploited by unprivileged users to gain root access. (bsc#1052311).\n\n - CVE-2017-8831: The saa7164_bus_get function in drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact by changing a certain sequence-number value, aka a 'double fetch' vulnerability (bnc#1037994).\n\nThe following non-security bugs were fixed :\n\n - acpi/nfit: Add support of NVDIMM memory error notification in ACPI 6.2 (bsc#1052325).\n\n - acpi/nfit: Issue Start ARS to retrieve existing records (bsc#1052325).\n\n - bcache: force trigger gc (bsc#1038078).\n\n - bcache: only recovery I/O error for writethrough mode (bsc#1043652).\n\n - block: do not allow updates through sysfs until registration completes (bsc#1047027).\n\n - config: disable CONFIG_RT_GROUP_SCHED (bsc#1052204).\n\n - drivers: hv: : As a bandaid, increase HV_UTIL_TIMEOUT from 30 to 60 seconds (bnc#1039153)\n\n - drivers: hv: Fix a typo (fate#320485).\n\n - drivers: hv: util: Make hv_poll_channel() a little more efficient (fate#320485).\n\n - drivers: hv: vmbus: Close timing hole that can corrupt per-cpu page (fate#320485).\n\n - drivers: hv: vmbus: Fix error code returned by vmbus_post_msg() (fate#320485).\n\n - Fix kABI breakage with CONFIG_RT_GROUP_SCHED=n (bsc#1052204).\n\n - hv_netvsc: change netvsc device default duplex to FULL (fate#320485).\n\n - hv_netvsc: Fix the carrier state error when data path is off (fate#320485).\n\n - hv_netvsc: Remove unnecessary var link_state from struct netvsc_device_info (fate#320485).\n\n - hyperv: fix warning about missing prototype (fate#320485).\n\n - hyperv: netvsc: Neaten netvsc_send_pkt by using a temporary (fate#320485).\n\n - hyperv: remove unnecessary return variable (fate#320485).\n\n - i40e/i40evf: Fix use after free in Rx cleanup path (bsc#1051689).\n\n - IB/hfi1: Wait for QSFP modules to initialize (bsc#1019151).\n\n - ibmvnic: Check for transport event on driver resume (bsc#1051556, bsc#1052709).\n\n - ibmvnic: Initialize SCRQ's during login renegotiation (bsc#1052223).\n\n - ibmvnic: Report rx buffer return codes as netdev_dbg (bsc#1052794).\n\n - iommu/amd: Enable ga_log_intr when enabling guest_mode (bsc1052533).\n\n - iommu/amd: Fix schedule-while-atomic BUG in initialization code (bsc1052533).\n\n - KABI protect struct acpi_nfit_desc (bsc#1052325).\n\n - kabi/severities: add drivers/scsi/hisi_sas to kabi severities\n\n - libnvdimm: fix badblock range handling of ARS range (bsc#1023175).\n\n - libnvdimm, pmem: fix a NULL pointer BUG in nd_pmem_notify (bsc#1023175).\n\n - net: add netdev_lockdep_set_classes() helper (fate#320485).\n\n - net: hyperv: use new api ethtool_(get|set)_link_ksettings (fate#320485).\n\n - net/mlx4_core: Fixes missing capability bit in flags2 capability dump (bsc#1015337).\n\n - net/mlx4_core: Fix namespace misalignment in QinQ VST support commit (bsc#1015337).\n\n - net/mlx4_core: Fix sl_to_vl_change bit offset in flags2 dump (bsc#1015337).\n\n - netsvc: Remove upstream commit e14b4db7a567 netvsc: fix race during initialization will be replaced by following changes\n\n - netsvc: Revert 'netvsc: optimize calculation of number of slots' (fate#320485).\n\n - netvsc: add comments about callback's and NAPI (fate#320485).\n\n - netvsc: Add #include's for csum_* function declarations (fate#320485).\n\n - netvsc: add rtnl annotations in rndis (fate#320485).\n\n - netvsc: add some rtnl_dereference annotations (fate#320485).\n\n - netvsc: avoid race with callback (fate#320485).\n\n - netvsc: change logic for change mtu and set_queues (fate#320485).\n\n - netvsc: change max channel calculation (fate#320485).\n\n - netvsc: change order of steps in setting queues (fate#320485).\n\n - netvsc: Deal with rescinded channels correctly (fate#320485).\n\n - netvsc: do not access netdev->num_rx_queues directly (fate#320485).\n\n - netvsc: do not overload variable in same function (fate#320485).\n\n - netvsc: do not print pointer value in error message (fate#320485).\n\n - netvsc: eliminate unnecessary skb == NULL checks (fate#320485).\n\n - netvsc: enable GRO (fate#320485).\n\n - netvsc: Fix a bug in sub-channel handling (fate#320485).\n\n - netvsc: fix and cleanup rndis_filter_set_packet_filter (fate#320485).\n\n - netvsc: fix calculation of available send sections (fate#320485).\n\n - netvsc: fix dereference before null check errors (fate#320485).\n\n - netvsc: fix error unwind on device setup failure (fate#320485).\n\n - netvsc: fix hang on netvsc module removal (fate#320485).\n\n - netvsc: fix NAPI performance regression (fate#320485).\n\n - netvsc: fix net poll mode (fate#320485).\n\n - netvsc: fix netvsc_set_channels (fate#320485).\n\n - netvsc: fix ptr_ret.cocci warnings (fate#320485).\n\n - netvsc: fix rcu dereference warning from ethtool (fate#320485).\n\n - netvsc: fix RCU warning in get_stats (fate#320485).\n\n - netvsc: fix return value for set_channels (fate#320485).\n\n - netvsc: fix rtnl deadlock on unregister of vf (fate#320485, bsc#1052442).\n\n - netvsc: fix use after free on module removal (fate#320485).\n\n - netvsc: fix warnings reported by lockdep (fate#320485).\n\n - netvsc: fold in get_outbound_net_device (fate#320485).\n\n - netvsc: force link update after MTU change (fate#320485).\n\n - netvsc: handle offline mtu and channel change (fate#320485).\n\n - netvsc: implement NAPI (fate#320485).\n\n - netvsc: include rtnetlink.h (fate#320485).\n\n - netvsc: Initialize all channel related state prior to opening the channel (fate#320485).\n\n - netvsc: make sure and unregister datapath (fate#320485, bsc#1052899).