ID OPENVAS:841176 Type openvas Reporter Copyright (c) 2012 Greenbone Networks GmbH Modified 2017-12-01T00:00:00
Description
Ubuntu Update for Linux kernel vulnerabilities USN-1597-1
###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_ubuntu_USN_1597_1.nasl 7960 2017-12-01 06:58:16Z santu $
#
# Ubuntu Update for linux-ec2 USN-1597-1
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
include("revisions-lib.inc");
tag_insight = "A flaw was found in how the Linux kernel passed the replacement session
keyring to a child process. An unprivileged local user could exploit this
flaw to cause a denial of service (panic).";
tag_summary = "Ubuntu Update for Linux kernel vulnerabilities USN-1597-1";
tag_affected = "linux-ec2 on Ubuntu 10.04 LTS";
tag_solution = "Please Install the Updated Packages.";
if(description)
{
script_xref(name: "URL" , value: "http://www.ubuntu.com/usn/usn-1597-1/");
script_id(841176);
script_version("$Revision: 7960 $");
script_tag(name:"last_modification", value:"$Date: 2017-12-01 07:58:16 +0100 (Fri, 01 Dec 2017) $");
script_tag(name:"creation_date", value:"2012-10-05 09:45:32 +0530 (Fri, 05 Oct 2012)");
script_cve_id("CVE-2012-2745");
script_tag(name:"cvss_base", value:"4.7");
script_tag(name:"cvss_base_vector", value:"AV:L/AC:M/Au:N/C:N/I:N/A:C");
script_xref(name: "USN", value: "1597-1");
script_name("Ubuntu Update for linux-ec2 USN-1597-1");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
script_family("Ubuntu Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/ubuntu_linux", "ssh/login/packages");
script_tag(name : "summary" , value : tag_summary);
script_tag(name : "affected" , value : tag_affected);
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "insight" , value : tag_insight);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("pkg-lib-deb.inc");
release = get_kb_item("ssh/login/release");
res = "";
if(release == NULL){
exit(0);
}
if(release == "UBUNTU10.04 LTS")
{
if ((res = isdpkgvuln(pkg:"linux-image-2.6.32-349-ec2", ver:"2.6.32-349.55", rls:"UBUNTU10.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
{"id": "OPENVAS:841176", "type": "openvas", "bulletinFamily": "scanner", "title": "Ubuntu Update for linux-ec2 USN-1597-1", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1597-1", "published": "2012-10-05T00:00:00", "modified": "2017-12-01T00:00:00", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=841176", "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "references": ["http://www.ubuntu.com/usn/usn-1597-1/", "1597-1"], "cvelist": ["CVE-2012-2745"], "lastseen": "2017-12-04T11:20:30", "viewCount": 2, "enchantments": {"score": {"value": 5.7, "vector": "NONE"}, "dependencies": {"references": [{"type": "centos", "idList": ["CESA-2012:1064"]}, {"type": "cve", "idList": ["CVE-2012-2745"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2012-2745"]}, {"type": "nessus", "idList": ["CENTOS_RHSA-2012-1064.NASL", "OPENSUSE-2013-176.NASL", "ORACLELINUX_ELSA-2012-1064.NASL", "ORACLELINUX_ELSA-2012-2025.NASL", "ORACLELINUX_ELSA-2012-2026.NASL", "REDHAT-RHSA-2012-1064.NASL", "SL_20120710_KERNEL_ON_SL6_X.NASL", "SUSE_11_KERNEL-121010.NASL", "SUSE_SU-2014-0287-1.NASL", "UBUNTU_USN-1448-1.NASL", "UBUNTU_USN-1452-1.NASL", "UBUNTU_USN-1455-1.NASL", "UBUNTU_USN-1567-1.NASL", "UBUNTU_USN-1574-1.NASL", "UBUNTU_USN-1597-1.NASL", "UBUNTU_USN-1606-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310123862", "OPENVAS:1361412562310123866", "OPENVAS:1361412562310123870", "OPENVAS:1361412562310841147", "OPENVAS:1361412562310841150", "OPENVAS:1361412562310841176", "OPENVAS:1361412562310841188", "OPENVAS:1361412562310850414", "OPENVAS:1361412562310870785", "OPENVAS:1361412562310881073", "OPENVAS:841147", "OPENVAS:841150", "OPENVAS:841188", "OPENVAS:850414", "OPENVAS:870785", "OPENVAS:881073"]}, {"type": "oraclelinux", "idList": ["ELSA-2012-1064", "ELSA-2012-2025", "ELSA-2012-2026"]}, {"type": "redhat", "idList": ["RHSA-2012:1064"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:28560", "SECURITYVULNS:VULN:12587"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2013:0396-1"]}, {"type": "ubuntu", "idList": ["USN-1448-1", "USN-1452-1", "USN-1455-1", "USN-1459-1", "USN-1460-1", "USN-1567-1", "USN-1574-1", "USN-1597-1", "USN-1606-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2012-2745"]}], "rev": 4}, "backreferences": {"references": [{"type": "centos", "idList": ["CESA-2012:1064"]}, {"type": "cve", "idList": ["CVE-2012-2745"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2012-2745"]}, {"type": "nessus", "idList": ["ORACLELINUX_ELSA-2012-1064.NASL", "UBUNTU_USN-1452-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310123862"]}, {"type": "oraclelinux", "idList": ["ELSA-2012-1064", "ELSA-2012-2025", "ELSA-2012-2026"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2013:0396-1"]}, {"type": "ubuntu", "idList": ["USN-1597-1"]}]}, "exploitation": null, "vulnersScore": 5.7}, "pluginID": "841176", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1597_1.nasl 7960 2017-12-01 06:58:16Z santu $\n#\n# Ubuntu Update for linux-ec2 USN-1597-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A flaw was found in how the Linux kernel passed the replacement session\n keyring to a child process. An unprivileged local user could exploit this\n flaw to cause a denial of service (panic).\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1597-1\";\ntag_affected = \"linux-ec2 on Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1597-1/\");\n script_id(841176);\n script_version(\"$Revision: 7960 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:58:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-10-05 09:45:32 +0530 (Fri, 05 Oct 2012)\");\n script_cve_id(\"CVE-2012-2745\");\n script_tag(name:\"cvss_base\", value:\"4.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"USN\", value: \"1597-1\");\n script_name(\"Ubuntu Update for linux-ec2 USN-1597-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-349-ec2\", ver:\"2.6.32-349.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "naslFamily": "Ubuntu Local Security Checks", "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1647589307, "score": 0}}
{"ubuntu": [{"lastseen": "2022-01-04T13:02:32", "description": "A flaw was found in how the Linux kernel passed the replacement session \nkeyring to a child process. An unprivileged local user could exploit this \nflaw to cause a denial of service (panic).\n", "cvss3": {}, "published": "2012-10-05T00:00:00", "type": "ubuntu", "title": "Linux kernel (EC2) vulnerability", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.7, "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2745"], "modified": "2012-10-05T00:00:00", "id": "USN-1597-1", "href": "https://ubuntu.com/security/notices/USN-1597-1", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-01-04T13:02:24", "description": "A flaw was found in how the Linux kernel's KVM (Kernel-based Virtual \nMachine) subsystem handled MSI (Message Signaled Interrupts). A local \nunprivileged user could exploit this flaw to cause a denial of service or \npotentially elevate privileges. (CVE-2012-2137)\n\nA flaw was found in how the Linux kernel passed the replacement session \nkeyring to a child process. An unprivileged local user could exploit this \nflaw to cause a denial of service (panic). (CVE-2012-2745)\n", "cvss3": {}, "published": "2012-10-11T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2137", "CVE-2012-2745"], "modified": "2012-10-11T00:00:00", "id": "USN-1606-1", "href": "https://ubuntu.com/security/notices/USN-1606-1", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-04T13:05:28", "description": "A flaw was found in the Linux kernel's KVM (Kernel Virtual Machine) virtual \ncpu setup. An unprivileged local user could exploit this flaw to crash the \nsystem leading to a denial of service. (CVE-2012-1601)\n\nSteve Grubb reported a flaw with Linux fscaps (file system base \ncapabilities) when used to increase the permissions of a process. For \napplication on which fscaps are in use a local attacker can disable address \nspace randomization to make attacking the process with raised privileges \neasier. (CVE-2012-2123)\n\nA flaw was found in how the Linux kernel passed the replacement session \nkeyring to a child process. An unprivileged local user could exploit this \nflaw to cause a denial of service (panic). (CVE-2012-2745)\n", "cvss3": {}, "published": "2012-05-31T00:00:00", "type": "ubuntu", "title": "Linux kernel (OMAP4) vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2123", "CVE-2012-1601", "CVE-2012-2745"], "modified": "2012-05-31T00:00:00", "id": "USN-1460-1", "href": "https://ubuntu.com/security/notices/USN-1460-1", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-04T13:05:39", "description": "A flaw was found in the Linux kernel's KVM (Kernel Virtual Machine) virtual \ncpu setup. An unprivileged local user could exploit this flaw to crash the \nsystem leading to a denial of service. (CVE-2012-1601)\n\nSteve Grubb reported a flaw with Linux fscaps (file system base \ncapabilities) when used to increase the permissions of a process. For \napplication on which fscaps are in use a local attacker can disable address \nspace randomization to make attacking the process with raised privileges \neasier. (CVE-2012-2123)\n\nA flaw was found in how the Linux kernel passed the replacement session \nkeyring to a child process. An unprivileged local user could exploit this \nflaw to cause a denial of service (panic). (CVE-2012-2745)\n", "cvss3": {}, "published": "2012-05-21T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2123", "CVE-2012-1601", "CVE-2012-2745"], "modified": "2012-05-21T00:00:00", "id": "USN-1448-1", "href": "https://ubuntu.com/security/notices/USN-1448-1", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-04T13:05:36", "description": "A flaw was found in the Linux kernel's KVM (Kernel Virtual Machine) virtual \ncpu setup. An unprivileged local user could exploit this flaw to crash the \nsystem leading to a denial of service. (CVE-2012-1601)\n\nSteve Grubb reported a flaw with Linux fscaps (file system base \ncapabilities) when used to increase the permissions of a process. For \napplication on which fscaps are in use a local attacker can disable address \nspace randomization to make attacking the process with raised privileges \neasier. (CVE-2012-2123)\n\nA flaw was found in how the Linux kernel passed the replacement session \nkeyring to a child process. An unprivileged local user could exploit this \nflaw to cause a denial of service (panic). (CVE-2012-2745)\n", "cvss3": {}, "published": "2012-05-25T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2123", "CVE-2012-1601", "CVE-2012-2745"], "modified": "2012-05-25T00:00:00", "id": "USN-1452-1", "href": "https://ubuntu.com/security/notices/USN-1452-1", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-04T13:05:33", "description": "A flaw was found in the Linux kernel's KVM (Kernel Virtual Machine) virtual \ncpu setup. An unprivileged local user could exploit this flaw to crash the \nsystem leading to a denial of service. (CVE-2012-1601)\n\nSteve Grubb reported a flaw with Linux fscaps (file system base \ncapabilities) when used to increase the permissions of a process. For \napplication on which fscaps are in use a local attacker can disable address \nspace randomization to make attacking the process with raised privileges \neasier. (CVE-2012-2123)\n\nA flaw was found in how the Linux kernel passed the replacement session \nkeyring to a child process. An unprivileged local user could exploit this \nflaw to cause a denial of service (panic). (CVE-2012-2745)\n", "cvss3": {}, "published": "2012-05-30T00:00:00", "type": "ubuntu", "title": "Linux kernel (Oneiric backport) vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2123", "CVE-2012-1601", "CVE-2012-2745"], "modified": "2012-05-30T00:00:00", "id": "USN-1455-1", "href": "https://ubuntu.com/security/notices/USN-1455-1", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-04T13:05:27", "description": "A flaw was found in the Linux kernel's KVM (Kernel Virtual Machine) virtual \ncpu setup. An unprivileged local user could exploit this flaw to crash the \nsystem leading to a denial of service. (CVE-2012-1601)\n\nSteve Grubb reported a flaw with Linux fscaps (file system base \ncapabilities) when used to increase the permissions of a process. For \napplication on which fscaps are in use a local attacker can disable address \nspace randomization to make attacking the process with raised privileges \neasier. (CVE-2012-2123)\n\nA flaw was found in how the Linux kernel passed the replacement session \nkeyring to a child process. An unprivileged local user could exploit this \nflaw to cause a denial of service (panic). (CVE-2012-2745)\n", "cvss3": {}, "published": "2012-05-31T00:00:00", "type": "ubuntu", "title": "Linux kernel (OMAP4) vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2123", "CVE-2012-1601", "CVE-2012-2745"], "modified": "2012-05-31T00:00:00", "id": "USN-1459-1", "href": "https://ubuntu.com/security/notices/USN-1459-1", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-04T13:02:58", "description": "A flaw was found in how the Linux kernel passed the replacement session \nkeyring to a child process. An unprivileged local user could exploit this \nflaw to cause a denial of service (panic). (CVE-2012-2745)\n\nBen Hutchings reported a flaw in the Linux kernel with some network drivers \nthat support TSO (TCP segment offload). A local or peer user could exploit \nthis flaw to to cause a denial of service. (CVE-2012-3412)\n\nJay Fenlason and Doug Ledford discovered a bug in the Linux kernel \nimplementation of RDS sockets. A local unprivileged user could potentially \nuse this flaw to read privileged information from the kernel. \n(CVE-2012-3430)\n\nA flaw was discovered in the madvise feature of the Linux kernel's memory \nsubsystem. An unprivileged local use could exploit the flaw to cause a \ndenial of service (crash the system). (CVE-2012-3511)\n", "cvss3": {}, "published": "2012-09-14T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-3412", "CVE-2012-2745", "CVE-2012-3430", "CVE-2012-3511"], "modified": "2012-09-14T00:00:00", "id": "USN-1567-1", "href": "https://ubuntu.com/security/notices/USN-1567-1", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-01-04T13:02:54", "description": "A flaw was found in how the Linux kernel passed the replacement session \nkeyring to a child process. An unprivileged local user could exploit this \nflaw to cause a denial of service (panic). (CVE-2012-2745)\n\nBen Hutchings reported a flaw in the Linux kernel with some network drivers \nthat support TSO (TCP segment offload). A local or peer user could exploit \nthis flaw to to cause a denial of service. (CVE-2012-3412)\n\nJay Fenlason and Doug Ledford discovered a bug in the Linux kernel \nimplementation of RDS sockets. A local unprivileged user could potentially \nuse this flaw to read privileged information from the kernel. \n(CVE-2012-3430)\n\nA flaw was discovered in the madvise feature of the Linux kernel's memory \nsubsystem. An unprivileged local use could exploit the flaw to cause a \ndenial of service (crash the system). (CVE-2012-3511)\n", "cvss3": {}, "published": "2012-09-19T00:00:00", "type": "ubuntu", "title": "Linux kernel (Natty backport) vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-3412", "CVE-2012-2745", "CVE-2012-3430", "CVE-2012-3511"], "modified": "2012-09-19T00:00:00", "id": "USN-1574-1", "href": "https://ubuntu.com/security/notices/USN-1574-1", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "cve": [{"lastseen": "2022-03-23T12:23:33", "description": "The copy_creds function in kernel/cred.c in the Linux kernel before 3.3.2 provides an invalid replacement session keyring to a child process, which allows local users to cause a denial of service (panic) via a crafted application that uses the fork system call.", "cvss3": {}, "published": "2012-08-09T10:29:00", "type": "cve", "title": "CVE-2012-2745", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.7, "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2745"], "modified": "2013-04-19T03:22:00", "cpe": ["cpe:/o:linux:linux_kernel:3.3", "cpe:/o:linux:linux_kernel:3.3.1"], "id": "CVE-2012-2745", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2745", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:3.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc1:*:*:*:*:*:*"]}], "debiancve": [{"lastseen": "2022-05-11T23:36:16", "description": "The copy_creds function in kernel/cred.c in the Linux kernel before 3.3.2 provides an invalid replacement session keyring to a child process, which allows local users to cause a denial of service (panic) via a crafted application that uses the fork system call.", "cvss3": {}, "published": "2012-08-09T10:29:00", "type": "debiancve", "title": "CVE-2012-2745", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.7, "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2745"], "modified": "2012-08-09T10:29:00", "id": "DEBIANCVE:CVE-2012-2745", "href": "https://security-tracker.debian.org/tracker/CVE-2012-2745", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:38:36", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1597-1", "cvss3": {}, "published": "2012-10-05T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-ec2 USN-1597-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2745"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310841176", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841176", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1597_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux-ec2 USN-1597-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1597-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.841176\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-10-05 09:45:32 +0530 (Fri, 05 Oct 2012)\");\n script_cve_id(\"CVE-2012-2745\");\n script_tag(name:\"cvss_base\", value:\"4.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:N/A:C\");\n script_xref(name:\"USN\", value:\"1597-1\");\n script_name(\"Ubuntu Update for linux-ec2 USN-1597-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU10\\.04 LTS\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1597-1\");\n script_tag(name:\"affected\", value:\"linux-ec2 on Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"A flaw was found in how the Linux kernel passed the replacement session\n keyring to a child process. An unprivileged local user could exploit this\n flaw to cause a denial of service (panic).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-349-ec2\", ver:\"2.6.32-349.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:36:06", "description": "Oracle Linux Local Security Checks ELSA-2012-1064", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2012-1064", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2745", "CVE-2012-2744"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123870", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123870", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2012-1064.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123870\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:09:39 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2012-1064\");\n script_tag(name:\"insight\", value:\"ELSA-2012-1064 - kernel security and bug fix update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2012-1064\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2012-1064.html\");\n script_cve_id(\"CVE-2012-2744\", \"CVE-2012-2745\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.32~279.1.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.32~279.1.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.32~279.1.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.32~279.1.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.32~279.1.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.32~279.1.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.32~279.1.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~2.6.32~279.1.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~2.6.32~279.1.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2017-12-04T11:20:48", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1606-1", "cvss3": {}, "published": "2012-10-12T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-1606-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2137", "CVE-2012-2745"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:841188", "href": "http://plugins.openvas.org/nasl.php?oid=841188", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1606_1.nasl 7960 2017-12-01 06:58:16Z santu $\n#\n# Ubuntu Update for linux USN-1606-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A flaw was found in how the Linux kernel's KVM (Kernel-based Virtual\n Machine) subsystem handled MSI (Message Signaled Interrupts). A local\n unprivileged user could exploit this flaw to cause a denial of service or\n potentially elevate privileges. (CVE-2012-2137)\n\n A flaw was found in how the Linux kernel passed the replacement session\n keyring to a child process. An unprivileged local user could exploit this\n flaw to cause a denial of service (panic). (CVE-2012-2745)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1606-1\";\ntag_affected = \"linux on Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1606-1/\");\n script_id(841188);\n script_version(\"$Revision: 7960 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:58:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-10-12 09:20:41 +0530 (Fri, 12 Oct 2012)\");\n script_cve_id(\"CVE-2012-2137\", \"CVE-2012-2745\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"1606-1\");\n script_name(\"Ubuntu Update for linux USN-1606-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-44-386\", ver:\"2.6.32-44.98\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-44-generic\", ver:\"2.6.32-44.98\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-44-generic-pae\", ver:\"2.6.32-44.98\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-44-ia64\", ver:\"2.6.32-44.98\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-44-lpia\", ver:\"2.6.32-44.98\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-44-powerpc\", ver:\"2.6.32-44.98\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-44-powerpc-smp\", ver:\"2.6.32-44.98\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-44-powerpc64-smp\", ver:\"2.6.32-44.98\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-44-preempt\", ver:\"2.6.32-44.98\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-44-server\", ver:\"2.6.32-44.98\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-44-sparc64\", ver:\"2.6.32-44.98\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-44-sparc64-smp\", ver:\"2.6.32-44.98\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-44-versatile\", ver:\"2.6.32-44.98\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-44-virtual\", ver:\"2.6.32-44.98\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:56:19", "description": "Check for the Version of kernel", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for kernel CESA-2012:1064 centos6 ", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2745", "CVE-2012-2744"], "modified": "2017-12-27T00:00:00", "id": "OPENVAS:881073", "href": "http://plugins.openvas.org/nasl.php?oid=881073", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kernel CESA-2012:1064 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n This update fixes the following security issues:\n \n * A NULL pointer dereference flaw was found in the nf_ct_frag6_reasm()\n function in the Linux kernel's netfilter IPv6 connection tracking\n implementation. A remote attacker could use this flaw to send\n specially-crafted packets to a target system that is using IPv6 and also\n has the nf_conntrack_ipv6 kernel module loaded, causing it to crash.