\n\n - netvsc: make sure napi enabled before vmbus_open (fate#320485).\n\n - netvsc: mark error cases as unlikely (fate#320485).\n\n - netvsc: move filter setting to rndis_device (fate#320485).\n\n - netvsc: need napi scheduled during removal (fate#320485).\n\n - netvsc: need rcu_derefence when accessing internal device info (fate#320485).\n\n - netvsc: optimize calculation of number of slots (fate#320485).\n\n - netvsc: optimize receive completions (fate#320485).\n\n - netvsc: pass net_device to netvsc_init_buf and netvsc_connect_vsp (fate#320485).\n\n - netvsc: prefetch the first incoming ring element (fate#320485).\n\n - netvsc: Properly initialize the return value (fate#320485).\n\n - netvsc: remove bogus rtnl_unlock (fate#320485).\n\n - netvsc: remove no longer used max_num_rss queues (fate#320485).\n\n - netvsc: Remove redundant use of ipv6_hdr() (fate#320485).\n\n - netvsc: remove unnecessary indirection of page_buffer (fate#320485).\n\n - netvsc: remove unnecessary lock on shutdown (fate#320485).\n\n - netvsc: remove unused #define (fate#320485).\n\n - netvsc: replace netdev_alloc_skb_ip_align with napi_alloc_skb (fate#320485).\n\n - netvsc: save pointer to parent netvsc_device in channel table (fate#320485).\n\n - netvsc: signal host if receive ring is emptied (fate#320485).\n\n - netvsc: transparent VF management (fate#320485, bsc#1051979).\n\n - netvsc: use ERR_PTR to avoid dereference issues (fate#320485).\n\n - netvsc: use hv_get_bytes_to_read (fate#320485).\n\n - netvsc: use napi_consume_skb (fate#320485).\n\n - netvsc: use RCU to protect inner device structure (fate#320485).\n\n - netvsc: uses RCU instead of removal flag (fate#320485).\n\n - netvsc: use typed pointer for internal state (fate#320485).\n\n - nvme: fabrics commands should use the fctype field for data direction (bsc#1043805).\n\n - powerpc/perf: Fix SDAR_MODE value for continous sampling on Power9 (bsc#1053043 (git-fixes)).\n\n - powerpc/tm: Fix saving of TM SPRs in core dump (fate#318470, git-fixes 08e1c01d6aed).\n\n - qeth: fix L3 next-hop im xmit qeth hdr (bnc#1052773, LTC#157374).\n\n - rdma/bnxt_re: checking for NULL instead of IS_ERR() (bsc#1052925).\n\n - scsi: aacraid: fix PCI error recovery path (bsc#1048912).\n\n - scsi_devinfo: fixup string compare (bsc#1037404).\n\n - scsi_dh_alua: suppress errors from unsupported devices (bsc#1038792).\n\n - scsi: hisi_sas: add pci_dev in hisi_hba struct (bsc#1049298).\n\n - scsi: hisi_sas: add v2 hw internal abort timeout workaround (bsc#1049298).\n\n - scsi: hisi_sas: controller reset for multi-bits ECC and AXI fatal errors (bsc#1049298).\n\n - scsi: hisi_sas: fix NULL deference when TMF timeouts (bsc#1049298).\n\n - scsi: hisi_sas: fix timeout check in hisi_sas_internal_task_abort() (bsc#1049298).\n\n - scsi: hisi_sas: optimise DMA slot memory (bsc#1049298).\n\n - scsi: hisi_sas: optimise the usage of hisi_hba.lock (bsc#1049298).\n\n - scsi: hisi_sas: relocate get_ata_protocol() (bsc#1049298).\n\n - scsi: hisi_sas: workaround a SoC SATA IO processing bug (bsc#1049298).\n\n - scsi: hisi_sas: workaround SoC about abort timeout bug (bsc#1049298).\n\n - scsi: hisi_sas: workaround STP link SoC bug (bsc#1049298).\n\n - scsi: lpfc: do not double count abort errors (bsc#1048912).\n\n - scsi: lpfc: fix linking against modular NVMe support (bsc#1048912).\n\n - scsi: qedi: Fix return code in qedi_ep_connect() (bsc#1048912).\n\n - scsi: storvsc: Prefer kcalloc over kzalloc with multiply (fate#320485).\n\n - scsi: storvsc: remove return at end of void function (fate#320485).\n\n - tools: hv: Add clean up for included files in Ubuntu net config (fate#320485).\n\n - tools: hv: Add clean up function for Ubuntu config (fate#320485).\n\n - tools: hv: properly handle long paths (fate#320485).\n\n - tools: hv: set allow-hotplug for VF on Ubuntu (fate#320485).\n\n - tools: hv: set hotplug for VF on Suse (fate#320485).\n\n - tools: hv: vss: Thaw the filesystem and continue if freeze call has timed out (fate#320485).\n\n - vfs: fix missing inode_get_dev sites (bsc#1052049).\n\n - vmbus: cleanup header file style (fate#320485).\n\n - vmbus: expose debug info for drivers (fate#320485).\n\n - vmbus: fix spelling errors (fate#320485).\n\n - vmbus: introduce in-place packet iterator (fate#320485).\n\n - vmbus: only reschedule tasklet if time limit exceeded (fate#320485).\n\n - vmbus: re-enable channel tasklet (fate#320485).\n\n - vmbus: remove unnecessary initialization (fate#320485).\n\n - vmbus: remove useless return's (fate#320485).\n\n - x86/dmi: Switch dmi_remap() from ioremap() to ioremap_cache() (bsc#1051399).\n\n - x86/hyperv: Check frequency MSRs presence according to the specification (fate#320485).\n\n - The package release number was increased to be higher than the Leap 42.2 package (boo#1053531).", "cvss3": {}, "published": "2017-08-16T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2017-930)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000111", "CVE-2017-1000112", "CVE-2017-8831"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-docs-html", "p-cpe:/a:novell:opensuse:kernel-docs-pdf", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-base", "p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2017-930.NASL", "href": "https://www.tenable.com/plugins/nessus/102510", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-930.