\n (CVE-2012-2744, Important)\n \n * A flaw was found in the way the Linux kernel's key management facility\n handled replacement session keyrings on process forks. A local,\n unprivileged user could use this flaw to cause a denial of service.\n (CVE-2012-2745, Moderate)\n \n Red Hat would like to thank an anonymous contributor working with the\n Beyond Security SecuriTeam Secure Disclosure program for reporting\n CVE-2012-2744.\n \n This update also fixes the following bugs:\n \n * Previously introduced firmware files required for new Realtek chipsets\n contained an invalid prefix ("rtl_nic_") in the file names, for example\n "/lib/firmware/rtl_nic/rtl_nic_rtl8168d-1.fw". This update corrects these\n file names. For example, the aforementioned file is now correctly named\n "/lib/firmware/rtl_nic/rtl8168d-1.fw". (BZ#832359)\n \n * This update blacklists the ADMA428M revision of the 2GB ATA Flash Disk\n device. This is due to data corruption occurring on the said device when\n the Ultra-DMA 66 transfer mode is used. When the\n "libata.force=5:pio0,6:pio0" kernel parameter is set, the aforementioned\n device works as expected. (BZ#832363)\n \n * On Red Hat Enterprise Linux 6, mounting an NFS export from a server\n running Windows Server 2012 Release Candidate returned the\n NFS4ERR_MINOR_VERS_MISMATCH error because Windows Server 2012 Release\n Candidate supports NFSv4.1 only. Red Hat Enterprise Linux 6 did not\n properly handle the returned error and did not fall back to using NFSv3,\n which caused the mount operation to fail. With this update, when the\n NFS4ERR_MINOR_VERS_MISMATCH error is returned, the mount operation properly\n falls back to using NFSv3 and no longer fails. (BZ#832365)\n \n * On ext4 file systems, when fallocate() failed to allocate blocks due to\n the ENOSPC condition (no space left on device) for a file larger than 4 GB,\n the size of the file became corrupted and, consequently, caused file system\n corruption. This was due to a missing cast operator in the\n "ext4_fallocate()" function. With this update, the underlying source code\n has b ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"kernel on CentOS 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2012-July/018731.html\");\n script_id(881073);\n script_version(\"$Revision: 8249 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-27 07:29:56 +0100 (Wed, 27 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:01:16 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2012-2744\", \"CVE-2012-2745\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"CESA\", value: \"2012:1064\");\n script_name(\"CentOS Update for kernel CESA-2012:1064 centos6 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.32~279.1.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.32~279.1.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.32~279.1.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.32~279.1.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.32~279.1.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.32~279.1.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.32~279.1.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~2.6.32~279.1.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~2.6.32~279.1.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:21", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for kernel CESA-2012:1064 centos6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2745", "CVE-2012-2744"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310881073", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881073", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kernel CESA-2012:1064 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2012-July/018731.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881073\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:01:16 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2012-2744\", \"CVE-2012-2745\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name:\"CESA\", value:\"2012:1064\");\n script_name(\"CentOS Update for kernel CESA-2012:1064 centos6\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n script_tag(name:\"affected\", value:\"kernel on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n This update fixes the following security issues:\n\n * A NULL pointer dereference flaw was found in the nf_ct_frag6_reasm()\n function in the Linux kernel's netfilter IPv6 connection tracking\n implementation. A remote attacker could use this flaw to send\n specially-crafted packets to a target system that is using IPv6 and also\n has the nf_conntrack_ipv6 kernel module loaded, causing it to crash.\n (CVE-2012-2744, Important)\n\n * A flaw was found in the way the Linux kernel's key management facility\n handled replacement session keyrings on process forks. A local,\n unprivileged user could use this flaw to cause a denial of service.\n (CVE-2012-2745, Moderate)\n\n Red Hat would like to thank an anonymous contributor working with the\n Beyond Security SecuriTeam Secure Disclosure program for reporting\n CVE-2012-2744.\n\n This update also fixes the following bugs:\n\n * Previously introduced firmware files required for new Realtek chipsets\n contained an invalid prefix ('rtl_nic_') in the file names, for example\n '/lib/firmware/rtl_nic/rtl_nic_rtl8168d-1.fw'. This update corrects these\n file names. For example, the aforementioned file is now correctly named\n '/lib/firmware/rtl_nic/rtl8168d-1.fw'. (BZ#832359)\n\n * This update blacklists the ADMA428M revision of the 2GB ATA Flash Disk\n device. This is due to data corruption occurring on the said device when\n the Ultra-DMA 66 transfer mode is used. When the\n 'libata.force=5:pio0, 6:pio0' kernel parameter is set, the aforementioned\n device works as expected. (BZ#832363)\n\n * On Red Hat Enterprise Linux 6, mounting an NFS export from a server\n running Windows Server 2012 Release Candidate returned the\n NFS4ERR_MINOR_VERS_MISMATCH error because Windows Server 2012 Release\n Candidate supports NFSv4.1 only. Red Hat Enterprise Linux 6 did not\n properly handle the returned error and did not fall back to using NFSv3,\n which caused the mount operation to fail. With this update, when the\n NFS4ERR_MINOR_VERS_MISMATCH error is returned, the mount operation properly\n falls back to using NFSv3 and no longer fails. (BZ#832365)\n\n * On ext4 file systems, when fallocate() failed to allocate blocks due to\n the ENOSPC condition (no space left on device) for a file larger than 4 GB,\n the size of the file became corrupted and, consequently, caused file system\n corruption. This was due to a missing cast operator in the\n 'ext4_fallocate()' function. With this update, the underlying source code\n has b ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.32~279.1.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.32~279.1.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.32~279.1.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.32~279.1.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.32~279.1.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.32~279.1.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.32~279.1.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~2.6.32~279.1.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~2.6.32~279.1.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:38:33", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-07-16T00:00:00", "type": "openvas", "title": "RedHat Update for kernel RHSA-2012:1064-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2745", "CVE-2012-2744"], "modified": "2019-03-12T00:00:00", "id": "OPENVAS:1361412562310870785", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870785", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for kernel RHSA-2012:1064-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2012-July/msg00009.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870785\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_version(\"$Revision: 14114 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-12 12:48:52 +0100 (Tue, 12 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-16 11:52:16 +0530 (Mon, 16 Jul 2012)\");\n script_cve_id(\"CVE-2012-2744\", \"CVE-2012-2745\");\n script_xref(name:\"RHSA\", value:\"2012:1064-01\");\n script_name(\"RedHat Update for kernel RHSA-2012:1064-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n script_tag(name:\"affected\", value:\"kernel on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n This update fixes the following security issues:\n\n * A NULL pointer dereference flaw was found in the nf_ct_frag6_reasm()\n function in the Linux kernel's netfilter IPv6 connection tracking\n implementation. A remote attacker could use this flaw to send\n specially-crafted packets to a target system that is using IPv6 and also\n has the nf_conntrack_ipv6 kernel module loaded, causing it to crash.\n (CVE-2012-2744, Important)\n\n * A flaw was found in the way the Linux kernel's key management facility\n handled replacement session keyrings on process forks. A local,\n unprivileged user could use this flaw to cause a denial of service.\n (CVE-2012-2745, Moderate)\n\n Red Hat would like to thank an anonymous contributor working with the\n Beyond Security SecuriTeam Secure Disclosure program for reporting\n CVE-2012-2744.\n\n This update also fixes the following bugs:\n\n * Previously introduced firmware files required for new Realtek chipsets\n contained an invalid prefix ('rtl_nic_') in the file names, for example\n '/lib/firmware/rtl_nic/rtl_nic_rtl8168d-1.fw'. This update corrects these\n file names. For example, the aforementioned file is now correctly named\n '/lib/firmware/rtl_nic/rtl8168d-1.fw'. (BZ#832359)\n\n * This update blacklists the ADMA428M revision of the 2GB ATA Flash Disk\n device. This is due to data corruption occurring on the said device when\n the Ultra-DMA 66 transfer mode is used. When the\n 'libata.force=5:pio0, 6:pio0' kernel parameter is set, the aforementioned\n device works as expected. (BZ#832363)\n\n * On Red Hat Enterprise Linux 6, mounting an NFS export from a server\n running Windows Server 2012 Release Candidate returned the\n NFS4ERR_MINOR_VERS_MISMATCH error because Windows Server 2012 Release\n Candidate supports NFSv4.1 only. Red Hat Enterprise Linux 6 did not\n properly handle the returned error and did not fall back to using NFSv3,\n which caused the mount operation to fail. With this update, when the\n NFS4ERR_MINOR_VERS_MISMATCH error is returned, the mount operation properly\n falls back to using NFSv3 and no longer fails. (BZ#832365)\n\n * On ext4 file systems, when fallocate() failed to allocate blocks due to\n the ENOSPC condition (no space left on device) for a file larger than 4 GB,\n the size of the file became corrupted and, consequently, caused file system\n corruption. This was due to a mi ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.32~279.1.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.32~279.1.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.32~279.1.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.32~279.1.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.32~279.1.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common-i686\", rpm:\"kernel-debuginfo-common-i686~2.6.32~279.1.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.32~279.1.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.32~279.1.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~2.6.32~279.1.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf-debuginfo\", rpm:\"perf-debuginfo~2.6.32~279.1.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf-debuginfo\", rpm:\"python-perf-debuginfo~2.6.32~279.1.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.32~279.1.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.32~279.1.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~2.6.32~279.1.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2018-01-11T11:07:49", "description": "Check for the Version of kernel", "cvss3": {}, "published": "2012-07-16T00:00:00", "type": "openvas", "title": "RedHat Update for kernel RHSA-2012:1064-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2745", "CVE-2012-2744"], "modified": "2018-01-10T00:00:00", "id": "OPENVAS:870785", "href": "http://plugins.openvas.org/nasl.php?oid=870785", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for kernel RHSA-2012:1064-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n This update fixes the following security issues:\n\n * A NULL pointer dereference flaw was found in the nf_ct_frag6_reasm()\n function in the Linux kernel's netfilter IPv6 connection tracking\n implementation. A remote attacker could use this flaw to send\n specially-crafted packets to a target system that is using IPv6 and also\n has the nf_conntrack_ipv6 kernel module loaded, causing it to crash.\n (CVE-2012-2744, Important)\n\n * A flaw was found in the way the Linux kernel's key management facility\n handled replacement session keyrings on process forks. A local,\n unprivileged user could use this flaw to cause a denial of service.\n (CVE-2012-2745, Moderate)\n\n Red Hat would like to thank an anonymous contributor working with the\n Beyond Security SecuriTeam Secure Disclosure program for reporting\n CVE-2012-2744.\n\n This update also fixes the following bugs:\n\n * Previously introduced firmware files required for new Realtek chipsets\n contained an invalid prefix ("rtl_nic_") in the file names, for example\n "/lib/firmware/rtl_nic/rtl_nic_rtl8168d-1.fw". This update corrects these\n file names. For example, the aforementioned file is now correctly named\n "/lib/firmware/rtl_nic/rtl8168d-1.fw". (BZ#832359)\n\n * This update blacklists the ADMA428M revision of the 2GB ATA Flash Disk\n device. This is due to data corruption occurring on the said device when\n the Ultra-DMA 66 transfer mode is used. When the\n "libata.force=5:pio0,6:pio0" kernel parameter is set, the aforementioned\n device works as expected. (BZ#832363)\n\n * On Red Hat Enterprise Linux 6, mounting an NFS export from a server\n running Windows Server 2012 Release Candidate returned the\n NFS4ERR_MINOR_VERS_MISMATCH error because Windows Server 2012 Release\n Candidate supports NFSv4.1 only. Red Hat Enterprise Linux 6 did not\n properly handle the returned error and did not fall back to using NFSv3,\n which caused the mount operation to fail. With this update, when the\n NFS4ERR_MINOR_VERS_MISMATCH error is returned, the mount operation properly\n falls back to using NFSv3 and no longer fails. (BZ#832365)\n\n * On ext4 file systems, when fallocate() failed to allocate blocks due to\n the ENOSPC condition (no space left on device) for a file larger than 4 GB,\n the size of the file became corrupted and, consequently, caused file system\n corruption. This was due to a mi ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"kernel on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2012-July/msg00009.html\");\n script_id(870785);\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_version(\"$Revision: 8352 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-10 08:01:57 +0100 (Wed, 10 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-16 11:52:16 +0530 (Mon, 16 Jul 2012)\");\n script_cve_id(\"CVE-2012-2744\", \"CVE-2012-2745\");\n script_xref(name: \"RHSA\", value: \"2012:1064-01\");\n script_name(\"RedHat Update for kernel RHSA-2012:1064-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.32~279.1.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.32~279.1.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.32~279.1.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.32~279.1.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.32~279.1.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common-i686\", rpm:\"kernel-debuginfo-common-i686~2.6.32~279.1.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.32~279.1.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.32~279.1.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~2.6.32~279.1.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf-debuginfo\", rpm:\"perf-debuginfo~2.6.32~279.1.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf-debuginfo\", rpm:\"python-perf-debuginfo~2.6.32~279.1.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.32~279.1.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.32~279.1.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~2.6.32~279.1.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:06", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1606-1", "cvss3": {}, "published": "2012-10-12T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-1606-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2137", "CVE-2012-2745"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310841188", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841188", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1606_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux USN-1606-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1606-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.841188\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-10-12 09:20:41 +0530 (Fri, 12 Oct 2012)\");\n script_cve_id(\"CVE-2012-2137\", \"CVE-2012-2745\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"USN\", value:\"1606-1\");\n script_name(\"Ubuntu Update for linux USN-1606-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU10\\.04 LTS\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1606-1\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"A flaw was found in how the Linux kernel's KVM (Kernel-based Virtual\n Machine) subsystem handled MSI (Message Signaled Interrupts). A local\n unprivileged user could exploit this flaw to cause a denial of service or\n potentially elevate privileges. (CVE-2012-2137)\n\n A flaw was found in how the Linux kernel passed the replacement session\n keyring to a child process. An unprivileged local user could exploit this\n flaw to cause a denial of service (panic). (CVE-2012-2745)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-44-386\", ver:\"2.6.32-44.98\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-44-generic\", ver:\"2.6.32-44.98\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-44-generic-pae\", ver:\"2.6.32-44.98\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-44-ia64\", ver:\"2.6.32-44.98\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-44-lpia\", ver:\"2.6.32-44.98\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-44-powerpc\", ver:\"2.6.32-44.98\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-44-powerpc-smp\", ver:\"2.6.32-44.98\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-44-powerpc64-smp\", ver:\"2.6.32-44.98\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-44-preempt\", ver:\"2.6.32-44.98\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-44-server\", ver:\"2.6.32-44.98\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-44-sparc64\", ver:\"2.6.32-44.98\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-44-sparc64-smp\", ver:\"2.6.32-44.98\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-44-versatile\", ver:\"2.6.32-44.98\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-44-virtual\", ver:\"2.6.32-44.98\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:35", "description": "Oracle Linux Local Security Checks ELSA-2012-2026", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2012-2026", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1083", "CVE-2012-2745", "CVE-2012-3375"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123862", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123862", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2012-2026.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123862\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:09:33 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2012-2026\");\n script_tag(name:\"insight\", value:\"ELSA-2012-2026 - Unbreakable Enterprise kernel Security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2012-2026\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2012-2026.html\");\n script_cve_id(\"CVE-2011-1083\", \"CVE-2012-2745\", \"CVE-2012-3375\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(5|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"kernel-uek\", rpm:\"kernel-uek~2.6.32~300.29.2.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug\", rpm:\"kernel-uek-debug~2.6.32~300.29.2.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug-devel\", rpm:\"kernel-uek-debug-devel~2.6.32~300.29.2.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-devel\", rpm:\"kernel-uek-devel~2.6.32~300.29.2.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-doc\", rpm:\"kernel-uek-doc~2.6.32~300.29.2.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-firmware\", rpm:\"kernel-uek-firmware~2.6.32~300.29.2.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-headers\", rpm:\"kernel-uek-headers~2.6.32~300.29.2.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mlnx_en\", rpm:\"mlnx_en~2.6.32~300.29.2.el5uek~1.5.7~2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mlnx_en\", rpm:\"mlnx_en~2.6.32~300.29.2.el5uekdebug~1.5.7~2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ofa\", rpm:\"ofa~2.6.32~300.29.2.el5uek~1.5.1~4.0.58\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ofa\", rpm:\"ofa~2.6.32~300.29.2.el5uekdebug~1.5.1~4.0.58\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"kernel-uek\", rpm:\"kernel-uek~2.6.32~300.29.2.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug\", rpm:\"kernel-uek-debug~2.6.32~300.29.2.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug-devel\", rpm:\"kernel-uek-debug-devel~2.6.32~300.29.2.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-devel\", rpm:\"kernel-uek-devel~2.6.32~300.29.2.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-doc\", rpm:\"kernel-uek-doc~2.6.32~300.29.2.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-firmware\", rpm:\"kernel-uek-firmware~2.6.32~300.29.2.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-headers\", rpm:\"kernel-uek-headers~2.6.32~300.29.2.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mlnx_en\", rpm:\"mlnx_en~2.6.32~300.29.2.el6uek~1.5.7~0.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mlnx_en\", rpm:\"mlnx_en~2.6.32~300.29.2.el6uekdebug~1.5.7~0.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ofa\", rpm:\"ofa~2.6.32~300.29.2.el6uek~1.5.1~4.0.58\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ofa\", rpm:\"ofa~2.6.32~300.29.2.el6uekdebug~1.5.1~4.0.58\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:35:57", "description": "Oracle Linux Local Security Checks ELSA-2012-2025", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2012-2025", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1083", "CVE-2012-2745", "CVE-2012-3375"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123866", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123866", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2012-2025.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123866\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:09:36 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2012-2025\");\n script_tag(name:\"insight\", value:\"ELSA-2012-2025 - Unbreakable Enterprise kernel Security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2012-2025\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2012-2025.html\");\n script_cve_id(\"CVE-2012-3375\", \"CVE-2011-1083\", \"CVE-2012-2745\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(5|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"kernel-uek\", rpm:\"kernel-uek~2.6.39~200.29.2.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug\", rpm:\"kernel-uek-debug~2.6.39~200.29.2.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug-devel\", rpm:\"kernel-uek-debug-devel~2.6.39~200.29.2.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-devel\", rpm:\"kernel-uek-devel~2.6.39~200.29.2.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-doc\", rpm:\"kernel-uek-doc~2.6.39~200.29.2.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-firmware\", rpm:\"kernel-uek-firmware~2.6.39~200.29.2.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"kernel-uek\", rpm:\"kernel-uek~2.6.39~200.29.2.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug\", rpm:\"kernel-uek-debug~2.6.39~200.29.2.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug-devel\", rpm:\"kernel-uek-debug-devel~2.6.39~200.29.2.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-devel\", rpm:\"kernel-uek-devel~2.6.39~200.29.2.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-doc\", rpm:\"kernel-uek-doc~2.6.39~200.29.2.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-firmware\", rpm:\"kernel-uek-firmware~2.6.39~200.29.2.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-08-07T15:16:18", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1567-1", "cvss3": {}, "published": "2012-09-17T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-1567-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3511", "CVE-2012-2745", "CVE-2012-3412", "CVE-2012-3430"], "modified": "2019-08-06T00:00:00", "id": "OPENVAS:1361412562310841147", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841147", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux USN-1567-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1567-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.841147\");\n script_version(\"2019-08-06T11:17:21+0000\");\n script_tag(name:\"last_modification\", value:\"2019-08-06 11:17:21 +0000 (Tue, 06 Aug 2019)\");\n script_tag(name:\"creation_date\", value:\"2012-09-17 16:55:00 +0530 (Mon, 17 Sep 2012)\");\n script_cve_id(\"CVE-2012-2745\", \"CVE-2012-3412\", \"CVE-2012-3430\", \"CVE-2012-3511\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name:\"USN\", value:\"1567-1\");\n script_name(\"Ubuntu Update for linux USN-1567-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU11\\.04\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1567-1\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 11.04\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"A flaw was found in how the Linux kernel passed the replacement session\n keyring to a child process. An unprivileged local user could exploit this\n flaw to cause a denial of service (panic). (CVE-2012-2745)\n\n Ben Hutchings reported a flaw in the Linux kernel with some network drivers\n that support TSO (TCP segment offload). A local or peer user could exploit\n this flaw to cause a denial of service. (CVE-2012-3412)\n\n Jay Fenlason and Doug Ledford discovered a bug in the Linux kernel\n implementation of RDS sockets. A local unprivileged user could potentially\n use this flaw to read privileged information from the kernel.\n (CVE-2012-3430)\n\n A flaw was discovered in the madvise feature of the Linux kernel's memory\n subsystem. An unprivileged local use could exploit the flaw to cause a\n denial of service (crash the system). (CVE-2012-3511)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-16-generic\", ver:\"2.6.38-16.67\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-16-generic-pae\", ver:\"2.6.38-16.67\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-16-omap\", ver:\"2.6.38-16.67\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-16-powerpc\", ver:\"2.6.38-16.67\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-16-powerpc-smp\", ver:\"2.6.38-16.67\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-16-powerpc64-smp\", ver:\"2.6.38-16.67\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-16-server\", ver:\"2.6.38-16.67\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-16-versatile\", ver:\"2.6.38-16.67\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-16-virtual\", ver:\"2.6.38-16.67\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2017-12-04T11:19:54", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1567-1", "cvss3": {}, "published": "2012-09-17T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-1567-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3511", "CVE-2012-2745", "CVE-2012-3412", "CVE-2012-3430"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:841147", "href": "http://plugins.openvas.org/nasl.php?oid=841147", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1567_1.nasl 7960 2017-12-01 06:58:16Z santu $\n#\n# Ubuntu Update for linux USN-1567-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A flaw was found in how the Linux kernel passed the replacement session\n keyring to a child process. An unprivileged local user could exploit this\n flaw to cause a denial of service (panic). (CVE-2012-2745)\n\n Ben Hutchings reported a flaw in the Linux kernel with some network drivers\n that support TSO (TCP segment offload). A local or peer user could exploit\n this flaw to to cause a denial of service. (CVE-2012-3412)\n \n Jay Fenlason and Doug Ledford discovered a bug in the Linux kernel\n implementation of RDS sockets. A local unprivileged user could potentially\n use this flaw to read privileged information from the kernel.\n (CVE-2012-3430)\n \n A flaw was discovered in the madvise feature of the Linux kernel's memory\n subsystem. An unprivileged local use could exploit the flaw to cause a\n denial of service (crash the system). (CVE-2012-3511)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1567-1\";\ntag_affected = \"linux on Ubuntu 11.04\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1567-1/\");\n script_id(841147);\n script_version(\"$Revision: 7960 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:58:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-09-17 16:55:00 +0530 (Mon, 17 Sep 2012)\");\n script_cve_id(\"CVE-2012-2745\", \"CVE-2012-3412\", \"CVE-2012-3430\", \"CVE-2012-3511\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"USN\", value: \"1567-1\");\n script_name(\"Ubuntu Update for linux USN-1567-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-16-generic\", ver:\"2.6.38-16.67\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-16-generic-pae\", ver:\"2.6.38-16.67\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-16-omap\", ver:\"2.6.38-16.67\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-16-powerpc\", ver:\"2.6.38-16.67\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-16-powerpc-smp\", ver:\"2.6.38-16.67\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-16-powerpc64-smp\", ver:\"2.6.38-16.67\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-16-server\", ver:\"2.6.38-16.67\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-16-versatile\", ver:\"2.6.38-16.67\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-16-virtual\", ver:\"2.6.38-16.67\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-08-07T15:16:24", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1574-1", "cvss3": {}, "published": "2012-09-22T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-lts-backport-natty USN-1574-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3511", "CVE-2012-2745", "CVE-2012-3412", "CVE-2012-3430"], "modified": "2019-08-06T00:00:00", "id": "OPENVAS:1361412562310841150", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841150", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-lts-backport-natty USN-1574-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1574-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.841150\");\n script_version(\"2019-08-06T11:17:21+0000\");\n script_tag(name:\"last_modification\", value:\"2019-08-06 11:17:21 +0000 (Tue, 06 Aug 2019)\");\n script_tag(name:\"creation_date\", value:\"2012-09-22 11:59:18 +0530 (Sat, 22 Sep 2012)\");\n script_cve_id(\"CVE-2012-2745\", \"CVE-2012-3412\", \"CVE-2012-3430\", \"CVE-2012-3511\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name:\"USN\", value:\"1574-1\");\n script_name(\"Ubuntu Update for linux-lts-backport-natty USN-1574-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU10\\.04 LTS\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1574-1\");\n script_tag(name:\"affected\", value:\"linux-lts-backport-natty on Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"A flaw was found in how the Linux kernel passed the replacement session\n keyring to a child process. An unprivileged local user could exploit this\n flaw to cause a denial of service (panic). (CVE-2012-2745)\n\n Ben Hutchings reported a flaw in the Linux kernel with some network drivers\n that support TSO (TCP segment offload). A local or peer user could exploit\n this flaw to cause a denial of service. (CVE-2012-3412)\n\n Jay Fenlason and Doug Ledford discovered a bug in the Linux kernel\n implementation of RDS sockets. A local unprivileged user could potentially\n use this flaw to read privileged information from the kernel.\n (CVE-2012-3430)\n\n A flaw was discovered in the madvise feature of the Linux kernel's memory\n subsystem. An unprivileged local use could exploit the flaw to cause a\n denial of service (crash the system). (CVE-2012-3511)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-16-generic\", ver:\"2.6.38-16.67~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-16-generic-pae\", ver:\"2.6.38-16.67~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-16-server\", ver:\"2.6.38-16.67~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-16-virtual\", ver:\"2.6.38-16.67~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2017-12-04T11:20:36", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1574-1", "cvss3": {}, "published": "2012-09-22T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-lts-backport-natty USN-1574-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3511", "CVE-2012-2745", "CVE-2012-3412", "CVE-2012-3430"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:841150", "href": "http://plugins.openvas.org/nasl.php?oid=841150", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1574_1.nasl 7960 2017-12-01 06:58:16Z santu $\n#\n# Ubuntu Update for linux-lts-backport-natty USN-1574-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A flaw was found in how the Linux kernel passed the replacement session\n keyring to a child process. An unprivileged local user could exploit this\n flaw to cause a denial of service (panic). (CVE-2012-2745)\n\n Ben Hutchings reported a flaw in the Linux kernel with some network drivers\n that support TSO (TCP segment offload). A local or peer user could exploit\n this flaw to to cause a denial of service. (CVE-2012-3412)\n \n Jay Fenlason and Doug Ledford discovered a bug in the Linux kernel\n implementation of RDS sockets. A local unprivileged user could potentially\n use this flaw to read privileged information from the kernel.\n (CVE-2012-3430)\n \n A flaw was discovered in the madvise feature of the Linux kernel's memory\n subsystem. An unprivileged local use could exploit the flaw to cause a\n denial of service (crash the system). (CVE-2012-3511)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1574-1\";\ntag_affected = \"linux-lts-backport-natty on Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1574-1/\");\n script_id(841150);\n script_version(\"$Revision: 7960 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:58:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-09-22 11:59:18 +0530 (Sat, 22 Sep 2012)\");\n script_cve_id(\"CVE-2012-2745\", \"CVE-2012-3412\", \"CVE-2012-3430\", \"CVE-2012-3511\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"USN\", value: \"1574-1\");\n script_name(\"Ubuntu Update for linux-lts-backport-natty USN-1574-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-16-generic\", ver:\"2.6.38-16.67~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-16-generic-pae\", ver:\"2.6.38-16.67~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-16-server\", ver:\"2.6.38-16.67~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-16-virtual\", ver:\"2.6.38-16.67~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2020-01-31T18:40:09", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2013-03-11T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for kernel (openSUSE-SU-2013:0396-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-0871", "CVE-2012-4508", "CVE-2013-0268", "CVE-2013-0160", "CVE-2012-0957", "CVE-2012-2745", "CVE-2013-0231", "CVE-2012-3412", "CVE-2012-4530", "CVE-2013-0216", "CVE-2012-3400", "CVE-2012-3375", "CVE-2013-0309", "CVE-2012-5374"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310850414", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850414", "sourceData": "# Copyright (C) 2013 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2013-03/msg00005.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.850414\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2013-03-11 18:29:39 +0530 (Mon, 11 Mar 2013)\");\n script_cve_id(\"CVE-2012-0957\", \"CVE-2012-2745\", \"CVE-2012-3412\", \"CVE-2012-4530\",\n \"CVE-2013-0160\", \"CVE-2013-0216\", \"CVE-2013-0231\", \"CVE-2013-0268\",\n \"CVE-2013-0309\", \"CVE-2013-0871\", \"CVE-2012-5374\", \"CVE-2012-4508\",\n \"CVE-2012-3375\", \"CVE-2012-3400\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name:\"openSUSE-SU\", value:\"2013:0396-1\");\n script_name(\"openSUSE: Security Advisory for kernel (openSUSE-SU-2013:0396-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE12\\.1\");\n\n script_tag(name:\"affected\", value:\"kernel on openSUSE 12.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"insight\", value:\"The Linux kernel was updated to fix various bugs and\n security issues:\n\n CVE-2013-0871: Race condition in the ptrace functionality\n in the Linux kernel allowed local users to gain privileges\n via a PTRACE_SETREGS ptrace system call in a crafted\n application, as demonstrated by ptrace_death.\n\n CVE-2013-0160: Avoid a side channel attack on /dev/ptmx\n (keyboard input timing).\n\n CVE-2012-5374: Fixed a local denial of service in the BTRFS\n hashing code.\n\n CVE-2013-0309: arch/x86/include/asm/pgtable.h in the Linux\n kernel, when transparent huge pages are used, does not\n properly support PROT_NONE memory regions, which allows\n local users to cause a denial of service (system crash) via\n a crafted application.\n\n CVE-2013-0268: The msr_open function in\n arch/x86/kernel/msr.c in the Linux kernel allowed local\n users to bypass intended capability restrictions by\n executing a crafted application as root, as demonstrated by\n msr32.c.\n\n CVE-2012-0957: The override_release function in\n kernel/sys.c in the Linux kernel allowed local users to\n obtain sensitive information from kernel stack memory via a\n uname system call in conjunction with a UNAME26 personality.\n\n CVE-2013-0216: The Xen netback functionality in the Linux\n kernel allowed guest OS users to cause a denial of service\n (loop) by triggering ring pointer corruption.\n\n CVE-2013-0231: The pciback_enable_msi function in the PCI\n backend driver\n (drivers/xen/pciback/conf_space_capability_msi.c) in Xen\n for the Linux kernel allowed guest OS users with PCI device\n access to cause a denial of service via a large number of\n kernel log messages. NOTE: some of these details are\n obtained from third party information.\n\n CVE-2012-4530: The load_script function in\n fs/binfmt_script.c in the Linux kernel did not properly\n handle recursion, which allowed local users to obtain\n sensitive information from kernel stack memory via a\n crafted application.\n\n CVE-2012-4508: Race condition in fs/ext4/extents.c in the\n Linux kernel allowed local users to obtain sensitive\n information from a deleted file by reading an extent that\n was not properly marked as uninitialized.\n\n CVE-2012-3412: The sfc (aka Solarflare Solarstorm) driver\n in the Linux kernel allowed remote attackers to cause a\n denial of service (DMA descriptor consumption and\n network-controller outage) via crafted TCP packets that\n trigger a small MSS value.\n\n CVE-2012-2745: The copy_creds function in kernel/cred.c in\n the Linux kernel provided an invalid replacement session\n keyring to a child process, which allowed local users to\n cause a denial of service ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE12.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.1.10~1.19.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base\", rpm:\"kernel-debug-base~3.1.10~1.19.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base-debuginfo\", rpm:\"kernel-debug-base-debuginfo~3.1.10~1.19.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~3.1.10~1.19.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debugsource\", rpm:\"kernel-debug-debugsource~3.1.10~1.19.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~3.1.10~1.19.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel-debuginfo\", rpm:\"kernel-debug-devel-debuginfo~3.1.10~1.19.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~3.1.10~1.19.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~3.1.10~1.19.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base-debuginfo\", rpm:\"kernel-default-base-debuginfo~3.1.10~1.19.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debuginfo\", rpm:\"kernel-default-debuginfo~3.1.10~1.19.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debugsource\", rpm:\"kernel-default-debugsource~3.1.10~1.19.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-devel\", rpm:\"kernel-default-devel~3.1.10~1.19.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-devel-debuginfo\", rpm:\"kernel-default-devel-debuginfo~3.1.10~1.19.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop\", rpm:\"kernel-desktop~3.1.10~1.19.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop-base\", rpm:\"kernel-desktop-base~3.1.10~1.19.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop-base-debuginfo\", rpm:\"kernel-desktop-base-debuginfo~3.1.10~1.19.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop-debuginfo\", rpm:\"kernel-desktop-debuginfo~3.1.10~1.19.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop-debugsource\", rpm:\"kernel-desktop-debugsource~3.1.10~1.19.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop-devel\", rpm:\"kernel-desktop-devel~3.1.10~1.19.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop-devel-debuginfo\", rpm:\"kernel-desktop-devel-debuginfo~3.1.10~1.19.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2\", rpm:\"kernel-ec2~3.1.10~1.19.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-base\", rpm:\"kernel-ec2-base~3.1.10~1.19.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-base-debuginfo\", rpm:\"kernel-ec2-base-debuginfo~3.1.10~1.19.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-debuginfo\", rpm:\"kernel-ec2-debuginfo~3.1.10~1.19.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-debugsource\", rpm:\"kernel-ec2-debugsource~3.1.10~1.19.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-devel\", rpm:\"kernel-ec2-devel~3.1.10~1.19.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-devel-debuginfo\", rpm:\"kernel-ec2-devel-debuginfo~3.1.10~1.19.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-extra\", rpm:\"kernel-ec2-extra~3.1.10~1.19.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-extra-debuginfo\", rpm:\"kernel-ec2-extra-debuginfo~3.1.10~1.19.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~3.1.10~1.19.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-trace\", rpm:\"kernel-trace~3.1.10~1.19.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-trace-base\", rpm:\"kernel-trace-base~3.1.10~1.19.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-trace-base-debuginfo\", rpm:\"kernel-trace-base-debuginfo~3.1.10~1.19.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-trace-debuginfo\", rpm:\"kernel-trace-debuginfo~3.1.10~1.19.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-trace-debugsource\", rpm:\"kernel-trace-debugsource~3.1.10~1.19.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-trace-devel\", rpm:\"kernel-trace-devel~3.1.10~1.19.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-trace-devel-debuginfo\", rpm:\"kernel-trace-devel-debuginfo~3.1.10~1.19.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla\", rpm:\"kernel-vanilla~3.1.10~1.19.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-base\", rpm:\"kernel-vanilla-base~3.1.10~1.19.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-base-debuginfo\", rpm:\"kernel-vanilla-base-debuginfo~3.1.10~1.19.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debuginfo\", rpm:\"kernel-vanilla-debuginfo~3.1.10~1.19.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debugsource\", rpm:\"kernel-vanilla-debugsource~3.1.10~1.19.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-devel\", rpm:\"kernel-vanilla-devel~3.1.10~1.19.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-devel-debuginfo\", rpm:\"kernel-vanilla-devel-debuginfo~3.1.10~1.19.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~3.1.10~1.19.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-base\", rpm:\"kernel-xen-base~3.1.10~1.19.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-base-debuginfo\", rpm:\"kernel-xen-base-debuginfo~3.1.10~1.19.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-debuginfo\", rpm:\"kernel-xen-debuginfo~3.1.10~1.19.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-debugsource\", rpm:\"kernel-xen-debugsource~3.1.10~1.19.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~3.1.10~1.19.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-devel-debuginfo\", rpm:\"kernel-xen-devel-debuginfo~3.1.10~1.19.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.1.10~1.19.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs\", rpm:\"kernel-docs~3.1.10~1.19.2\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~3.1.10~1.19.