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102510);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-1000111\", \"CVE-2017-1000112\", \"CVE-2017-8831\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2017-930)\");\n script_summary(english:\"Check for the openSUSE-2017-930 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The openSUSE Leap 42.3 kernel was updated to receive various security\nand bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2017-1000111: Fixed a race condition in net-packet\n code that could be exploited to cause out-of-bounds\n memory access (bsc#1052365).\n\n - CVE-2017-1000112: Fixed a race condition in net-packet\n code that could have been exploited by unprivileged\n users to gain root access. (bsc#1052311).\n\n - CVE-2017-8831: The saa7164_bus_get function in\n drivers/media/pci/saa7164/saa7164-bus.c in the Linux\n kernel allowed local users to cause a denial of service\n (out-of-bounds array access) or possibly have\n unspecified other impact by changing a certain\n sequence-number value, aka a 'double fetch'\n vulnerability (bnc#1037994).\n\nThe following non-security bugs were fixed :\n\n - acpi/nfit: Add support of NVDIMM memory error\n notification in ACPI 6.2 (bsc#1052325).\n\n - acpi/nfit: Issue Start ARS to retrieve existing records\n (bsc#1052325).\n\n - bcache: force trigger gc (bsc#1038078).\n\n - bcache: only recovery I/O error for writethrough mode\n (bsc#1043652).\n\n - block: do not allow updates through sysfs until\n registration completes (bsc#1047027).\n\n - config: disable CONFIG_RT_GROUP_SCHED (bsc#1052204).\n\n - drivers: hv: : As a bandaid, increase HV_UTIL_TIMEOUT\n from 30 to 60 seconds (bnc#1039153)\n\n - drivers: hv: Fix a typo (fate#320485).\n\n - drivers: hv: util: Make hv_poll_channel() a little more\n efficient (fate#320485).\n\n - drivers: hv: vmbus: Close timing hole that can corrupt\n per-cpu page (fate#320485).\n\n - drivers: hv: vmbus: Fix error code returned by\n vmbus_post_msg() (fate#320485).\n\n - Fix kABI breakage with CONFIG_RT_GROUP_SCHED=n\n (bsc#1052204).\n\n - hv_netvsc: change netvsc device default duplex to FULL\n (fate#320485).\n\n - hv_netvsc: Fix the carrier state error when data path is\n off (fate#320485).\n\n - hv_netvsc: Remove unnecessary var link_state from struct\n netvsc_device_info (fate#320485).\n\n - hyperv: fix warning about missing prototype\n (fate#320485).\n\n - hyperv: netvsc: Neaten netvsc_send_pkt by using a\n temporary (fate#320485).\n\n - hyperv: remove unnecessary return variable\n (fate#320485).\n\n - i40e/i40evf: Fix use after free in Rx cleanup path\n (bsc#1051689).\n\n - IB/hfi1: Wait for QSFP modules to initialize\n (bsc#1019151).\n\n - ibmvnic: Check for transport event on driver resume\n (bsc#1051556, bsc#1052709).\n\n - ibmvnic: Initialize SCRQ's during login renegotiation\n (bsc#1052223).\n\n - ibmvnic: Report rx buffer return codes as netdev_dbg\n (bsc#1052794).\n\n - iommu/amd: Enable ga_log_intr when enabling guest_mode\n (bsc1052533).\n\n - iommu/amd: Fix schedule-while-atomic BUG in\n initialization code (bsc1052533).\n\n - KABI protect struct acpi_nfit_desc (bsc#1052325).\n\n - kabi/severities: add drivers/scsi/hisi_sas to kabi\n severities\n\n - libnvdimm: fix badblock range handling of ARS range\n (bsc#1023175).\n\n - libnvdimm, pmem: fix a NULL pointer BUG in\n nd_pmem_notify (bsc#1023175).\n\n - net: add netdev_lockdep_set_classes() helper\n (fate#320485).\n\n - net: hyperv: use new api\n ethtool_(get|set)_link_ksettings (fate#320485).\n\n - net/mlx4_core: Fixes missing capability bit in flags2\n capability dump (bsc#1015337).\n\n - net/mlx4_core: Fix namespace misalignment in QinQ VST\n support commit (bsc#1015337).\n\n - net/mlx4_core: Fix sl_to_vl_change bit offset in flags2\n dump (bsc#1015337).\n\n - netsvc: Remove upstream commit e14b4db7a567 netvsc: fix\n race during initialization will be replaced by following\n changes\n\n - netsvc: Revert 'netvsc: optimize calculation of number\n of slots' (fate#320485).\n\n - netvsc: add comments about callback's and NAPI\n (fate#320485).\n\n - netvsc: Add #include's for csum_* function declarations\n (fate#320485).\n\n - netvsc: add rtnl annotations in rndis (fate#320485).\n\n - netvsc: add some rtnl_dereference annotations\n (fate#320485).\n\n - netvsc: avoid race with callback (fate#320485).\n\n - netvsc: change logic for change mtu and set_queues\n (fate#320485).\n\n - netvsc: change max channel calculation (fate#320485).\n\n - netvsc: change order of steps in setting queues\n (fate#320485).\n\n - netvsc: Deal with rescinded channels correctly\n (fate#320485).\n\n - netvsc: do not access netdev->num_rx_queues directly\n (fate#320485).\n\n - netvsc: do not overload variable in same function\n (fate#320485).\n\n - netvsc: do not print pointer value in error message\n (fate#320485).\n\n - netvsc: eliminate unnecessary skb == NULL checks\n (fate#320485).\n\n - netvsc: enable GRO (fate#320485).\n\n - netvsc: Fix a bug in sub-channel handling (fate#320485).\n\n - netvsc: fix and cleanup rndis_filter_set_packet_filter\n (fate#320485).\n\n - netvsc: fix calculation of available send sections\n (fate#320485).\n\n - netvsc: fix dereference before null check errors\n (fate#320485).\n\n - netvsc: fix error unwind on device setup failure\n (fate#320485).\n\n - netvsc: fix hang on netvsc module removal (fate#320485).\n\n - netvsc: fix NAPI performance regression (fate#320485).\n\n - netvsc: fix net poll mode (fate#320485).\n\n - netvsc: fix netvsc_set_channels (fate#320485).\n\n - netvsc: fix ptr_ret.cocci warnings (fate#320485).\n\n - netvsc: fix rcu dereference warning from ethtool\n (fate#320485).\n\n - netvsc: fix RCU warning in get_stats (fate#320485).\n\n - netvsc: fix return value for set_channels (fate#320485).\n\n - netvsc: fix rtnl deadlock on unregister of vf\n (fate#320485, bsc#1052442).\n\n - netvsc: fix use after free on module removal\n (fate#320485).\n\n - netvsc: fix warnings reported by lockdep (fate#320485).\n\n - netvsc: fold in get_outbound_net_device (fate#320485).\n\n - netvsc: force link update after MTU change\n (fate#320485).\n\n - netvsc: handle offline mtu and channel change\n (fate#320485).\n\n - netvsc: implement NAPI (fate#320485).\n\n - netvsc: include rtnetlink.h (fate#320485).\n\n - netvsc: Initialize all channel related state prior to\n opening the channel (fate#320485).\n\n - netvsc: make sure and unregister datapath (fate#320485,\n bsc#1052899).\n\n - netvsc: make sure napi enabled before vmbus_open\n (fate#320485).\n\n - netvsc: mark error cases as unlikely (fate#320485).\n\n - netvsc: move filter setting to rndis_device\n (fate#320485).\n\n - netvsc: need napi scheduled during removal\n (fate#320485).\n\n - netvsc: need rcu_derefence when accessing internal\n device info (fate#320485).\n\n - netvsc: optimize calculation of number of slots\n (fate#320485).\n\n - netvsc: optimize receive completions (fate#320485).\n\n - netvsc: pass net_device to netvsc_init_buf and\n netvsc_connect_vsp (fate#320485).\n\n - netvsc: prefetch the first incoming ring element\n (fate#320485).\n\n - netvsc: Properly initialize the return value\n (fate#320485).\n\n - netvsc: remove bogus rtnl_unlock (fate#320485).\n\n - netvsc: remove no longer used max_num_rss queues\n (fate#320485).\n\n - netvsc: Remove redundant use of ipv6_hdr()\n (fate#320485).\n\n - netvsc: remove unnecessary indirection of page_buffer\n (fate#320485).\n\n - netvsc: remove unnecessary lock on shutdown\n (fate#320485).\n\n - netvsc: remove unused #define (fate#320485).\n\n - netvsc: replace netdev_alloc_skb_ip_align with\n napi_alloc_skb (fate#320485).\n\n - netvsc: save pointer to parent netvsc_device in channel\n table (fate#320485).\n\n - netvsc: signal host if receive ring is emptied\n (fate#320485).\n\n - netvsc: transparent VF management (fate#320485,\n bsc#1051979).\n\n - netvsc: use ERR_PTR to avoid dereference issues\n (fate#320485).\n\n - netvsc: use hv_get_bytes_to_read (fate#320485).\n\n - netvsc: use napi_consume_skb (fate#320485).\n\n - netvsc: use RCU to protect inner device structure\n (fate#320485).\n\n - netvsc: uses RCU instead of removal flag (fate#320485).\n\n - netvsc: use typed pointer for internal state\n (fate#320485).\n\n - nvme: fabrics commands should use the fctype field for\n data direction (bsc#1043805).\n\n - powerpc/perf: Fix SDAR_MODE value for continous sampling\n on Power9 (bsc#1053043 (git-fixes)).\n\n - powerpc/tm: Fix saving of TM SPRs in core dump\n (fate#318470, git-fixes 08e1c01d6aed).\n\n - qeth: fix L3 next-hop im xmit qeth hdr (bnc#1052773,\n LTC#157374).\n\n - rdma/bnxt_re: checking for NULL instead of IS_ERR()\n (bsc#1052925).\n\n - scsi: aacraid: fix PCI error recovery path\n (bsc#1048912).\n\n - scsi_devinfo: fixup string compare (bsc#1037404).\n\n - scsi_dh_alua: suppress errors from unsupported devices\n (bsc#1038792).\n\n - scsi: hisi_sas: add pci_dev in hisi_hba struct\n (bsc#1049298).\n\n - scsi: hisi_sas: add v2 hw internal abort timeout\n workaround (bsc#1049298).\n\n - scsi: hisi_sas: controller reset for multi-bits ECC and\n AXI fatal errors (bsc#1049298).\n\n - scsi: hisi_sas: fix NULL deference when TMF timeouts\n (bsc#1049298).\n\n - scsi: hisi_sas: fix timeout check in\n hisi_sas_internal_task_abort() (bsc#1049298).\n\n - scsi: hisi_sas: optimise DMA slot memory (bsc#1049298).\n\n - scsi: hisi_sas: optimise the usage of hisi_hba.lock\n (bsc#1049298).\n\n - scsi: hisi_sas: relocate get_ata_protocol()\n (bsc#1049298).\n\n - scsi: hisi_sas: workaround a SoC SATA IO processing bug\n (bsc#1049298).\n\n - scsi: hisi_sas: workaround SoC about abort timeout bug\n (bsc#1049298).\n\n - scsi: hisi_sas: workaround STP link SoC bug\n (bsc#1049298).\n\n - scsi: lpfc: do not double count abort errors\n (bsc#1048912).\n\n - scsi: lpfc: fix linking against modular NVMe support\n (bsc#1048912).\n\n - scsi: qedi: Fix return code in qedi_ep_connect()\n (bsc#1048912).\n\n - scsi: storvsc: Prefer kcalloc over kzalloc with multiply\n (fate#320485).\n\n - scsi: storvsc: remove return at end of void function\n (fate#320485).\n\n - tools: hv: Add clean up for included files in Ubuntu net\n config (fate#320485).\n\n - tools: hv: Add clean up function for Ubuntu config\n (fate#320485).\n\n - tools: hv: properly handle long paths (fate#320485).\n\n - tools: hv: set allow-hotplug for VF on Ubuntu\n (fate#320485).\n\n - tools: hv: set hotplug for VF on Suse (fate#320485).\n\n - tools: hv: vss: Thaw the filesystem and continue if\n freeze call has timed out (fate#320485).\n\n - vfs: fix missing inode_get_dev sites (bsc#1052049).\n\n - vmbus: cleanup header file style (fate#320485).\n\n - vmbus: expose debug info for drivers (fate#320485).\n\n - vmbus: fix spelling errors (fate#320485).\n\n - vmbus: introduce in-place packet iterator (fate#320485).\n\n - vmbus: only reschedule tasklet if time limit exceeded\n (fate#320485).\n\n - vmbus: re-enable channel tasklet (fate#320485).\n\n - vmbus: remove unnecessary initialization (fate#320485).\n\n - vmbus: remove useless return's (fate#320485).\n\n - x86/dmi: Switch dmi_remap() from ioremap() to\n ioremap_cache() (bsc#1051399).\n\n - x86/hyperv: Check frequency MSRs presence according to\n the specification (fate#320485).\n\n - The package release number was increased to be higher\n than the Leap 42.2 package (boo#1053531).