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source-vanilla\", rpm:\"kernel-source-vanilla~3.1.10~1.19.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae\", rpm:\"kernel-pae~3.1.10~1.19.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-base\", rpm:\"kernel-pae-base~3.1.10~1.19.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-base-debuginfo\", rpm:\"kernel-pae-base-debuginfo~3.1.10~1.19.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-debuginfo\", rpm:\"kernel-pae-debuginfo~3.1.10~1.19.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-debugsource\", rpm:\"kernel-pae-debugsource~3.1.10~1.19.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-devel\", rpm:\"kernel-pae-devel~3.1.10~1.19.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-devel-debuginfo\", rpm:\"kernel-pae-devel-debuginfo~3.1.10~1.19.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2017-12-12T11:14:25", "description": "Check for the Version of kernel", "cvss3": {}, "published": "2013-03-11T00:00:00", "type": "openvas", "title": "SuSE Update for kernel openSUSE-SU-2013:0396-1 (kernel)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-0871", "CVE-2012-4508", "CVE-2013-0268", "CVE-2013-0160", "CVE-2012-0957", "CVE-2012-2745", "CVE-2013-0231", "CVE-2012-3412", "CVE-2012-4530", "CVE-2013-0216", "CVE-2012-3400", "CVE-2012-3375", "CVE-2013-0309", "CVE-2012-5374"], "modified": "2017-12-08T00:00:00", "id": "OPENVAS:850414", "href": "http://plugins.openvas.org/nasl.php?oid=850414", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2013_0396_1.nasl 8045 2017-12-08 08:39:37Z santu $\n#\n# SuSE Update for kernel openSUSE-SU-2013:0396-1 (kernel)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The Linux kernel was updated to fix various bugs and\n security issues:\n\n CVE-2013-0871: Race condition in the ptrace functionality\n in the Linux kernel allowed local users to gain privileges\n via a PTRACE_SETREGS ptrace system call in a crafted\n application, as demonstrated by ptrace_death.\n\n CVE-2013-0160: Avoid a side channel attack on /dev/ptmx\n (keyboard input timing).\n\n CVE-2012-5374: Fixed a local denial of service in the BTRFS\n hashing code.\n\n CVE-2013-0309: arch/x86/include/asm/pgtable.h in the Linux\n kernel, when transparent huge pages are used, does not\n properly support PROT_NONE memory regions, which allows\n local users to cause a denial of service (system crash) via\n a crafted application.\n\n CVE-2013-0268: The msr_open function in\n arch/x86/kernel/msr.c in the Linux kernel allowed local\n users to bypass intended capability restrictions by\n executing a crafted application as root, as demonstrated by\n msr32.c.\n\n CVE-2012-0957: The override_release function in\n kernel/sys.c in the Linux kernel allowed local users to\n obtain sensitive information from kernel stack memory via a\n uname system call in conjunction with a UNAME26 personality.\n\n CVE-2013-0216: The Xen netback functionality in the Linux\n kernel allowed guest OS users to cause a denial of service\n (loop) by triggering ring pointer corruption.\n\n CVE-2013-0231: The pciback_enable_msi function in the PCI\n backend driver\n (drivers/xen/pciback/conf_space_capability_msi.c) in Xen\n for the Linux kernel allowed guest OS users with PCI device\n access to cause a denial of service via a large number of\n kernel log messages. NOTE: some of these details are\n obtained from third party information.\n\n CVE-2012-4530: The load_script function in\n fs/binfmt_script.c in the Linux kernel did not properly\n handle recursion, which allowed local users to obtain\n sensitive information from kernel stack memory via a\n crafted application.\n\n CVE-2012-4508: Race condition in fs/ext4/extents.c in the\n Linux kernel allowed local users to obtain sensitive\n information from a deleted file by reading an extent that\n was not properly marked as uninitialized.\n\n CVE-2012-3412: The sfc (aka Solarflare Solarstorm) driver\n in the Linux kernel allowed remote attackers to cause a\n denial of service (DMA descriptor consumption and\n network-controller outage) via crafted TCP packets that\n trigger a small MSS value.\n\n CVE-2012-2745: The copy_creds function in kernel/cred.c in\n the Linux kernel provided an invalid replacement session\n keyring to a child process, which allowed local users to\n cause a denial of service ... \n\n Description truncated, for more information please check the Reference URL\";\n\n\ntag_affected = \"kernel on openSUSE 12.1\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00005.html\");\n script_id(850414);\n script_version(\"$Revision: 8045 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-08 09:39:37 +0100 (Fri, 08 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-11 18:29:39 +0530 (Mon, 11 Mar 2013)\");\n script_cve_id(\"CVE-2012-0957\", \"CVE-2012-2745\", \"CVE-2012-3412\", \"CVE-2012-4530\",\n \"CVE-2013-0160\", \"CVE-2013-0216\", \"CVE-2013-0231\", \"CVE-2013-0268\",\n \"CVE-2013-0309\", \"CVE-2013-0871\", \"CVE-2012-5374\", \"CVE-2012-4508\",\n \"CVE-2012-3375\", \"CVE-2012-3400\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"openSUSE-SU\", value: \"2013:0396_1\");\n script_name(\"SuSE Update for kernel openSUSE-SU-2013:0396-1 (kernel)\");\n\n script_summary(\"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE12.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.1.10~1.19.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-base\", rpm:\"kernel-debug-base~3.1.10~1.19.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-base-debuginfo\", rpm:\"kernel-debug-base-debuginfo~3.1.10~1.19.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~3.1.10~1.19.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debugsource\", rpm:\"kernel-debug-debugsource~3.1.10~1.19.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~3.1.10~1.19.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel-debuginfo\", rpm:\"kernel-debug-devel-debuginfo~3.1.10~1.19.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~3.1.10~1.19.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~3.1.10~1.19.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-default-base-debuginfo\", rpm:\"kernel-default-base-debuginfo~3.1.10~1.19.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-default-debuginfo\", rpm:\"kernel-default-debuginfo~3.1.10~1.19.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-default-debugsource\", rpm:\"kernel-default-debugsource~3.1.10~1.19.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-default-devel\", rpm:\"kernel-default-devel~3.1.10~1.19.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-default-devel-debuginfo\", rpm:\"kernel-default-devel-debuginfo~3.1.10~1.19.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-desktop\", rpm:\"kernel-desktop~3.1.10~1.19.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-desktop-base\", rpm:\"kernel-desktop-base~3.1.10~1.19.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-desktop-base-debuginfo\", rpm:\"kernel-desktop-base-debuginfo~3.1.10~1.19.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-desktop-debuginfo\", rpm:\"kernel-desktop-debuginfo~3.1.10~1.19.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-desktop-debugsource\", rpm:\"kernel-desktop-debugsource~3.1.10~1.19.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-desktop-devel\", rpm:\"kernel-desktop-devel~3.1.10~1.19.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-desktop-devel-debuginfo\", rpm:\"kernel-desktop-devel-debuginfo~3.1.10~1.19.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-ec2\", rpm:\"kernel-ec2~3.1.10~1.19.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-ec2-base\", rpm:\"kernel-ec2-base~3.1.10~1.19.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-ec2-base-debuginfo\", rpm:\"kernel-ec2-base-debuginfo~3.1.10~1.19.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-ec2-debuginfo\", rpm:\"kernel-ec2-debuginfo~3.1.10~1.19.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-ec2-debugsource\", rpm:\"kernel-ec2-debugsource~3.1.10~1.19.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-ec2-devel\", rpm:\"kernel-ec2-devel~3.1.10~1.19.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-ec2-devel-debuginfo\", rpm:\"kernel-ec2-devel-debuginfo~3.1.10~1.19.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-ec2-extra\", rpm:\"kernel-ec2-extra~3.1.10~1.19.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-ec2-extra-debuginfo\", rpm:\"kernel-ec2-extra-debuginfo~3.1.10~1.19.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~3.1.10~1.19.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-trace\", rpm:\"kernel-trace~3.1.10~1.19.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-trace-base\", rpm:\"kernel-trace-base~3.1.10~1.19.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-trace-base-debuginfo\", rpm:\"kernel-trace-base-debuginfo~3.1.10~1.19.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-trace-debuginfo\", rpm:\"kernel-trace-debuginfo~3.1.10~1.19.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-trace-debugsource\", rpm:\"kernel-trace-debugsource~3.1.10~1.19.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-trace-devel\", rpm:\"kernel-trace-devel~3.1.10~1.19.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-trace-devel-debuginfo\", rpm:\"kernel-trace-devel-debuginfo~3.1.10~1.19.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-vanilla\", rpm:\"kernel-vanilla~3.1.10~1.19.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-vanilla-base\", rpm:\"kernel-vanilla-base~3.1.10~1.19.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-vanilla-base-debuginfo\", rpm:\"kernel-vanilla-base-debuginfo~3.1.10~1.19.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-vanilla-debuginfo\", rpm:\"kernel-vanilla-debuginfo~3.1.10~1.19.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-vanilla-debugsource\", rpm:\"kernel-vanilla-debugsource~3.1.10~1.19.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-vanilla-devel\", rpm:\"kernel-vanilla-devel~3.1.10~1.19.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-vanilla-devel-debuginfo\", rpm:\"kernel-vanilla-devel-debuginfo~3.1.10~1.19.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~3.1.10~1.19.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-base\", rpm:\"kernel-xen-base~3.1.10~1.19.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-base-debuginfo\", rpm:\"kernel-xen-base-debuginfo~3.1.10~1.19.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-debuginfo\", rpm:\"kernel-xen-debuginfo~3.1.10~1.19.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-debugsource\", rpm:\"kernel-xen-debugsource~3.1.10~1.19.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~3.1.10~1.19.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel-debuginfo\", rpm:\"kernel-xen-devel-debuginfo~3.1.10~1.19.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.1.10~1.19.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-docs\", rpm:\"kernel-docs~3.1.10~1.19.2\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~3.1.10~1.19.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-source-vanilla\", rpm:\"kernel-source-vanilla~3.1.10~1.19.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-pae\", rpm:\"kernel-pae~3.1.10~1.19.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-pae-base\", rpm:\"kernel-pae-base~3.1.10~1.19.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-pae-base-debuginfo\", rpm:\"kernel-pae-base-debuginfo~3.1.10~1.19.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-pae-debuginfo\", rpm:\"kernel-pae-debuginfo~3.1.10~1.19.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-pae-debugsource\", rpm:\"kernel-pae-debugsource~3.1.10~1.19.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-pae-devel\", rpm:\"kernel-pae-devel~3.1.10~1.19.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-pae-devel-debuginfo\", rpm:\"kernel-pae-devel-debuginfo~3.1.10~1.19.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2021-08-19T12:56:53", "description": "A flaw was found in how the Linux kernel passed the replacement session keyring to a child process. An unprivileged local user could exploit this flaw to cause a denial of service (panic).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2012-10-05T00:00:00", "type": "nessus", "title": "Ubuntu 10.04 LTS : linux-ec2 vulnerability (USN-1597-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2745"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-ec2", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts"], "id": "UBUNTU_USN-1597-1.NASL", "href": "https://www.tenable.com/plugins/nessus/62437", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1597-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(62437);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/09/19 12:54:28\");\n\n script_cve_id(\"CVE-2012-2745\");\n script_bugtraq_id(54365);\n script_xref(name:\"USN\", value:\"1597-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS : linux-ec2 vulnerability (USN-1597-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was found in how the Linux kernel passed the replacement\nsession keyring to a child process. An unprivileged local user could\nexploit this flaw to cause a denial of service (panic).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1597-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected linux-image-2.6-ec2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/08/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/10/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/10/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2012-2745\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-1597-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-349-ec2\", pkgver:\"2.6.32-349.55\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-2.6-ec2\");\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T12:56:06", "description": "The SUSE Linux Enterprise 11 SP2 kernel was updated to 3.0.42 which fixes various bugs and security issues.\n\nThe following security issues have been fixed :\n\n - A denial of service in key management was fixed. (This was fixed in 3.0.28 already, but is listed here.) Some more security and bug fixes might already be part of the 3.0.42 stable kernel release which is included here.\n (CVE-2012-2745)\n\nThe following non security issues have been fixed :\n\nBTRFS :\n\n - btrfs: allow setting NOCOW for a zero sized file via ioctl\n\n - btrfs: fix a bug of per-file nocow\n\n - btrfs: fix the missing error information in create_pending_snapshot()\n\n - btrfs: fix off-by-one in file clone\n\n - btrfs: move transaction aborts to the point of failure\n\n - btrfs: fix unnecessary warning when the fragments make the space alloc fail\n\n - btrfs: return EPERM upon rmdir on a subvolume\n\n - btrfs: cleanup for duplicated code in find_free_extent\n\n - btrfs: cleanup fs_info->hashers\n\n - btrfs: use vfree instead of kfree\n\n - btrfs: fix error path in create_pending_snapshot()\n\n - btrfs: fix file extent discount problem in the, snapshot\n\n - btrfs: fix full backref problem when inserting shared block reference\n\n - btrfs: fix wrong size for the reservation of the, snapshot creation\n\n - btrfs: fix error handling in delete_block_group_cache()\n\n - btrfs: polish names of kmem caches\n\n - btrfs: update last trans if we do not update the inode\n\n - btrfs: fix possible corruption when fsyncing written prealloced extents\n\n - btrfs: set journal_info in async trans commit worker\n\n - btrfs: fix a bug in parsing return value in logical resolve\n\n - btrfs: use helper for logical resolve\n\n - btrfs: use larger limit for translation of logical to inode\n\n - btrfs: use a slab for ordered extents allocation\n\n - btrfs: fix unprotected ->log_batch\n\n - btrfs: output more information when aborting a unused transaction handle\n\n - btrfs: fix wrong size for the reservation when doing, file pre-allocation\n\n - btrfs: cleanup for unused ref cache stuff\n\n - btrfs: fix a misplaced address operator in a condition\n\n - btrfs: fix that error value is changed by mistake\n\n - btrfs: fix second lock in btrfs_delete_delayed_items()\n\n - btrfs: increase the size of the free space cache\n\n - btrfs: fix enospc problems when deleting a subvol\n\n - btrfs: fix wrong mtime and ctime when creating snapshots\n\n - btrfs: fix race in run_clustered_refs S/390 :\n\n - zfcp: remove invalid reference to list iterator variable. (bnc#779461)\n\n - zfcp: Make trace record tags unique (bnc#780012,LTC#84941).\n\n - zfcp: Do not wakeup while suspended (bnc#780012,LTC#84816).\n\n - zfcp: restore refcount check on port_remove (bnc#780012,LTC#84942).\n\n - zfcp: No automatic port_rescan on events (bnc#780012,LTC#84817).\n\n - dasd: System hang after all channel were lost (bnc#780012,LTC#85025).\n\n - Added patches.arch/s390-54-01-hypfs-missing-files.patch to series.conf. (bnc#769407)\n\n - dasd: set and unset TIMEOUT flag automatically.\n (bnc#768084)\n\n - kernel: incorrect task size after fork of a 31 bit process (bnc#772407,LTC#83674).\n\n - patches.arch/s390-55-03-crst-table-downgrade.patch:\n Deleted due to 31bit compile error. ALSA :\n\n - ALSA: hda - Add mic-mute LED control for HP laptop.\n (bnc#779330)\n\n - ALSA: hda - Add 3stack-automute model to AD1882 codec (bnc#775373). Wireless :\n\n - rt2x00: Remove incorrect led blink. (bnc#774902)\n\n - Revert 'rt2x00: handle spurious pci interrupts'.\n (bnc#774902)\n\n - rt2x00: Mark active channels survey data as 'in use'.\n (bnc#774902)\n\n - rt2x00: Convert big if-statements to switch-statements.\n (bnc#774902)\n\n - rt2800: zero MAC_SYS_CTRL bits during BBP and MAC reset.\n (bnc#774902)\n\n - rt2800lib: fix wrong -128dBm when signal is stronger than -12dBm. (bnc#774902)\n\n - rt2800: document RF_R03 register bits [7:4].\n (bnc#774902)\n\n - rt2x00: Introduce concept of driver data in struct rt2x00_dev. (bnc#774902)\n\n - rt2x00: Use struct rt2x00_dev driver data in rt2800{pci,usb}. (bnc#774902)\n\n - rt2x00: fix a possible NULL pointer dereference.\n (bnc#774902)\n\n - rt2x00:Add VCO recalibration. (bnc#774902)\n\n - rt2x00:Add RT5372 chipset support. (bnc#774902)\n\n - rt2x00: Set IEEE80211_HW_REPORTS_TX_ACK_STATUS in rt2800. (bnc#774902)\n\n - rt2800: introduce wpdma_disable function. (bnc#774902)\n\n - rt2800: initialize queues before giving up due to DMA error. (bnc#774902)\n\n - rt2800: zero registers of unused TX rings. (bnc#774902)\n\n - wireless: rt2x00: rt2800pci add more RT539x ids.\n (bnc#774902)\n\n - rt2x00:Add RT5392 chipset support. (bnc#774902)\n\n - patches.fixes/0012-rt2x00-Add-RT5372-chipset-support.pat ch: Fix typo.\n\n - rt2800: Add documentation on MCU requests. (bnc#744198)\n\n - rt2800pci: Fix 'Error - MCU request failed' during initialization. (bnc#744198) Packaging :\n\n - rpm/kernel-binary.spec.in: Temporarily disable icecream builds until miscompilation is resolved. (bnc#763954 / bnc#773831)\n\n - rpm/kernel-binary.spec.in: add Conflicts for older hyper-v hv_kvp_daemon (bnc#770763) the kernel-user interface changed, old binaries will busyloop with newer kernel\n\n - rpm/kernel-binary.spec.in: Do not run debugedit -i, use eu-unstrip to retrieve the build-id instead.\n (bnc#768504)\n\n - rpm/kernel-binary.spec.in: Fix Obsoletes: tag for the SLE11-SP1 realtek-r8192ce_pci-kmp package. Misc\n\n - patches.suse/no-partition-scan: Implement 'no_partition_scan' commandline option (FATE#303697).\n\n - vfs: dcache: use DCACHE_DENTRY_KILLED instead of DCACHE_DISCONNECTED in d_kill(). (bnc#779699)\n\n - igb: convert to ndo_fix_features. (bnc#777269)\n\n - igb: do vlan cleanup. (bnc#777269)\n\n - tcp: flush DMA queue before sk_wait_data if rcv_wnd is zero. (bnc#777024)\n\n - drm: Export drm_probe_ddc(). (bnc#780461)\n\n - drm/dp: Update DPCD defines. (bnc#780461)\n\n - drm/i915/dp: Be smarter about connection sense for branch devices. (bnc#780461)\n\n - drm/i915/dp: Fetch downstream port info if needed during DPCD fetch. (bnc#780461)\n\n - md: fix so that GET_ARRAY_INFO and GET_DISK_INFO fail correctly when array has not 'raid_disks' count yet.\n\n - sched: Fix ancient race in do_exit(). (bnc#781018)\n\n - sched: fix divide by zero in thread_group/task_times().\n (bnc#761774)\n\n - sched: fix migration thread runtime bogosity.\n (bnc#773688, bnc#769251)\n\n - megaraid_sas: boot hangs up while LD is offline issue.\n (bnc#698102)\n\n - memcg: warn on deeper hierarchies with use_hierarchy==0.\n (bnc#781134)\n\n - scsi_dh_alua: Retry the check-condition in case Mode Parameters Changed. (bnc#772473)\n\n - scsi: update scsi.h with SYNCHRONIZE_CACHE_16 (FATE#313550,bnc#769195).\n\n - sd: Reshuffle init_sd to avoid crash. (bnc#776787)\n\n - st: remove st_mutex. (bnc#773007)\n\n - cifs: Assume passwords are encoded according to iocharset (try #2). (bnc#731035)\n\n - drm/fb-helper: delay hotplug handling when partially bound. (bnc#778822)\n\n - drm/fb helper: do not call drm_crtc_helper_set_config.\n (bnc#778822)\n\n - patches.drivers/drm-Skip-too-big-EDID-extensions:\n Delete. Fixed in firmware, so no longer needed.\n (bnc#764900)\n\n - drm/i915: Fix backlight control for systems which have bl polarity reversed. (bnc#766156)\n\n - patches.kernel.org/patch-3.0.27-28: Update references.\n (bnc#770695 / CVE-2012-2745)\n\n - xen/x86-64: fix hypercall page unwind info.\n\n - patches.xen/xen3-patch-3.0.40-41: Linux 3.0.41.\n\n - Refresh other Xen patches. (bnc#776019)\n\n - e1000e: clear REQ and GNT in EECD (82571 &&\n 82572). (bnc#762099)\n\n - bonding: add some slack to arp monitoring time limits.\n (bnc#776095)\n\n - patches.arch/x2apic_opt_out.patch: Refresh. (bnc#778082)\n\n - x86, mce: Do not call del_timer_sync() in IRQ context.\n (bnc#776896)\n\n - cpufreq / ACPI: Fix not loading acpi-cpufreq driver regression. (bnc#766654)\n\n - ida: Update references. (bnc#740291)\n\n - audit: do not free_chunk() after fsnotify_add_mark().\n (bnc#762214)\n\n - audit: fix refcounting in audit-tree. (bnc#762214)\n\n - mlx4_en: map entire pages to increase throughput.\n\n - usb: Add support for root hub port status CAS.\n (bnc#774289)\n\n - fs,reiserfs: unlock superblock before calling reiserfs_quota_on_mount(). (bnc#772786)\n\n - reiserfs: fix deadlock with nfs racing on create/lookup.\n (bnc#762693)\n\n - NFS: Slow down state manager after an unhandled error.\n (bnc#774973)\n\n - nfs: increase number of permitted callback connections.\n (bnc#771706)\n\n - Freezer / sunrpc / NFS: do not allow TASK_KILLABLE sleeps to block the freezer. (bnc#775182)\n\n - powerpc/pseries: Support lower minimum entitlement for virtual processors. (bnc#775984)\n\n - powerpc: Disable /dev/port interface on systems without an ISA bridge. (bnc#754670)\n\n - ocfs2: Add a missing journal credit in ocfs2_link_credits() -v2. (bnc#773320)\n\n - block: do not artificially constrain max_sectors for stacking drivers. (bnc#774073)\n\n - bnx2x: Clear MDC/MDIO warning message. (bnc#769035)\n\n - bnx2x: Fix BCM57810-KR AN speed transition. (bnc#769035)\n\n - bnx2x: Fix BCM57810-KR FC. (bnc#769035)\n\n - bnx2x: Fix BCM578x0-SFI pre-emphasis settings.