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1015337\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1019151\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1023175\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1037404\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1037994\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1038078\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1038792\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1039153\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1043652\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1043805\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1047027\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1048912\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1049298\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1051399\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1051556\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1051689\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1051979\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052049\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052204\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052223\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052311\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052325\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052365\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052442\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052533\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052709\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052773\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052794\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052899\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052925\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1053043\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1053531\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected the Linux Kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux Kernel UDP Fragmentation Offset (UFO) Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-pdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-4.4.79-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-base-4.4.79-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-base-debuginfo-4.4.79-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-debuginfo-4.4.79-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-debugsource-4.4.79-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-devel-4.4.79-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-devel-debuginfo-4.4.79-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-default-4.4.79-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-default-base-4.4.79-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-default-base-debuginfo-4.4.79-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-default-debuginfo-4.4.79-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-default-debugsource-4.4.79-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-default-devel-4.4.79-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-devel-4.4.79-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-docs-html-4.4.79-19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-docs-pdf-4.4.79-19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-macros-4.4.79-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-obs-build-4.4.79-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-obs-build-debugsource-4.4.79-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-obs-qa-4.4.79-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-source-4.4.79-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-source-vanilla-4.4.79-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-syms-4.4.79-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-vanilla-4.4.79-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-vanilla-base-4.4.79-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-vanilla-base-debuginfo-4.4.79-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-vanilla-debuginfo-4.4.79-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-vanilla-debugsource-4.4.79-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-vanilla-devel-4.4.79-19.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-devel / kernel-macros / kernel-source / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:17:15", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be 'jumped' over (the stack guard page is bypassed), this affects Linux Kernel versions 4.11.5 and earlier (the stackguard page was introduced in 2010).(CVE-2017-1000364)\n\n - The make_response function in drivers/block/xen-blkback/blkback.c in the Linux kernel before 4.11.8 allows guest OS users to obtain sensitive information from host OS (or other guest OS) kernel memory by leveraging the copying of uninitialized padding fields in Xen block-interface response structures, aka XSA-216.(CVE-2017-10911)\n\n - Multiple race conditions in the ext4 filesystem implementation in the Linux kernel before 4.5 allow local users to cause a denial of service (disk corruption) by writing to a page that is associated with a different user's file after unsynchronized hole punching and page-fault handling.