\n (bnc#769035)\n\n - bnx2x: Fix link issue for BCM8727 boards. (bnc#769035)\n\n - bnx2x: PFC fix. (bnc#769035)\n\n - bnx2x: fix checksum validation. (bnc#769035)\n\n - bnx2x: fix panic when TX ring is full. (bnc#769035)\n\n - bnx2x: previous driver unload revised. (bnc#769035)\n\n - bnx2x: remove WARN_ON. (bnc#769035)\n\n - bnx2x: update driver version. (bnc#769035)\n\n - xhci: Fix a logical vs bitwise AND bug. (bnc#772427)\n\n - xhci: Switch PPT ports to EHCI on shutdown. (bnc#772427)\n\n - xhci: definitions of register definitions to preserve kABI. (bnc#772427)\n\n - xhci: Introduce a private switchback method to preserve kABI. (bnc#772427)\n\n - config.conf: Drop reference to a s390 vanilla config that does not exist.\n\n - block: eliminate potential for infinite loop in blkdev_issue_discard. (bnc#773319)\n\n - Fix cosmetic (but worrisome to users) stop class accounting bug.\n\n - bluetooth: Another vendor specific ID for BCM20702A0 [0a5c:21f1]. (bnc#774612)\n\n - memcg: further prevent OOM with too many dirty pages.\n (bnc#763198)\n\n - patches.fixes/mm-consider-PageReclaim-for-sync-reclaim.p atch: Refresh to match the upstream version.\n\n - tmpfs: optimize clearing when writing (VM Performance).\n\n - tmpfs: distribute interleave better across nodes.\n (bnc#764209)\n\n - patches.fixes/tmpfs-implement-NUMA-node-interleaving.pat ch: dropped in favor of the upstream patch", "cvss3": {"score": null, "vector": null}, "published": "2013-01-25T00:00:00", "type": "nessus", "title": "SuSE 11.2 Security Update : Linux kernel (SAT Patch Numbers 6923 / 6926 / 6931)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2745"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:kernel-default", "p-cpe:/a:novell:suse_linux:11:kernel-default-base", "p-cpe:/a:novell:suse_linux:11:kernel-default-devel", "p-cpe:/a:novell:suse_linux:11:kernel-default-extra", "p-cpe:/a:novell:suse_linux:11:kernel-default-man", "p-cpe:/a:novell:suse_linux:11:kernel-ec2", "p-cpe:/a:novell:suse_linux:11:kernel-ec2-base", "p-cpe:/a:novell:suse_linux:11:kernel-ec2-devel", "p-cpe:/a:novell:suse_linux:11:kernel-pae", "p-cpe:/a:novell:suse_linux:11:kernel-pae-base", "p-cpe:/a:novell:suse_linux:11:kernel-pae-devel", "p-cpe:/a:novell:suse_linux:11:kernel-pae-extra", "p-cpe:/a:novell:suse_linux:11:kernel-source", "p-cpe:/a:novell:suse_linux:11:kernel-syms", "p-cpe:/a:novell:suse_linux:11:kernel-trace", "p-cpe:/a:novell:suse_linux:11:kernel-trace-base", "p-cpe:/a:novell:suse_linux:11:kernel-trace-devel", "p-cpe:/a:novell:suse_linux:11:kernel-trace-extra", "p-cpe:/a:novell:suse_linux:11:kernel-xen", "p-cpe:/a:novell:suse_linux:11:kernel-xen-base", "p-cpe:/a:novell:suse_linux:11:kernel-xen-devel", "p-cpe:/a:novell:suse_linux:11:kernel-xen-extra", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_KERNEL-121010.NASL", "href": "https://www.tenable.com/plugins/nessus/64179", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(64179);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-2745\");\n\n script_name(english:\"SuSE 11.2 Security Update : Linux kernel (SAT Patch Numbers 6923 / 6926 / 6931)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 11 SP2 kernel was updated to 3.0.42 which\nfixes various bugs and security issues.\n\nThe following security issues have been fixed :\n\n - A denial of service in key management was fixed. (This\n was fixed in 3.0.28 already, but is listed here.) Some\n more security and bug fixes might already be part of the\n 3.0.42 stable kernel release which is included here.\n (CVE-2012-2745)\n\nThe following non security issues have been fixed :\n\nBTRFS :\n\n - btrfs: allow setting NOCOW for a zero sized file via\n ioctl\n\n - btrfs: fix a bug of per-file nocow\n\n - btrfs: fix the missing error information in\n create_pending_snapshot()\n\n - btrfs: fix off-by-one in file clone\n\n - btrfs: move transaction aborts to the point of failure\n\n - btrfs: fix unnecessary warning when the fragments make\n the space alloc fail\n\n - btrfs: return EPERM upon rmdir on a subvolume\n\n - btrfs: cleanup for duplicated code in find_free_extent\n\n - btrfs: cleanup fs_info->hashers\n\n - btrfs: use vfree instead of kfree\n\n - btrfs: fix error path in create_pending_snapshot()\n\n - btrfs: fix file extent discount problem in the, snapshot\n\n - btrfs: fix full backref problem when inserting shared\n block reference\n\n - btrfs: fix wrong size for the reservation of the,\n snapshot creation\n\n - btrfs: fix error handling in delete_block_group_cache()\n\n - btrfs: polish names of kmem caches\n\n - btrfs: update last trans if we do not update the inode\n\n - btrfs: fix possible corruption when fsyncing written\n prealloced extents\n\n - btrfs: set journal_info in async trans commit worker\n\n - btrfs: fix a bug in parsing return value in logical\n resolve\n\n - btrfs: use helper for logical resolve\n\n - btrfs: use larger limit for translation of logical to\n inode\n\n - btrfs: use a slab for ordered extents allocation\n\n - btrfs: fix unprotected ->log_batch\n\n - btrfs: output more information when aborting a unused\n transaction handle\n\n - btrfs: fix wrong size for the reservation when doing,\n file pre-allocation\n\n - btrfs: cleanup for unused ref cache stuff\n\n - btrfs: fix a misplaced address operator in a condition\n\n - btrfs: fix that error value is changed by mistake\n\n - btrfs: fix second lock in btrfs_delete_delayed_items()\n\n - btrfs: increase the size of the free space cache\n\n - btrfs: fix enospc problems when deleting a subvol\n\n - btrfs: fix wrong mtime and ctime when creating snapshots\n\n - btrfs: fix race in run_clustered_refs S/390 :\n\n - zfcp: remove invalid reference to list iterator\n variable. (bnc#779461)\n\n - zfcp: Make trace record tags unique\n (bnc#780012,LTC#84941).\n\n - zfcp: Do not wakeup while suspended\n (bnc#780012,LTC#84816).\n\n - zfcp: restore refcount check on port_remove\n (bnc#780012,LTC#84942).\n\n - zfcp: No automatic port_rescan on events\n (bnc#780012,LTC#84817).\n\n - dasd: System hang after all channel were lost\n (bnc#780012,LTC#85025).\n\n - Added patches.arch/s390-54-01-hypfs-missing-files.patch\n to series.conf. (bnc#769407)\n\n - dasd: set and unset TIMEOUT flag automatically.\n (bnc#768084)\n\n - kernel: incorrect task size after fork of a 31 bit\n process (bnc#772407,LTC#83674).\n\n - patches.arch/s390-55-03-crst-table-downgrade.patch:\n Deleted due to 31bit compile error. ALSA :\n\n - ALSA: hda - Add mic-mute LED control for HP laptop.\n (bnc#779330)\n\n - ALSA: hda - Add 3stack-automute model to AD1882 codec\n (bnc#775373). Wireless :\n\n - rt2x00: Remove incorrect led blink. (bnc#774902)\n\n - Revert 'rt2x00: handle spurious pci interrupts'.\n (bnc#774902)\n\n - rt2x00: Mark active channels survey data as 'in use'.\n (bnc#774902)\n\n - rt2x00: Convert big if-statements to switch-statements.\n (bnc#774902)\n\n - rt2800: zero MAC_SYS_CTRL bits during BBP and MAC reset.\n (bnc#774902)\n\n - rt2800lib: fix wrong -128dBm when signal is stronger\n than -12dBm. (bnc#774902)\n\n - rt2800: document RF_R03 register bits [7:4].\n (bnc#774902)\n\n - rt2x00: Introduce concept of driver data in struct\n rt2x00_dev. (bnc#774902)\n\n - rt2x00: Use struct rt2x00_dev driver data in\n rt2800{pci,usb}. (bnc#774902)\n\n - rt2x00: fix a possible NULL pointer dereference.\n (bnc#774902)\n\n - rt2x00:Add VCO recalibration. (bnc#774902)\n\n - rt2x00:Add RT5372 chipset support. (bnc#774902)\n\n - rt2x00: Set IEEE80211_HW_REPORTS_TX_ACK_STATUS in\n rt2800. (bnc#774902)\n\n - rt2800: introduce wpdma_disable function. (bnc#774902)\n\n - rt2800: initialize queues before giving up due to DMA\n error. (bnc#774902)\n\n - rt2800: zero registers of unused TX rings. (bnc#774902)\n\n - wireless: rt2x00: rt2800pci add more RT539x ids.\n (bnc#774902)\n\n - rt2x00:Add RT5392 chipset support. (bnc#774902)\n\n -\n patches.fixes/0012-rt2x00-Add-RT5372-chipset-support.pat\n ch: Fix typo.\n\n - rt2800: Add documentation on MCU requests. (bnc#744198)\n\n - rt2800pci: Fix 'Error - MCU request failed' during\n initialization. (bnc#744198) Packaging :\n\n - rpm/kernel-binary.spec.in: Temporarily disable icecream\n builds until miscompilation is resolved. (bnc#763954 /\n bnc#773831)\n\n - rpm/kernel-binary.spec.in: add Conflicts for older\n hyper-v hv_kvp_daemon (bnc#770763) the kernel-user\n interface changed, old binaries will busyloop with newer\n kernel\n\n - rpm/kernel-binary.spec.in: Do not run debugedit -i, use\n eu-unstrip to retrieve the build-id instead.\n (bnc#768504)\n\n - rpm/kernel-binary.spec.in: Fix Obsoletes: tag for the\n SLE11-SP1 realtek-r8192ce_pci-kmp package. Misc\n\n - patches.suse/no-partition-scan: Implement\n 'no_partition_scan' commandline option (FATE#303697).\n\n - vfs: dcache: use DCACHE_DENTRY_KILLED instead of\n DCACHE_DISCONNECTED in d_kill(). (bnc#779699)\n\n - igb: convert to ndo_fix_features. (bnc#777269)\n\n - igb: do vlan cleanup. (bnc#777269)\n\n - tcp: flush DMA queue before sk_wait_data if rcv_wnd is\n zero. (bnc#777024)\n\n - drm: Export drm_probe_ddc(). (bnc#780461)\n\n - drm/dp: Update DPCD defines. (bnc#780461)\n\n - drm/i915/dp: Be smarter about connection sense for\n branch devices. (bnc#780461)\n\n - drm/i915/dp: Fetch downstream port info if needed during\n DPCD fetch. (bnc#780461)\n\n - md: fix so that GET_ARRAY_INFO and GET_DISK_INFO fail\n correctly when array has not 'raid_disks' count yet.\n\n - sched: Fix ancient race in do_exit(). (bnc#781018)\n\n - sched: fix divide by zero in thread_group/task_times().\n (bnc#761774)\n\n - sched: fix migration thread runtime bogosity.\n (bnc#773688, bnc#769251)\n\n - megaraid_sas: boot hangs up while LD is offline issue.\n (bnc#698102)\n\n - memcg: warn on deeper hierarchies with use_hierarchy==0.\n (bnc#781134)\n\n - scsi_dh_alua: Retry the check-condition in case Mode\n Parameters Changed. (bnc#772473)\n\n - scsi: update scsi.h with SYNCHRONIZE_CACHE_16\n (FATE#313550,bnc#769195).\n\n - sd: Reshuffle init_sd to avoid crash. (bnc#776787)\n\n - st: remove st_mutex. (bnc#773007)\n\n - cifs: Assume passwords are encoded according to\n iocharset (try #2). (bnc#731035)\n\n - drm/fb-helper: delay hotplug handling when partially\n bound. (bnc#778822)\n\n - drm/fb helper: do not call drm_crtc_helper_set_config.\n (bnc#778822)\n\n - patches.drivers/drm-Skip-too-big-EDID-extensions:\n Delete. Fixed in firmware, so no longer needed.\n (bnc#764900)\n\n - drm/i915: Fix backlight control for systems which have\n bl polarity reversed. (bnc#766156)\n\n - patches.kernel.org/patch-3.0.27-28: Update references.\n (bnc#770695 / CVE-2012-2745)\n\n - xen/x86-64: fix hypercall page unwind info.\n\n - patches.xen/xen3-patch-3.0.40-41: Linux 3.0.41.\n\n - Refresh other Xen patches. (bnc#776019)\n\n - e1000e: clear REQ and GNT in EECD (82571 &&\n 82572). (bnc#762099)\n\n - bonding: add some slack to arp monitoring time limits.\n (bnc#776095)\n\n - patches.arch/x2apic_opt_out.patch: Refresh. (bnc#778082)\n\n - x86, mce: Do not call del_timer_sync() in IRQ context.\n (bnc#776896)\n\n - cpufreq / ACPI: Fix not loading acpi-cpufreq driver\n regression. (bnc#766654)\n\n - ida: Update references. (bnc#740291)\n\n - audit: do not free_chunk() after fsnotify_add_mark().\n (bnc#762214)\n\n - audit: fix refcounting in audit-tree. (bnc#762214)\n\n - mlx4_en: map entire pages to increase throughput.\n\n - usb: Add support for root hub port status CAS.\n (bnc#774289)\n\n - fs,reiserfs: unlock superblock before calling\n reiserfs_quota_on_mount(). (bnc#772786)\n\n - reiserfs: fix deadlock with nfs racing on create/lookup.\n (bnc#762693)\n\n - NFS: Slow down state manager after an unhandled error.\n (bnc#774973)\n\n - nfs: increase number of permitted callback connections.\n (bnc#771706)\n\n - Freezer / sunrpc / NFS: do not allow TASK_KILLABLE\n sleeps to block the freezer. (bnc#775182)\n\n - powerpc/pseries: Support lower minimum entitlement for\n virtual processors. (bnc#775984)\n\n - powerpc: Disable /dev/port interface on systems without\n an ISA bridge. (bnc#754670)\n\n - ocfs2: Add a missing journal credit in\n ocfs2_link_credits() -v2. (bnc#773320)\n\n - block: do not artificially constrain max_sectors for\n stacking drivers. (bnc#774073)\n\n - bnx2x: Clear MDC/MDIO warning message. (bnc#769035)\n\n - bnx2x: Fix BCM57810-KR AN speed transition. (bnc#769035)\n\n - bnx2x: Fix BCM57810-KR FC. (bnc#769035)\n\n - bnx2x: Fix BCM578x0-SFI pre-emphasis settings.\n (bnc#769035)\n\n - bnx2x: Fix link issue for BCM8727 boards. (bnc#769035)\n\n - bnx2x: PFC fix. (bnc#769035)\n\n - bnx2x: fix checksum validation. (bnc#769035)\n\n - bnx2x: fix panic when TX ring is full. (bnc#769035)\n\n - bnx2x: previous driver unload revised. (bnc#769035)\n\n - bnx2x: remove WARN_ON. (bnc#769035)\n\n - bnx2x: update driver version. (bnc#769035)\n\n - xhci: Fix a logical vs bitwise AND bug. (bnc#772427)\n\n - xhci: Switch PPT ports to EHCI on shutdown. (bnc#772427)\n\n - xhci: definitions of register definitions to preserve\n kABI. (bnc#772427)\n\n - xhci: Introduce a private switchback method to preserve\n kABI. (bnc#772427)\n\n - config.conf: Drop reference to a s390 vanilla config\n that does not exist.\n\n - block: eliminate potential for infinite loop in\n blkdev_issue_discard. (bnc#773319)\n\n - Fix cosmetic (but worrisome to users) stop class\n accounting bug.\n\n - bluetooth: Another vendor specific ID for BCM20702A0\n [0a5c:21f1]. (bnc#774612)\n\n - memcg: further prevent OOM with too many dirty pages.\n (bnc#763198)\n\n -\n patches.fixes/mm-consider-PageReclaim-for-sync-reclaim.p\n atch: Refresh to match the upstream version.\n\n - tmpfs: optimize clearing when writing (VM Performance).\n\n - tmpfs: distribute interleave better across nodes.\n (bnc#764209)\n\n -\n patches.fixes/tmpfs-implement-NUMA-node-interleaving.pat\n ch: dropped in favor of the upstream patch\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=698102\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=731035\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=740291\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=744198\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=753617\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=754670\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=761774\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=762099\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=762214\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=762693\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=763198\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=763954\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=764209\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=764900\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=766156\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=766654\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=768084\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=768504\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=769035\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=769195\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=769251\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=769407\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=770034\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=770695\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=770763\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=771706\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=772407\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=772427\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=772473\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=772786\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=772831\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=773007\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=773319\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=773320\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=773688\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=773831\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=774073\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=774289\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=774612\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=774902\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=774973\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=775182\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=775373\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=775984\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=776019\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=776095\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=776787\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=776896\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=777024\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=777269\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=778082\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=778822\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=779330\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=779461\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=779699\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=780012\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=780461\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=781018\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=781134\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-2745.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Apply SAT patch number 6923 / 6926 / 6931 as appropriate.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-pae-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-trace-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-trace-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-xen-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/10/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 2) audit(AUDIT_OS_NOT, \"SuSE 11.2\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"kernel-default-3.0.42-0.7.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"kernel-default-base-3.0.42-0.7.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"kernel-default-devel-3.0.42-0.7.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"kernel-default-extra-3.0.42-0.7.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"kernel-pae-3.0.42-0.7.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"kernel-pae-base-3.0.42-0.7.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"kernel-pae-devel-3.0.42-0.7.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"kernel-pae-extra-3.0.42-0.7.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"kernel-source-3.0.42-0.7.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"kernel-syms-3.0.42-0.7.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"kernel-trace-3.0.42-0.7.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"kernel-trace-base-3.0.42-0.7.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"kernel-trace-devel-3.0.42-0.7.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"kernel-trace-extra-3.0.42-0.7.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"kernel-xen-3.0.42-0.7.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"kernel-xen-base-3.0.42-0.7.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"kernel-xen-devel-3.0.42-0.7.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"kernel-xen-extra-3.0.42-0.7.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"kernel-default-3.0.42-0.7.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"kernel-default-base-3.0.42-0.7.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"kernel-default-devel-3.0.42-0.7.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"kernel-default-extra-3.0.42-0.7.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"kernel-source-3.0.42-0.7.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"kernel-syms-3.0.42-0.7.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"kernel-trace-3.0.42-0.7.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"kernel-trace-base-3.0.42-0.7.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"kernel-trace-devel-3.0.42-0.7.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"kernel-trace-extra-3.0.42-0.7.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"kernel-xen-3.0.42-0.7.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"kernel-xen-base-3.0.42-0.7.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"kernel-xen-devel-3.0.42-0.7.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"kernel-xen-extra-3.0.42-0.7.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"kernel-default-3.0.42-0.7.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"kernel-default-base-3.0.42-0.7.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"kernel-default-devel-3.0.42-0.7.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"kernel-source-3.0.42-0.7.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"kernel-syms-3.0.42-0.7.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"kernel-trace-3.0.42-0.7.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"kernel-trace-base-3.0.42-0.7.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"kernel-trace-devel-3.0.42-0.7.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"i586\", reference:\"kernel-ec2-3.0.42-0.7.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"i586\", reference:\"kernel-ec2-base-3.0.42-0.7.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"i586\", reference:\"kernel-ec2-devel-3.0.42-0.7.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"i586\", reference:\"kernel-pae-3.0.42-0.7.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"i586\", reference:\"kernel-pae-base-3.0.42-0.7.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"i586\", reference:\"kernel-pae-devel-3.0.42-0.7.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"i586\", reference:\"kernel-xen-3.0.42-0.7.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"i586\", reference:\"kernel-xen-base-3.0.42-0.7.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"i586\", reference:\"kernel-xen-devel-3.0.42-0.7.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"s390x\", reference:\"kernel-default-man-3.0.42-0.7.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"x86_64\", reference:\"kernel-ec2-3.0.42-0.7.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"x86_64\", reference:\"kernel-ec2-base-3.0.42-0.7.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"x86_64\", reference:\"kernel-ec2-devel-3.0.42-0.7.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"x86_64\", reference:\"kernel-xen-3.0.42-0.7.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"x86_64\", reference:\"kernel-xen-base-3.0.42-0.7.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"x86_64\", reference:\"kernel-xen-devel-3.0.42-0.7.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T12:56:55", "description": "A flaw was found in how the Linux kernel's KVM (Kernel-based Virtual Machine) subsystem handled MSI (Message Signaled Interrupts). A local unprivileged user could exploit this flaw to cause a denial of service or potentially elevate privileges. (CVE-2012-2137)\n\nA flaw was found in how the Linux kernel passed the replacement session keyring to a child process. An unprivileged local user could exploit this flaw to cause a denial of service (panic).\n(CVE-2012-2745).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2012-10-12T00:00:00", "type": "nessus", "title": "Ubuntu 10.04 LTS : linux vulnerabilities (USN-1606-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2137", "CVE-2012-2745"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpia", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-preempt", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-versatile", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts"], "id": "UBUNTU_USN-1606-1.NASL", "href": "https://www.tenable.com/plugins/nessus/62513", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1606-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(62513);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/09/19 12:54:28\");\n\n script_cve_id(\"CVE-2012-2137\", \"CVE-2012-2745\");\n script_bugtraq_id(54063, 54365);\n script_xref(name:\"USN\", value:\"1606-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS : linux vulnerabilities (USN-1606-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was found in how the Linux kernel's KVM (Kernel-based Virtual\nMachine) subsystem handled MSI (Message Signaled Interrupts). A local\nunprivileged user could exploit this flaw to cause a denial of service\nor potentially elevate privileges. (CVE-2012-2137)\n\nA flaw was found in how the Linux kernel passed the replacement\nsession keyring to a child process. An unprivileged local user could\nexploit this flaw to cause a denial of service (panic).\n(CVE-2012-2745).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1606-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpia\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-versatile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/08/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/10/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2012-2137\", \"CVE-2012-2745\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-1606-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-44-386\", pkgver:\"2.6.32-44.98\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-44-generic\", pkgver:\"2.6.32-44.98\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-44-generic-pae\", pkgver:\"2.6.32-44.98\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-44-lpia\", pkgver:\"2.6.32-44.98\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-44-preempt\", pkgver:\"2.6.32-44.98\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-44-server\", pkgver:\"2.6.32-44.98\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-44-versatile\", pkgver:\"2.6.32-44.98\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-44-virtual\", pkgver:\"2.6.32-44.98\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-2.6-386 / linux-image-2.6-generic / etc\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:57:43", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThis update fixes the following security issues :\n\n - A NULL pointer dereference flaw was found in the nf_ct_frag6_reasm() function in the Linux kernel's netfilter IPv6 connection tracking implementation. A remote attacker could use this flaw to send specially crafted packets to a target system that is using IPv6 and also has the nf_conntrack_ipv6 kernel module loaded, causing it to crash. (CVE-2012-2744, Important)\n\n - A flaw was found in the way the Linux kernel's key management facility handled replacement session keyrings on process forks. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2012-2745, Moderate)\n\nThis update also fixes the following bugs :\n\n - Previously introduced firmware files required for new Realtek chipsets contained an invalid prefix ('rtl_nic_') in the file names, for example '/lib/firmware/rtl_nic/rtl_nic_rtl8168d-1.fw'. This update corrects these file names. For example, the aforementioned file is now correctly named '/lib/firmware/rtl_nic/rtl8168d-1.fw'.\n\n - This update blacklists the ADMA428M revision of the 2GB ATA Flash Disk device. This is due to data corruption occurring on the said device when the Ultra-DMA 66 transfer mode is used. When the 'libata.force=5:pio0,6:pio0' kernel parameter is set, the aforementioned device works as expected.\n\n - On Scientific Linux 6, mounting an NFS export from a server running Windows Server 2012 Release Candidate returned the NFS4ERR_MINOR_VERS_MISMATCH error because Windows Server 2012 Release Candidate supports NFSv4.1 only. Scientific Linux 6 did not properly handle the returned error and did not fall back to using NFSv3, which caused the mount operation to fail. With this update, when the NFS4ERR_MINOR_VERS_MISMATCH error is returned, the mount operation properly falls back to using NFSv3 and no longer fails.\n\n - On ext4 file systems, when fallocate() failed to allocate blocks due to the ENOSPC condition (no space left on device) for a file larger than 4 GB, the size of the file became corrupted and, consequently, caused file system corruption. This was due to a missing cast operator in the 'ext4_fallocate()' function. With this update, the underlying source code has been modified to address this issue, and file system corruption no longer occurs.\n\nUsers should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20120710)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2744", "CVE-2012-2745"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:kernel", "p-cpe:/a:fermilab:scientific_linux:kernel-debug", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-i686", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:fermilab:scientific_linux:kernel-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-doc", "p-cpe:/a:fermilab:scientific_linux:kernel-firmware", "p-cpe:/a:fermilab:scientific_linux:kernel-headers", "p-cpe:/a:fermilab:scientific_linux:perf", "p-cpe:/a:fermilab:scientific_linux:perf-debuginfo", "p-cpe:/a:fermilab:scientific_linux:python-perf", "p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20120710_KERNEL_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61361", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61361);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-2744\", \"CVE-2012-2745\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20120710)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n - A NULL pointer dereference flaw was found in the\n nf_ct_frag6_reasm() function in the Linux kernel's\n netfilter IPv6 connection tracking implementation. A\n remote attacker could use this flaw to send specially\n crafted packets to a target system that is using IPv6\n and also has the nf_conntrack_ipv6 kernel module loaded,\n causing it to crash. (CVE-2012-2744, Important)\n\n - A flaw was found in the way the Linux kernel's key\n management facility handled replacement session keyrings\n on process forks. A local, unprivileged user could use\n this flaw to cause a denial of service. (CVE-2012-2745,\n Moderate)\n\nThis update also fixes the following bugs :\n\n - Previously introduced firmware files required for new\n Realtek chipsets contained an invalid prefix\n ('rtl_nic_') in the file names, for example\n '/lib/firmware/rtl_nic/rtl_nic_rtl8168d-1.fw'. This\n update corrects these file names. For example, the\n aforementioned file is now correctly named\n '/lib/firmware/rtl_nic/rtl8168d-1.fw'.\n\n - This update blacklists the ADMA428M revision of the 2GB\n ATA Flash Disk device. This is due to data corruption\n occurring on the said device when the Ultra-DMA 66\n transfer mode is used. When the\n 'libata.force=5:pio0,6:pio0' kernel parameter is set,\n the aforementioned device works as expected.\n\n - On Scientific Linux 6, mounting an NFS export from a\n server running Windows Server 2012 Release Candidate\n returned the NFS4ERR_MINOR_VERS_MISMATCH error because\n Windows Server 2012 Release Candidate supports NFSv4.1\n only. Scientific Linux 6 did not properly handle the\n returned error and did not fall back to using NFSv3,\n which caused the mount operation to fail. With this\n update, when the NFS4ERR_MINOR_VERS_MISMATCH error is\n returned, the mount operation properly falls back to\n using NFSv3 and no longer fails.\n\n - On ext4 file systems, when fallocate() failed to\n allocate blocks due to the ENOSPC condition (no space\n left on device) for a file larger than 4 GB, the size of\n the file became corrupted and, consequently, caused file\n system corruption. This was due to a missing cast\n operator in the 'ext4_fallocate()' function. With this\n update, the underlying source code has been modified to\n address this issue, and file system corruption no longer\n occurs.\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues. The system must be\nrebooted for this update to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1207&L=scientific-linux-errata&T=0&P=6268\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?df0387d3\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/08/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/07/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"kernel-2.6.32-279.1.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-2.6.32-279.1.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-debuginfo-2.6.32-279.1.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-devel-2.6.32-279.1.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debuginfo-2.6.32-279.1.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", cpu:\"i386\", reference:\"kernel-debuginfo-common-i686-2.6.32-279.1.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-2.6.32-279.1.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-devel-2.6.32-279.1.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-doc-2.6.32-279.1.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-firmware-2.6.32-279.1.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-headers-2.6.32-279.1.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perf-2.6.32-279.1.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perf-debuginfo-2.6.32-279.1.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"python-perf-2.6.32-279.1.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"python-perf-debuginfo-2.6.32-279.1.1.el6\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debug / kernel-debug-debuginfo / kernel-debug-devel / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-09-09T02:01:57", "description": "The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2012-1064 advisory.\n\n - net/ipv6/netfilter/nf_conntrack_reasm.c in the Linux kernel before 2.6.34, when the nf_conntrack_ipv6 module is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via certain types of fragmented IPv6 packets. (CVE-2012-2744)\n\n - The copy_creds function in kernel/cred.c in the Linux kernel before 3.3.2 provides an invalid replacement session keyring to a child process, which allows local users to cause a denial of service (panic) via a crafted application that uses the fork system call. (CVE-2012-2745)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": null, "vector": null}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : kernel (ELSA-2012-1064)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2744", "CVE-2012-2745"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-firmware", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2012-1064.NASL", "href": "https://www.tenable.com/plugins/nessus/68575", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2012-1064.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68575);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\"CVE-2012-2744\", \"CVE-2012-2745\");\n script_bugtraq_id(54365, 54367);\n script_xref(name:\"RHSA\", value:\"2012:1064\");\n\n script_name(english:\"Oracle Linux 6 : kernel (ELSA-2012-1064)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2012-1064 advisory.\n\n - net/ipv6/netfilter/nf_conntrack_reasm.c in the Linux kernel before 2.6.34, when the nf_conntrack_ipv6\n module is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and\n system crash) via certain types of fragmented IPv6 packets. (CVE-2012-2744)\n\n - The copy_creds function in kernel/cred.c in the Linux kernel before 3.3.2 provides an invalid replacement\n session keyring to a child process, which allows local users to cause a denial of service (panic) via a\n crafted application that uses the fork system call. (CVE-2012-2745)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2012-1064.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-2744\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/07/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/07/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['2.6.32-279.1.1.el6'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2012-1064');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '2.6';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-2.6.32-279.1.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-2.6.32'},\n {'reference':'kernel-2.6.32-279.1.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-2.6.32'},\n {'reference':'kernel-debug-2.6.32-279.1.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-2.6.32'},\n {'reference':'kernel-debug-2.6.32-279.1.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-2.6.32'},\n {'reference':'kernel-debug-devel-2.6.32-279.1.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-2.6.32'},\n {'reference':'kernel-debug-devel-2.6.32-279.1.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-2.6.32'},\n {'reference':'kernel-devel-2.6.32-279.1.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-2.6.32'},\n {'reference':'kernel-devel-2.6.32-279.1.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-2.6.32'},\n {'reference':'kernel-firmware-2.6.32-279.1.1.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-firmware-2.6.32'},\n {'reference':'kernel-headers-2.6.32-279.1.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-2.6.32'},\n {'reference':'kernel-headers-2.6.32-279.1.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-2.6.32'},\n {'reference':'perf-2.6.32-279.1.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-2.6.32-279.1.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-2.6.32-279.1.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-2.6.32-279.1.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel / kernel-debug / kernel-debug-devel / etc');\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T12:58:03", "description": "Updated kernel packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThis update fixes the following security issues :\n\n* A NULL pointer dereference flaw was found in the nf_ct_frag6_reasm() function in the Linux kernel's netfilter IPv6 connection tracking implementation. A remote attacker could use this flaw to send specially crafted packets to a target system that is using IPv6 and also has the nf_conntrack_ipv6 kernel module loaded, causing it to crash. (CVE-2012-2744, Important)\n\n* A flaw was found in the way the Linux kernel's key management facility handled replacement session keyrings on process forks. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2012-2745, Moderate)\n\nRed Hat would like to thank an anonymous contributor working with the Beyond Security SecuriTeam Secure Disclosure program for reporting CVE-2012-2744.\n\nThis update also fixes the following bugs :\n\n* Previously introduced firmware files required for new Realtek chipsets contained an invalid prefix ('rtl_nic_') in the file names, for example '/lib/firmware/rtl_nic/rtl_nic_rtl8168d-1.fw'. This update corrects these file names. For example, the aforementioned file is now correctly named '/lib/firmware/rtl_nic/rtl8168d-1.fw'. (BZ#832359)\n\n* This update blacklists the ADMA428M revision of the 2GB ATA Flash Disk device. This is due to data corruption occurring on the said device when the Ultra-DMA 66 transfer mode is used. When the 'libata.force=5:pio0,6:pio0' kernel parameter is set, the aforementioned device works as expected. (BZ#832363)\n\n* On Red Hat Enterprise Linux 6, mounting an NFS export from a Windows 2012 server failed due to the fact that the Windows server contains support for the minor version 1 (v4.1) of the NFS version 4 protocol only, along with support for versions 2 and 3. The lack of the minor version 0 (v4.0) support caused Red Hat Enterprise Linux 6 clients to fail instead of rolling back to version 3 as expected. This update fixes this bug and mounting an NFS export works as expected.\n(BZ#832365)\n\n* On ext4 file systems, when fallocate() failed to allocate blocks due to the ENOSPC condition (no space left on device) for a file larger than 4 GB, the size of the file became corrupted and, consequently, caused file system corruption. This was due to a missing cast operator in the 'ext4_fallocate()' function. With this update, the underlying source code has been modified to address this issue, and file system corruption no longer occurs. (BZ#833034)\n\nUsers should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2012-07-11T00:00:00", "type": "nessus", "title": "RHEL 6 : kernel (RHSA-2012:1064)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2744", "CVE-2012-2745"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-i686", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-firmware", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:python-perf", "p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.3"], "id": "REDHAT-RHSA-2012-1064.NASL", "href": "https://www.tenable.com/plugins/nessus/59947", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:1064. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59947);\n script_version(\"1.24\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-2744\", \"CVE-2012-2745\");\n script_xref(name:\"RHSA\", value:\"2012:1064\");\n\n script_name(english:\"RHEL 6 : kernel (RHSA-2012:1064)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix two security issues and several bugs\nare now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n* A NULL pointer dereference flaw was found in the nf_ct_frag6_reasm()\nfunction in the Linux kernel's netfilter IPv6 connection tracking\nimplementation. A remote attacker could use this flaw to send\nspecially crafted packets to a target system that is using IPv6 and\nalso has the nf_conntrack_ipv6 kernel module loaded, causing it to\ncrash. (CVE-2012-2744, Important)\n\n* A flaw was found in the way the Linux kernel's key management\nfacility handled replacement session keyrings on process forks. A\nlocal, unprivileged user could use this flaw to cause a denial of\nservice. (CVE-2012-2745, Moderate)\n\nRed Hat would like to thank an anonymous contributor working with the\nBeyond Security SecuriTeam Secure Disclosure program for reporting\nCVE-2012-2744.\n\nThis update also fixes the following bugs :\n\n* Previously introduced firmware files required for new Realtek\nchipsets contained an invalid prefix ('rtl_nic_') in the file names,\nfor example '/lib/firmware/rtl_nic/rtl_nic_rtl8168d-1.fw'. This update\ncorrects these file names. For example, the aforementioned file is now\ncorrectly named '/lib/firmware/rtl_nic/rtl8168d-1.fw'. (BZ#832359)\n\n* This update blacklists the ADMA428M revision of the 2GB ATA Flash\nDisk device. This is due to data corruption occurring on the said\ndevice when the Ultra-DMA 66 transfer mode is used. When the\n'libata.force=5:pio0,6:pio0' kernel parameter is set, the\naforementioned device works as expected. (BZ#832363)\n\n* On Red Hat Enterprise Linux 6, mounting an NFS export from a Windows\n2012 server failed due to the fact that the Windows server contains\nsupport for the minor version 1 (v4.1) of the NFS version 4 protocol\nonly, along with support for versions 2 and 3. The lack of the minor\nversion 0 (v4.0) support caused Red Hat Enterprise Linux 6 clients to\nfail instead of rolling back to version 3 as expected. This update\nfixes this bug and mounting an NFS export works as expected.\n(BZ#832365)\n\n* On ext4 file systems, when fallocate() failed to allocate blocks due\nto the ENOSPC condition (no space left on device) for a file larger\nthan 4 GB, the size of the file became corrupted and, consequently,\ncaused file system corruption. This was due to a missing cast operator\nin the 'ext4_fallocate()' function. With this update, the underlying\nsource code has been modified to address this issue, and file system\ncorruption no longer occurs. (BZ#833034)\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues. The system must be\nrebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:1064\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-2745\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-2744\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/08/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/07/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/07/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2012-2744\", \"CVE-2012-2745\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2012:1064\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:1064\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-2.6.32-279.1.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-2.6.32-279.1.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-2.6.32-279.1.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-2.6.32-279.1.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-2.6.32-279.1.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.32-279.1.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-debuginfo-2.6.32-279.1.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-debuginfo-2.6.32-279.1.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-2.6.32-279.1.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-devel-2.6.32-279.1.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-devel-2.6.32-279.1.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.32-279.1.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debuginfo-2.6.32-279.1.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debuginfo-2.6.32-279.1.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-2.6.32-279.1.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debuginfo-common-i686-2.6.32-279.1.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debuginfo-common-s390x-2.6.32-279.1.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-2.6.32-279.1.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-devel-2.6.32-279.1.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-devel-2.6.32-279.1.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.32-279.1.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-doc-2.6.32-279.1.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-firmware-2.6.32-279.1.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-headers-2.6.32-279.1.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-headers-2.6.32-279.1.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.32-279.1.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-2.6.32-279.1.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-debuginfo-2.6.32-279.1.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-devel-2.6.32-279.1.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perf-2.6.32-279.1.