(CVE-2015-8839)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-08-08T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : kernel (EulerOS-SA-2017-1155)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8839", "CVE-2017-1000364", "CVE-2017-10911"], "modified": "2021-01-06T00:00:00", "cpe": ["cpe:/o:huawei:euleros:2.0", "p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-debug", "p-cpe:/a:huawei:euleros:kernel-debuginfo", "p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "p-cpe:/a:huawei:euleros:kernel-debug-devel"], "id": "EULEROS_SA-2017-1155.NASL", "href": "https://www.tenable.com/plugins/nessus/102242", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102242);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2015-8839\",\n \"CVE-2017-1000364\",\n \"CVE-2017-10911\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : kernel (EulerOS-SA-2017-1155)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - An issue was discovered in the size of the stack guard\n page on Linux, specifically a 4k stack guard page is\n not sufficiently large and can be 'jumped' over (the\n stack guard page is bypassed), this affects Linux\n Kernel versions 4.11.5 and earlier (the stackguard page\n was introduced in 2010).(CVE-2017-1000364)\n\n - The make_response function in\n drivers/block/xen-blkback/blkback.c in the Linux kernel\n before 4.11.8 allows guest OS users to obtain sensitive\n information from host OS (or other guest OS) kernel\n memory by leveraging the copying of uninitialized\n padding fields in Xen block-interface response\n structures, aka XSA-216.(CVE-2017-10911)\n\n - Multiple race conditions in the ext4 filesystem\n implementation in the Linux kernel before 4.5 allow\n local users to cause a denial of service (disk\n corruption) by writing to a page that is associated\n with a different user's file after unsynchronized hole\n punching and page-fault handling.(CVE-2015-8839)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1155\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f563fb84\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'rsh_stack_clash_priv_esc.rb');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-327.55.58.94.h9\",\n \"kernel-debug-3.10.0-327.55.58.94.h9\",\n \"kernel-debug-devel-3.10.0-327.55.58.94.h9\",\n \"kernel-debuginfo-3.10.0-327.55.58.94.h9\",\n \"kernel-debuginfo-common-x86_64-3.10.0-327.55.58.94.h9\",\n \"kernel-devel-3.10.0-327.55.58.94.h9\",\n \"kernel-headers-3.10.0-327.55.58.94.h9\",\n \"kernel-tools-3.10.0-327.55.58.94.h9\",\n \"kernel-tools-libs-3.10.0-327.55.58.94.h9\",\n \"perf-3.10.0-327.55.58.94.h9\",\n \"python-perf-3.10.0-327.55.58.94.h9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:16:43", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be 'jumped' over (the stack guard page is bypassed), this affects Linux Kernel versions 4.11.5 and earlier (the stackguard page was introduced in 2010).(CVE-2017-1000364)\n\n - The make_response function in drivers/block/xen-blkback/blkback.c in the Linux kernel before 4.11.8 allows guest OS users to obtain sensitive information from host OS (or other guest OS) kernel memory by leveraging the copying of uninitialized padding fields in Xen block-interface response structures, aka XSA-216.(CVE-2017-10911)\n\n - Multiple race conditions in the ext4 filesystem implementation in the Linux kernel before 4.5 allow local users to cause a denial of service (disk corruption) by writing to a page that is associated with a different user's file after unsynchronized hole punching and page-fault handling.(CVE-2015-8839)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-08-08T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP1 : kernel (EulerOS-SA-2017-1154)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8839", "CVE-2017-1000364", "CVE-2017-10911"], "modified": "2021-01-06T00:00:00", "cpe": ["cpe:/o:huawei:euleros:2.0", "p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-debug", "p-cpe:/a:huawei:euleros:kernel-debuginfo", "p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf"], "id": "EULEROS_SA-2017-1154.NASL", "href": "https://www.tenable.com/plugins/nessus/102241", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102241);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2015-8839\",\n \"CVE-2017-1000364\",\n \"CVE-2017-10911\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : kernel (EulerOS-SA-2017-1154)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - An issue was discovered in the size of the stack guard\n page on Linux, specifically a 4k stack guard page is\n not sufficiently large and can be 'jumped' over (the\n stack guard page is bypassed), this affects Linux\n Kernel versions 4.11.5 and earlier (the stackguard page\n was introduced in 2010).(CVE-2017-1000364)\n\n - The make_response function in\n drivers/block/xen-blkback/blkback.c in the Linux kernel\n before 4.11.8 allows guest OS users to obtain sensitive\n information from host OS (or other guest OS) kernel\n memory by leveraging the copying of uninitialized\n padding fields in Xen block-interface response\n structures, aka XSA-216.(CVE-2017-10911)\n\n - Multiple race conditions in the ext4 filesystem\n implementation in the Linux kernel before 4.5 allow\n local users to cause a denial of service (disk\n corruption) by writing to a page that is associated\n with a different user's file after unsynchronized hole\n punching and page-fault handling.(CVE-2015-8839)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1154\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?63dbe3aa\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'rsh_stack_clash_priv_esc.rb');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-229.49.1.138\",\n \"kernel-debug-3.10.0-229.49.1.138\",\n \"kernel-debuginfo-3.10.0-229.49.1.138\",\n \"kernel-debuginfo-common-x86_64-3.10.0-229.49.1.138\",\n \"kernel-devel-3.10.0-229.49.1.138\",\n \"kernel-headers-3.10.0-229.49.1.138\",\n \"kernel-tools-3.10.0-229.49.1.138\",\n \"kernel-tools-libs-3.10.0-229.49.1.138\",\n \"perf-3.10.0-229.49.1.138\",\n \"python-perf-3.10.0-229.49.1.138\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-04T14:36:13", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.\n\n - CVE-2017-7346 Li Qiang discovered that the DRM driver for VMware virtual GPUs does not properly check user-controlled values in the vmw_surface_define_ioctl() functions for upper limits. A local user can take advantage of this flaw to cause a denial of service.\n\n - CVE-2017-7482 Shi Lei discovered that RxRPC Kerberos 5 ticket handling code does not properly verify metadata, leading to information disclosure, denial of service or potentially execution of arbitrary code.\n\n - CVE-2017-7533 Fan Wu and Shixiong Zhao discovered a race condition between inotify events and VFS rename operations allowing an unprivileged local attacker to cause a denial of service or escalate privileges.\n\n - CVE-2017-7541 A buffer overflow flaw in the Broadcom IEEE802.11n PCIe SoftMAC WLAN driver could allow a local user to cause kernel memory corruption, leading to a denial of service or potentially privilege escalation.\n\n - CVE-2017-7542 An integer overflow vulnerability in the ip6_find_1stfragopt() function was found allowing a local attacker with privileges to open raw sockets to cause a denial of service.\n\n - CVE-2017-9605 Murray McAllister discovered that the DRM driver for VMware virtual GPUs does not properly initialize memory, potentially allowing a local attacker to obtain sensitive information from uninitialized kernel memory via a crafted ioctl call.\n\n - CVE-2017-10810 Li Qiang discovered a memory leak flaw within the VirtIO GPU driver resulting in denial of service (memory consumption).\n\n - CVE-2017-10911 / XSA-216 Anthony Perard of Citrix discovered an information leak flaw in Xen blkif response handling, allowing a malicious unprivileged guest to obtain sensitive information from the host or other guests.\n\n - CVE-2017-11176 It was discovered that the mq_notify() function does not set the sock pointer to NULL upon entry into the retry logic. An attacker can take advantage of this flaw during a user-space close of a Netlink socket to cause a denial of service or potentially cause other impact.\n\n - CVE-2017-1000365 It was discovered that argument and environment pointers are not taken properly into account to the imposed size restrictions on arguments and environmental strings passed through RLIMIT_STACK/RLIMIT_INFINITY. A local attacker can take advantage of this flaw in conjunction with other flaws to execute arbitrary code.", "cvss3": {}, "published": "2017-08-07T00:00:00", "type": "nessus", "title": "Debian DSA-3927-1 : linux - security update (Stack Clash)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000365", "CVE-2017-10810", "CVE-2017-10911", "CVE-2017-11176", "CVE-2017-7346", "CVE-2017-7482", "CVE-2017-7533", "CVE-2017-7541", "CVE-2017-7542", "CVE-2017-9605"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:linux", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-3927.NASL", "href": "https://www.tenable.com/plugins/nessus/102211", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3927. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102211);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-1000365\", \"CVE-2017-10810\", \"CVE-2017-10911\", \"CVE-2017-11176\", \"CVE-2017-7346\", \"CVE-2017-7482\", \"CVE-2017-7533\", \"CVE-2017-7541\", \"CVE-2017-7542\", \"CVE-2017-9605\");\n script_xref(name:\"DSA\", value:\"3927\");\n\n script_name(english:\"Debian DSA-3927-1 : linux - security update (Stack Clash)\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\n - CVE-2017-7346\n Li Qiang discovered that the DRM driver for VMware\n virtual GPUs does not properly check user-controlled\n values in the vmw_surface_define_ioctl() functions for\n upper limits. A local user can take advantage of this\n flaw to cause a denial of service.\n\n - CVE-2017-7482\n Shi Lei discovered that RxRPC Kerberos 5 ticket handling\n code does not properly verify metadata, leading to\n information disclosure, denial of service or potentially\n execution of arbitrary code.\n\n - CVE-2017-7533\n Fan Wu and Shixiong Zhao discovered a race condition\n between inotify events and VFS rename operations\n allowing an unprivileged local attacker to cause a\n denial of service or escalate privileges.\n\n - CVE-2017-7541\n A buffer overflow flaw in the Broadcom IEEE802.11n PCIe\n SoftMAC WLAN driver could allow a local user to cause\n kernel memory corruption, leading to a denial of service\n or potentially privilege escalation.\n\n - CVE-2017-7542\n An integer overflow vulnerability in the\n ip6_find_1stfragopt() function was found allowing a\n local attacker with privileges to open raw sockets to\n cause a denial of service.\n\n - CVE-2017-9605\n Murray McAllister discovered that the DRM driver for\n VMware virtual GPUs does not properly initialize memory,\n potentially allowing a local attacker to obtain\n sensitive information from uninitialized kernel memory\n via a crafted ioctl call.\n\n - CVE-2017-10810\n Li Qiang discovered a memory leak flaw within the VirtIO\n GPU driver resulting in denial of service (memory\n consumption).\n\n - CVE-2017-10911 / XSA-216\n Anthony Perard of Citrix discovered an information leak\n flaw in Xen blkif response handling, allowing a\n malicious unprivileged guest to obtain sensitive\n information from the host or other guests.