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perf-2.6.32-279.1.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perf-2.6.32-279.1.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perf-debuginfo-2.6.32-279.1.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perf-debuginfo-2.6.32-279.1.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perf-debuginfo-2.6.32-279.1.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"python-perf-2.6.32-279.1.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"python-perf-2.6.32-279.1.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"python-perf-2.6.32-279.1.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"python-perf-debuginfo-2.6.32-279.1.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"python-perf-debuginfo-2.6.32-279.1.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-2.6.32-279.1.1.el6\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debug / kernel-debug-debuginfo / kernel-debug-devel / etc\");\n }\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T12:58:13", "description": "Updated kernel packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThis update fixes the following security issues :\n\n* A NULL pointer dereference flaw was found in the nf_ct_frag6_reasm() function in the Linux kernel's netfilter IPv6 connection tracking implementation. A remote attacker could use this flaw to send specially crafted packets to a target system that is using IPv6 and also has the nf_conntrack_ipv6 kernel module loaded, causing it to crash. (CVE-2012-2744, Important)\n\n* A flaw was found in the way the Linux kernel's key management facility handled replacement session keyrings on process forks. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2012-2745, Moderate)\n\nRed Hat would like to thank an anonymous contributor working with the Beyond Security SecuriTeam Secure Disclosure program for reporting CVE-2012-2744.\n\nThis update also fixes the following bugs :\n\n* Previously introduced firmware files required for new Realtek chipsets contained an invalid prefix ('rtl_nic_') in the file names, for example '/lib/firmware/rtl_nic/rtl_nic_rtl8168d-1.fw'. This update corrects these file names. For example, the aforementioned file is now correctly named '/lib/firmware/rtl_nic/rtl8168d-1.fw'. (BZ#832359)\n\n* This update blacklists the ADMA428M revision of the 2GB ATA Flash Disk device. This is due to data corruption occurring on the said device when the Ultra-DMA 66 transfer mode is used. When the 'libata.force=5:pio0,6:pio0' kernel parameter is set, the aforementioned device works as expected. (BZ#832363)\n\n* On Red Hat Enterprise Linux 6, mounting an NFS export from a Windows 2012 server failed due to the fact that the Windows server contains support for the minor version 1 (v4.1) of the NFS version 4 protocol only, along with support for versions 2 and 3. The lack of the minor version 0 (v4.0) support caused Red Hat Enterprise Linux 6 clients to fail instead of rolling back to version 3 as expected. This update fixes this bug and mounting an NFS export works as expected.\n(BZ#832365)\n\n* On ext4 file systems, when fallocate() failed to allocate blocks due to the ENOSPC condition (no space left on device) for a file larger than 4 GB, the size of the file became corrupted and, consequently, caused file system corruption. This was due to a missing cast operator in the 'ext4_fallocate()' function. With this update, the underlying source code has been modified to address this issue, and file system corruption no longer occurs. (BZ#833034)\n\nUsers should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2012-07-12T00:00:00", "type": "nessus", "title": "CentOS 6 : kernel (CESA-2012:1064)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2744", "CVE-2012-2745"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-debug", "p-cpe:/a:centos:centos:kernel-debug-devel", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel-doc", "p-cpe:/a:centos:centos:kernel-firmware", "p-cpe:/a:centos:centos:kernel-headers", "p-cpe:/a:centos:centos:perf", "p-cpe:/a:centos:centos:python-perf", "cpe:/o:centos:centos:6"], "id": "CENTOS_RHSA-2012-1064.NASL", "href": "https://www.tenable.com/plugins/nessus/59949", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:1064 and \n# CentOS Errata and Security Advisory 2012:1064 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59949);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2012-2744\", \"CVE-2012-2745\");\n script_xref(name:\"RHSA\", value:\"2012:1064\");\n\n script_name(english:\"CentOS 6 : kernel (CESA-2012:1064)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix two security issues and several bugs\nare now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n* A NULL pointer dereference flaw was found in the nf_ct_frag6_reasm()\nfunction in the Linux kernel's netfilter IPv6 connection tracking\nimplementation. A remote attacker could use this flaw to send\nspecially crafted packets to a target system that is using IPv6 and\nalso has the nf_conntrack_ipv6 kernel module loaded, causing it to\ncrash. (CVE-2012-2744, Important)\n\n* A flaw was found in the way the Linux kernel's key management\nfacility handled replacement session keyrings on process forks. A\nlocal, unprivileged user could use this flaw to cause a denial of\nservice. (CVE-2012-2745, Moderate)\n\nRed Hat would like to thank an anonymous contributor working with the\nBeyond Security SecuriTeam Secure Disclosure program for reporting\nCVE-2012-2744.\n\nThis update also fixes the following bugs :\n\n* Previously introduced firmware files required for new Realtek\nchipsets contained an invalid prefix ('rtl_nic_') in the file names,\nfor example '/lib/firmware/rtl_nic/rtl_nic_rtl8168d-1.fw'. This update\ncorrects these file names. For example, the aforementioned file is now\ncorrectly named '/lib/firmware/rtl_nic/rtl8168d-1.fw'. (BZ#832359)\n\n* This update blacklists the ADMA428M revision of the 2GB ATA Flash\nDisk device. This is due to data corruption occurring on the said\ndevice when the Ultra-DMA 66 transfer mode is used. When the\n'libata.force=5:pio0,6:pio0' kernel parameter is set, the\naforementioned device works as expected. (BZ#832363)\n\n* On Red Hat Enterprise Linux 6, mounting an NFS export from a Windows\n2012 server failed due to the fact that the Windows server contains\nsupport for the minor version 1 (v4.1) of the NFS version 4 protocol\nonly, along with support for versions 2 and 3. The lack of the minor\nversion 0 (v4.0) support caused Red Hat Enterprise Linux 6 clients to\nfail instead of rolling back to version 3 as expected. This update\nfixes this bug and mounting an NFS export works as expected.\n(BZ#832365)\n\n* On ext4 file systems, when fallocate() failed to allocate blocks due\nto the ENOSPC condition (no space left on device) for a file larger\nthan 4 GB, the size of the file became corrupted and, consequently,\ncaused file system corruption. This was due to a missing cast operator\nin the 'ext4_fallocate()' function. With this update, the underlying\nsource code has been modified to address this issue, and file system\ncorruption no longer occurs. (BZ#833034)\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues. The system must be\nrebooted for this update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2012-July/018731.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fc291065\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-2744\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/08/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/07/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-2.6.32-279.1.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-debug-2.6.32-279.1.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-debug-devel-2.6.32-279.1.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-devel-2.6.32-279.1.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-doc-2.6.32-279.1.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-firmware-2.6.32-279.1.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-headers-2.6.32-279.1.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"perf-2.6.32-279.1.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"python-perf-2.6.32-279.1.1.el6\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debug / kernel-debug-devel / kernel-devel / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T12:58:17", "description": "A flaw was found in the Linux kernel's KVM (Kernel Virtual Machine) virtual cpu setup. An unprivileged local user could exploit this flaw to crash the system leading to a denial of service. (CVE-2012-1601)\n\nSteve Grubb reported a flaw with Linux fscaps (file system base capabilities) when used to increase the permissions of a process. For application on which fscaps are in use a local attacker can disable address space randomization to make attacking the process with raised privileges easier. (CVE-2012-2123)\n\nA flaw was found in how the Linux kernel passed the replacement session keyring to a child process. An unprivileged local user could exploit this flaw to cause a denial of service (panic).\n(CVE-2012-2745).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2012-05-22T00:00:00", "type": "nessus", "title": "Ubuntu 12.04 LTS : linux vulnerabilities (USN-1448-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1601", "CVE-2012-2123", "CVE-2012-2745"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic-pae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-virtual", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-1448-1.NASL", "href": "https://www.tenable.com/plugins/nessus/59226", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1448-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(59226);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/09/19 12:54:28\");\n\n script_cve_id(\"CVE-2012-1601\", \"CVE-2012-2123\", \"CVE-2012-2745\");\n script_bugtraq_id(53166);\n script_xref(name:\"USN\", value:\"1448-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS : linux vulnerabilities (USN-1448-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was found in the Linux kernel's KVM (Kernel Virtual Machine)\nvirtual cpu setup. An unprivileged local user could exploit this flaw\nto crash the system leading to a denial of service. (CVE-2012-1601)\n\nSteve Grubb reported a flaw with Linux fscaps (file system base\ncapabilities) when used to increase the permissions of a process. For\napplication on which fscaps are in use a local attacker can disable\naddress space randomization to make attacking the process with raised\nprivileges easier. (CVE-2012-2123)\n\nA flaw was found in how the Linux kernel passed the replacement\nsession keyring to a child process. An unprivileged local user could\nexploit this flaw to cause a denial of service (panic).\n(CVE-2012-2745).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1448-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected linux-image-3.2-generic,\nlinux-image-3.2-generic-pae and / or linux-image-3.2-virtual packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/05/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/05/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/05/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2012-1601\", \"CVE-2012-2123\", \"CVE-2012-2745\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-1448-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-24-generic\", pkgver:\"3.2.0-24.38\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-24-generic-pae\", pkgver:\"3.2.0-24.38\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-24-virtual\", pkgver:\"3.2.0-24.38\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.2-generic / linux-image-3.2-generic-pae / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:58:20", "description": "A flaw was found in the Linux kernel's KVM (Kernel Virtual Machine) virtual cpu setup. An unprivileged local user could exploit this flaw to crash the system leading to a denial of service. (CVE-2012-1601)\n\nSteve Grubb reported a flaw with Linux fscaps (file system base capabilities) when used to increase the permissions of a process. For application on which fscaps are in use a local attacker can disable address space randomization to make attacking the process with raised privileges easier. (CVE-2012-2123)\n\nA flaw was found in how the Linux kernel passed the replacement session keyring to a child process. An unprivileged local user could exploit this flaw to cause a denial of service (panic).\n(CVE-2012-2745).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2012-05-29T00:00:00", "type": "nessus", "title": "Ubuntu 11.10 : linux vulnerabilities (USN-1452-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1601", "CVE-2012-2123", "CVE-2012-2745"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.0-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.0-generic-pae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.0-server", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.0-virtual", "cpe:/o:canonical:ubuntu_linux:11.10"], "id": "UBUNTU_USN-1452-1.NASL", "href": "https://www.tenable.com/plugins/nessus/59290", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1452-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(59290);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/09/19 12:54:28\");\n\n script_cve_id(\"CVE-2012-1601\", \"CVE-2012-2123\", \"CVE-2012-2745\");\n script_bugtraq_id(53166, 53488);\n script_xref(name:\"USN\", value:\"1452-1\");\n\n script_name(english:\"Ubuntu 11.10 : linux vulnerabilities (USN-1452-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was found in the Linux kernel's KVM (Kernel Virtual Machine)\nvirtual cpu setup. An unprivileged local user could exploit this flaw\nto crash the system leading to a denial of service. (CVE-2012-1601)\n\nSteve Grubb reported a flaw with Linux fscaps (file system base\ncapabilities) when used to increase the permissions of a process. For\napplication on which fscaps are in use a local attacker can disable\naddress space randomization to make attacking the process with raised\nprivileges easier. (CVE-2012-2123)\n\nA flaw was found in how the Linux kernel passed the replacement\nsession keyring to a child process. An unprivileged local user could\nexploit this flaw to cause a denial of service (panic).\n(CVE-2012-2745).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1452-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.0-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.0-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.0-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.0-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/05/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/05/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/05/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(11\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 11.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2012-1601\", \"CVE-2012-2123\", \"CVE-2012-2745\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-1452-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"11.10\", pkgname:\"linux-image-3.0.0-20-generic\", pkgver:\"3.0.0-20.34\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"linux-image-3.0.0-20-generic-pae\", pkgver:\"3.0.0-20.34\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"linux-image-3.0.0-20-server\", pkgver:\"3.0.0-20.34\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"linux-image-3.0.0-20-virtual\", pkgver:\"3.0.0-20.34\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.0-generic / linux-image-3.0-generic-pae / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-26T00:51:02", "description": "Description of changes:\n\n* CVE-2012-2745: Denial-of-service in kernel key management.\n\nA potential double-free of the replacement session keyring on fork() could result in a denial-of-service by a local, unprivileged user.\n\n\n* CVE-2011-1083: Algorithmic denial of service in epoll.\n\nA flaw was found in the way the Linux kernel's Event Poll (epoll) subsystem handled large, nested epoll structures. A local, unprivileged user could use this flaw to cause a denial of service.\n\n\n\n[2.6.39-200.29.2.el5uek]\n- epoll: clear the tfile_check_list on -ELOOP (Joe Jin) {CVE-2012-3375}\n- Don't limit non-nested epoll paths (Jason Baron)\n- epoll: kabi fixups for epoll limit wakeup paths (Joe Jin) {CVE-2011-1083}\n- epoll: limit paths (Jason Baron) {CVE-2011-1083}\n- cred: copy_process() should clear child->replacement_session_keyring (Oleg Nesterov) {CVE-2012-2745}", "cvss3": {"score": null, "vector": null}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2012-2025)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1083", "CVE-2012-2745", "CVE-2012-3375"], "modified": "2021-08-24T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware", "cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2012-2025.NASL", "href": "https://www.tenable.com/plugins/nessus/68678", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2012-2025.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68678);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/24\");\n\n script_cve_id(\"CVE-2011-1083\", \"CVE-2012-2745\", \"CVE-2012-3375\");\n script_bugtraq_id(46630, 54283, 54365);\n\n script_name(english:\"Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2012-2025)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Description of changes:\n\n* CVE-2012-2745: Denial-of-service in kernel key management.\n\nA potential double-free of the replacement session keyring on fork()\ncould result in a denial-of-service by a local, unprivileged user.\n\n\n* CVE-2011-1083: Algorithmic denial of service in epoll.\n\nA flaw was found in the way the Linux kernel's Event Poll (epoll)\nsubsystem handled large, nested epoll structures. A local,\nunprivileged user could use this flaw to cause a denial of service.\n\n\n\n[2.6.39-200.29.2.el5uek]\n- epoll: clear the tfile_check_list on -ELOOP (Joe Jin) {CVE-2012-3375}\n- Don't limit non-nested epoll paths (Jason Baron)\n- epoll: kabi fixups for epoll limit wakeup paths (Joe Jin) {CVE-2011-1083}\n- epoll: limit paths (Jason Baron) {CVE-2011-1083}\n- cred: copy_process() should clear child->replacement_session_keyring (Oleg\n Nesterov) {CVE-2012-2745}\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-July/002937.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-July/002938.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected unbreakable enterprise kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/04/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5 / 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n cve_list = make_list(\"CVE-2011-1083\", \"CVE-2012-2745\", \"CVE-2012-3375\"); \n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for ELSA-2012-2025\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item(\"Host/uname/major_minor\");\nif (empty_or_null(kernel_major_minor)) exit(1, \"Unable to determine kernel major-minor level.\");\nexpected_kernel_major_minor = \"2.6\";\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, \"running kernel level \" + expected_kernel_major_minor + \", it is running kernel level \" + kernel_major_minor);\n\nflag = 0;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-2.6.39-200.29.2.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-debug-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-debug-2.6.39-200.29.2.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-debug-devel-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-debug-devel-2.6.39-200.29.2.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-devel-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-devel-2.6.39-200.29.2.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-doc-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-doc-2.6.39-200.29.2.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-firmware-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-firmware-2.6.39-200.29.2.el5uek\")) flag++;\n\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-2.6.39-200.29.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-debug-2.6.39-200.29.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-devel-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-debug-devel-2.6.39-200.29.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-devel-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-devel-2.6.39-200.29.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-doc-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-doc-2.6.39-200.29.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-firmware-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-firmware-2.6.39-200.29.2.el6uek\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T12:58:22", "description": "A flaw was found in the Linux kernel's KVM (Kernel Virtual Machine) virtual cpu setup. An unprivileged local user could exploit this flaw to crash the system leading to a denial of service. (CVE-2012-1601)\n\nSteve Grubb reported a flaw with Linux fscaps (file system base capabilities) when used to increase the permissions of a process. For application on which fscaps are in use a local attacker can disable address space randomization to make attacking the process with raised privileges easier. (CVE-2012-2123)\n\nA flaw was found in how the Linux kernel passed the replacement session keyring to a child process. An unprivileged local user could exploit this flaw to cause a denial of service (panic).\n(CVE-2012-2745).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2012-05-30T00:00:00", "type": "nessus", "title": "Ubuntu 10.04 LTS : linux-lts-backport-oneiric vulnerabilities (USN-1455-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1601", "CVE-2012-2123", "CVE-2012-2745"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.0-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.0-generic-pae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.0-server", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.0-virtual", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts"], "id": "UBUNTU_USN-1455-1.NASL", "href": "https://www.tenable.com/plugins/nessus/59309", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1455-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(59309);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/09/19 12:54:28\");\n\n script_cve_id(\"CVE-2012-1601\", \"CVE-2012-2123\", \"CVE-2012-2745\");\n script_bugtraq_id(53166, 53488);\n script_xref(name:\"USN\", value:\"1455-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS : linux-lts-backport-oneiric vulnerabilities (USN-1455-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was found in the Linux kernel's KVM (Kernel Virtual Machine)\nvirtual cpu setup. An unprivileged local user could exploit this flaw\nto crash the system leading to a denial of service. (CVE-2012-1601)\n\nSteve Grubb reported a flaw with Linux fscaps (file system base\ncapabilities) when used to increase the permissions of a process. For\napplication on which fscaps are in use a local attacker can disable\naddress space randomization to make attacking the process with raised\nprivileges easier. (CVE-2012-2123)\n\nA flaw was found in how the Linux kernel passed the replacement\nsession keyring to a child process. An unprivileged local user could\nexploit this flaw to cause a denial of service (panic).