\n\n - CVE-2017-11176\n It was discovered that the mq_notify() function does not\n set the sock pointer to NULL upon entry into the retry\n logic. An attacker can take advantage of this flaw\n during a user-space close of a Netlink socket to cause a\n denial of service or potentially cause other impact.\n\n - CVE-2017-1000365\n It was discovered that argument and environment pointers\n are not taken properly into account to the imposed size\n restrictions on arguments and environmental strings\n passed through RLIMIT_STACK/RLIMIT_INFINITY. A local\n attacker can take advantage of this flaw in conjunction\n with other flaws to execute arbitrary code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-7346\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-7482\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-7533\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-7541\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-7542\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-9605\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-10810\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-10911\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://xenbits.xen.org/xsa/advisory-216.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-11176\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-1000365\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/linux\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2017/dsa-3927\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the linux packages.\n\nFor the oldstable distribution (jessie), these problems will be fixed\nin a subsequent DSA.\n\nFor the stable distribution (stretch), these problems have been fixed\nin version 4.9.30-2+deb9u3.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/07\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"hyperv-daemons\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcpupower-dev\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcpupower1\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libusbip-dev\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-compiler-gcc-6-arm\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-compiler-gcc-6-s390\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-compiler-gcc-6-x86\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-cpupower\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-doc-4.9\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-4kc-malta\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-5kc-malta\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-686\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-686-pae\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-amd64\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-arm64\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-armel\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-armhf\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-i386\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-mips\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-mips64el\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-mipsel\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-ppc64el\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-s390x\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-amd64\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-arm64\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-armmp\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-armmp-lpae\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-common\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-common-rt\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-loongson-3\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-marvell\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-octeon\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-powerpc64le\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-rt-686-pae\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-rt-amd64\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-s390x\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-4kc-malta\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-4kc-malta-dbg\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-5kc-malta\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-5kc-malta-dbg\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686-dbg\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686-pae\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686-pae-dbg\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-amd64\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-amd64-dbg\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-arm64\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-arm64-dbg\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp-dbg\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp-lpae\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp-lpae-dbg\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-loongson-3\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-loongson-3-dbg\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-marvell\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-marvell-dbg\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-octeon\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-octeon-dbg\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-powerpc64le\", referenc
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1498)