\n(CVE-2012-2745).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1455-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.0-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.0-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.0-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.0-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/05/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/05/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/05/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2012-1601\", \"CVE-2012-2123\", \"CVE-2012-2745\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-1455-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-3.0.0-20-generic\", pkgver:\"3.0.0-20.34~lucid1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-3.0.0-20-generic-pae\", pkgver:\"3.0.0-20.34~lucid1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-3.0.0-20-server\", pkgver:\"3.0.0-20.34~lucid1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-3.0.0-20-virtual\", pkgver:\"3.0.0-20.34~lucid1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.0-generic / linux-image-3.0-generic-pae / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-09-09T02:00:48", "description": "The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2012-2026 advisory.\n\n - The epoll implementation in the Linux kernel 2.6.37.2 and earlier does not properly traverse a tree of epoll file descriptors, which allows local users to cause a denial of service (CPU consumption) via a crafted application that makes epoll_create and epoll_ctl system calls. (CVE-2011-1083)\n\n - The copy_creds function in kernel/cred.c in the Linux kernel before 3.3.2 provides an invalid replacement session keyring to a child process, which allows local users to cause a denial of service (panic) via a crafted application that uses the fork system call. (CVE-2012-2745)\n\n - The epoll_ctl system call in fs/eventpoll.c in the Linux kernel before 3.2.24 does not properly handle ELOOP errors in EPOLL_CTL_ADD operations, which allows local users to cause a denial of service (file- descriptor consumption and system crash) via a crafted application that attempts to create a circular epoll dependency. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1083.\n (CVE-2012-3375)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": null, "vector": null}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 5 / 6 : Unbreakable Enterprise kernel Security (ELSA-2012-2026)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1083", "CVE-2012-2745", "CVE-2012-3375"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware", "p-cpe:/a:oracle:linux:kernel-uek-headers", "p-cpe:/a:oracle:linux:mlnx_en-2.6.32-300.29.2.el5uek", "p-cpe:/a:oracle:linux:mlnx_en-2.6.32-300.29.2.el5uekdebug", "p-cpe:/a:oracle:linux:mlnx_en-2.6.32-300.29.2.el6uek", "p-cpe:/a:oracle:linux:mlnx_en-2.6.32-300.29.2.el6uekdebug", "p-cpe:/a:oracle:linux:ofa-2.6.32-300.29.2.el5uek", "p-cpe:/a:oracle:linux:ofa-2.6.32-300.29.2.el5uekdebug", "p-cpe:/a:oracle:linux:ofa-2.6.32-300.29.2.el6uek", "p-cpe:/a:oracle:linux:ofa-2.6.32-300.29.2.el6uekdebug"], "id": "ORACLELINUX_ELSA-2012-2026.NASL", "href": "https://www.tenable.com/plugins/nessus/68679", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2012-2026.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68679);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\"CVE-2011-1083\", \"CVE-2012-2745\", \"CVE-2012-3375\");\n script_bugtraq_id(46630, 54283, 54365);\n\n script_name(english:\"Oracle Linux 5 / 6 : Unbreakable Enterprise kernel Security (ELSA-2012-2026)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2012-2026 advisory.\n\n - The epoll implementation in the Linux kernel 2.6.37.2 and earlier does not properly traverse a tree of\n epoll file descriptors, which allows local users to cause a denial of service (CPU consumption) via a\n crafted application that makes epoll_create and epoll_ctl system calls. (CVE-2011-1083)\n\n - The copy_creds function in kernel/cred.c in the Linux kernel before 3.3.2 provides an invalid replacement\n session keyring to a child process, which allows local users to cause a denial of service (panic) via a\n crafted application that uses the fork system call. (CVE-2012-2745)\n\n - The epoll_ctl system call in fs/eventpoll.c in the Linux kernel before 3.2.24 does not properly handle\n ELOOP errors in EPOLL_CTL_ADD operations, which allows local users to cause a denial of service (file-\n descriptor consumption and system crash) via a crafted application that attempts to create a circular\n epoll dependency. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1083.\n (CVE-2012-3375)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2012-2026.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-3375\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/03/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mlnx_en-2.6.32-300.29.2.el5uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mlnx_en-2.6.32-300.29.2.el5uekdebug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mlnx_en-2.6.32-300.29.2.el6uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mlnx_en-2.6.32-300.29.2.el6uekdebug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ofa-2.6.32-300.29.2.el5uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ofa-2.6.32-300.29.2.el5uekdebug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ofa-2.6.32-300.29.2.el6uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ofa-2.6.32-300.29.2.el6uekdebug\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 5 / 6', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['2.6.32-300.29.2.el5uek', '2.6.32-300.29.2.el6uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2012-2026');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '2.6';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-2.6.32-300.29.2.el5uek', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.32'},\n {'reference':'kernel-uek-2.6.32-300.29.2.el5uek', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.32'},\n {'reference':'kernel-uek-debug-2.6.32-300.29.2.el5uek', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.32'},\n {'reference':'kernel-uek-debug-2.6.32-300.29.2.el5uek', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.32'},\n {'reference':'kernel-uek-debug-devel-2.6.32-300.29.2.el5uek', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.32'},\n {'reference':'kernel-uek-debug-devel-2.6.32-300.29.2.el5uek', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.32'},\n {'reference':'kernel-uek-devel-2.6.32-300.29.2.el5uek', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.32'},\n {'reference':'kernel-uek-devel-2.6.32-300.29.2.el5uek', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.32'},\n {'reference':'kernel-uek-doc-2.6.32-300.29.2.el5uek', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-2.6.32'},\n {'reference':'kernel-uek-firmware-2.6.32-300.29.2.el5uek', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-2.6.32'},\n {'reference':'kernel-uek-headers-2.6.32-300.29.2.el5uek', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-headers-2.6.32'},\n {'reference':'kernel-uek-headers-2.6.32-300.29.2.el5uek', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-headers-2.6.32'},\n {'reference':'mlnx_en-2.6.32-300.29.2.el5uek-1.5.7-2', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mlnx_en-2.6.32-300.29.2.el5uek-1.5.7-2', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mlnx_en-2.6.32-300.29.2.el5uekdebug-1.5.7-2', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mlnx_en-2.6.32-300.29.2.el5uekdebug-1.5.7-2', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ofa-2.6.32-300.29.2.el5uek-1.5.1-4.0.58', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ofa-2.6.32-300.29.2.el5uek-1.5.1-4.0.58', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ofa-2.6.32-300.29.2.el5uekdebug-1.5.1-4.0.58', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ofa-2.6.32-300.29.2.el5uekdebug-1.5.1-4.0.58', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-2.6.32-300.29.2.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.32'},\n {'reference':'kernel-uek-2.6.32-300.29.2.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.32'},\n {'reference':'kernel-uek-debug-2.6.32-300.29.2.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.32'},\n {'reference':'kernel-uek-debug-2.6.32-300.29.2.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.32'},\n {'reference':'kernel-uek-debug-devel-2.6.32-300.29.2.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.32'},\n {'reference':'kernel-uek-debug-devel-2.6.32-300.29.2.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.32'},\n {'reference':'kernel-uek-devel-2.6.32-300.29.2.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.32'},\n {'reference':'kernel-uek-devel-2.6.32-300.29.2.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.32'},\n {'reference':'kernel-uek-doc-2.6.32-300.29.2.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-2.6.32'},\n {'reference':'kernel-uek-firmware-2.6.32-300.29.2.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-2.6.32'},\n {'reference':'kernel-uek-headers-2.6.32-300.29.2.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-headers-2.6.32'},\n {'reference':'kernel-uek-headers-2.6.32-300.29.2.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-headers-2.6.32'},\n {'reference':'mlnx_en-2.6.32-300.29.2.el6uek-1.5.7-0.1', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mlnx_en-2.6.32-300.29.2.el6uek-1.5.7-0.1', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mlnx_en-2.6.32-300.29.2.el6uekdebug-1.5.7-0.1', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mlnx_en-2.6.32-300.29.2.el6uekdebug-1.5.7-0.1', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ofa-2.6.32-300.29.2.el6uek-1.5.1-4.0.58', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ofa-2.6.32-300.29.2.el6uek-1.5.1-4.0.58', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ofa-2.6.32-300.29.2.el6uekdebug-1.5.1-4.0.58', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ofa-2.6.32-300.29.2.el6uekdebug-1.5.1-4.0.58', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T12:57:14", "description": "A flaw was found in how the Linux kernel passed the replacement session keyring to a child process. An unprivileged local user could exploit this flaw to cause a denial of service (panic).\n(CVE-2012-2745)\n\nBen Hutchings reported a flaw in the Linux kernel with some network drivers that support TSO (TCP segment offload). A local or peer user could exploit this flaw to to cause a denial of service.\n(CVE-2012-3412)\n\nJay Fenlason and Doug Ledford discovered a bug in the Linux kernel implementation of RDS sockets. A local unprivileged user could potentially use this flaw to read privileged information from the kernel. (CVE-2012-3430)\n\nA flaw was discovered in the madvise feature of the Linux kernel's memory subsystem. An unprivileged local use could exploit the flaw to cause a denial of service (crash the system). (CVE-2012-3511).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2012-09-20T00:00:00", "type": "nessus", "title": "Ubuntu 10.04 LTS : linux-lts-backport-natty vulnerabilities (USN-1574-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2745", "CVE-2012-3412", "CVE-2012-3430", "CVE-2012-3511"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts"], "id": "UBUNTU_USN-1574-1.NASL", "href": "https://www.tenable.com/plugins/nessus/62211", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1574-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(62211);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/09/19 12:54:28\");\n\n script_cve_id(\"CVE-2012-2745\", \"CVE-2012-3412\", \"CVE-2012-3430\", \"CVE-2012-3511\");\n script_bugtraq_id(54365, 54702, 54763, 55151);\n script_xref(name:\"USN\", value:\"1574-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS : linux-lts-backport-natty vulnerabilities (USN-1574-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was found in how the Linux kernel passed the replacement\nsession keyring to a child process. An unprivileged local user could\nexploit this flaw to cause a denial of service (panic).\n(CVE-2012-2745)\n\nBen Hutchings reported a flaw in the Linux kernel with some network\ndrivers that support TSO (TCP segment offload). A local or peer user\ncould exploit this flaw to to cause a denial of service.\n(CVE-2012-3412)\n\nJay Fenlason and Doug Ledford discovered a bug in the Linux kernel\nimplementation of RDS sockets. A local unprivileged user could\npotentially use this flaw to read privileged information from the\nkernel. (CVE-2012-3430)\n\nA flaw was discovered in the madvise feature of the Linux kernel's\nmemory subsystem. An unprivileged local use could exploit the flaw to\ncause a denial of service (crash the system). (CVE-2012-3511).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1574-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/08/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/09/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/09/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2012-2745\", \"CVE-2012-3412\", \"CVE-2012-3430\", \"CVE-2012-3511\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-1574-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.38-16-generic\", pkgver:\"2.6.38-16.67~lucid1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.38-16-generic-pae\", pkgver:\"2.6.38-16.67~lucid1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.38-16-server\", pkgver:\"2.6.38-16.67~lucid1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.38-16-virtual\", pkgver:\"2.6.38-16.67~lucid1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-2.6-generic / linux-image-2.6-generic-pae / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T12:57:09", "description": "A flaw was found in how the Linux kernel passed the replacement session keyring to a child process. An unprivileged local user could exploit this flaw to cause a denial of service (panic).\n(CVE-2012-2745)\n\nBen Hutchings reported a flaw in the Linux kernel with some network drivers that support TSO (TCP segment offload). A local or peer user could exploit this flaw to to cause a denial of service.\n(CVE-2012-3412)\n\nJay Fenlason and Doug Ledford discovered a bug in the Linux kernel implementation of RDS sockets. A local unprivileged user could potentially use this flaw to read privileged information from the kernel. (CVE-2012-3430)\n\nA flaw was discovered in the madvise feature of the Linux kernel's memory subsystem. An unprivileged local use could exploit the flaw to cause a denial of service (crash the system). (CVE-2012-3511).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2012-09-15T00:00:00", "type": "nessus", "title": "Ubuntu 11.04 : linux vulnerabilities (USN-1567-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2745", "CVE-2012-3412", "CVE-2012-3430", "CVE-2012-3511"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-versatile", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual", "cpe:/o:canonical:ubuntu_linux:11.04"], "id": "UBUNTU_USN-1567-1.NASL", "href": "https://www.tenable.com/plugins/nessus/62111", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1567-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(62111);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/09/19 12:54:28\");\n\n script_cve_id(\"CVE-2012-2745\", \"CVE-2012-3412\", \"CVE-2012-3430\", \"CVE-2012-3511\");\n script_bugtraq_id(54365, 54702, 54763, 55151);\n script_xref(name:\"USN\", value:\"1567-1\");\n\n script_name(english:\"Ubuntu 11.04 : linux vulnerabilities (USN-1567-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was found in how the Linux kernel passed the replacement\nsession keyring to a child process. An unprivileged local user could\nexploit this flaw to cause a denial of service (panic).\n(CVE-2012-2745)\n\nBen Hutchings reported a flaw in the Linux kernel with some network\ndrivers that support TSO (TCP segment offload). A local or peer user\ncould exploit this flaw to to cause a denial of service.\n(CVE-2012-3412)\n\nJay Fenlason and Doug Ledford discovered a bug in the Linux kernel\nimplementation of RDS sockets. A local unprivileged user could\npotentially use this flaw to read privileged information from the\nkernel. (CVE-2012-3430)\n\nA flaw was discovered in the madvise feature of the Linux kernel's\nmemory subsystem. An unprivileged local use could exploit the flaw to\ncause a denial of service (crash the system). (CVE-2012-3511).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1567-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-versatile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/08/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/09/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(11\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 11.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2012-2745\", \"CVE-2012-3412\", \"CVE-2012-3430\", \"CVE-2012-3511\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-1567-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"11.04\", pkgname:\"linux-image-2.6.38-16-generic\", pkgver:\"2.6.38-16.67\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"linux-image-2.6.38-16-generic-pae\", pkgver:\"2.6.38-16.67\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"linux-image-2.6.38-16-server\", pkgver:\"2.6.38-16.67\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"linux-image-2.6.38-16-versatile\", pkgver:\"2.6.38-16.67\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"linux-image-2.6.38-16-virtual\", pkgver:\"2.6.38-16.67\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-2.6-generic / linux-image-2.6-generic-pae / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T12:49:57", "description": "The Linux kernel was updated to fix various bugs and security issues :\n\nCVE-2013-0871: Race condition in the ptrace functionality in the Linux kernel allowed local users to gain privileges via a PTRACE_SETREGS ptrace system call in a crafted application, as demonstrated by ptrace_death.\n\nCVE-2013-0160: Avoid a side channel attack on /dev/ptmx (keyboard input timing).\n\nCVE-2012-5374: Fixed a local denial of service in the BTRFS hashing code.\n\nCVE-2013-0309: arch/x86/include/asm/pgtable.h in the Linux kernel, when transparent huge pages are used, does not properly support PROT_NONE memory regions, which allows local users to cause a denial of service (system crash) via a crafted application.\n\nCVE-2013-0268: The msr_open function in arch/x86/kernel/msr.c in the Linux kernel allowed local users to bypass intended capability restrictions by executing a crafted application as root, as demonstrated by msr32.c.\n\nCVE-2012-0957: The override_release function in kernel/sys.c in the Linux kernel allowed local users to obtain sensitive information from kernel stack memory via a uname system call in conjunction with a UNAME26 personality.\n\nCVE-2013-0216: The Xen netback functionality in the Linux kernel allowed guest OS users to cause a denial of service (loop) by triggering ring pointer corruption.\n\nCVE-2013-0231: The pciback_enable_msi function in the PCI backend driver (drivers/xen/pciback/conf_space_capability_msi.c) in Xen for the Linux kernel allowed guest OS users with PCI device access to cause a denial of service via a large number of kernel log messages.\nNOTE: some of these details are obtained from third-party information.\n\nCVE-2012-4530: The load_script function in fs/binfmt_script.c in the Linux kernel did not properly handle recursion, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application.\n\nCVE-2012-4508: Race condition in fs/ext4/extents.c in the Linux kernel allowed local users to obtain sensitive information from a deleted file by reading an extent that was not properly marked as uninitialized.\n\nCVE-2012-3412: The sfc (aka Solarflare Solarstorm) driver in the Linux kernel allowed remote attackers to cause a denial of service (DMA descriptor consumption and network-controller outage) via crafted TCP packets that trigger a small MSS value.\n\nCVE-2012-2745: The copy_creds function in kernel/cred.c in the Linux kernel provided an invalid replacement session keyring to a child process, which allowed local users to cause a denial of service (panic) via a crafted application that uses the fork system call.\n\nCVE-2012-3375: The epoll_ctl system call in fs/eventpoll.c in the Linux kernel did not properly handle ELOOP errors in EPOLL_CTL_ADD operations, which allowed local users to cause a denial of service (file-descriptor consumption and system crash) via a crafted application that attempts to create a circular epoll dependency.\n\nCVE-2012-3400: Heap-based buffer overflow in the udf_load_logicalvol function in fs/udf/super.c in the Linux kernel allowed remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted UDF filesystem.", "cvss3": {"score": null, "vector": null}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : kernel (openSUSE-SU-2013:0396-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-0957", "CVE-2012-2745", "CVE-2012-3375", "CVE-2012-3400", "CVE-2012-3412", "CVE-2012-4508", "CVE-2012-4530", "CVE-2012-5374", "CVE-2013-0160", "CVE-2013-0216", "CVE-2013-0231", "CVE-2013-0268", "CVE-2013-0309", "CVE-2013-0871"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-desktop", "p-cpe:/a:novell:opensuse:kernel-desktop-base", "p-cpe:/a:novell:opensuse:kernel-desktop-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-desktop-debuginfo", "p-cpe:/a:novell:opensuse:kernel-desktop-debugsource", "p-cpe:/a:novell:opensuse:kernel-desktop-devel", "p-cpe:/a:novell:opensuse:kernel-desktop-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-ec2", "p-cpe:/a:novell:opensuse:kernel-ec2-base", "p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo", "p-cpe:/a:novell:opensuse:kernel-ec2-debugsource", "p-cpe:/a:novell:opensuse:kernel-ec2-devel", "p-cpe:/a:novell:opensuse:kernel-ec2-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-ec2-extra", "p-cpe:/a:novell:opensuse:kernel-ec2-extra-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae", "p-cpe:/a:novell:opensuse:kernel-pae-base", "p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-debugsource", "p-cpe:/a:novell:opensuse:kernel-pae-devel", "p-cpe:/a:novell:opensuse:kernel-pae-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-trace", "p-cpe:/a:novell:opensuse:kernel-trace-base", "p-cpe:/a:novell:opensuse:kernel-trace-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-trace-debuginfo", "p-cpe:/a:novell:opensuse:kernel-trace-debugsource", "p-cpe:/a:novell:opensuse:kernel-trace-devel", "p-cpe:/a:novell:opensuse:kernel-trace-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-base", "p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-xen", "p-cpe:/a:novell:opensuse:kernel-xen-base", "p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-xen-debuginfo", "p-cpe:/a:novell:opensuse:kernel-xen-debugsource", "p-cpe:/a:novell:opensuse:kernel-xen-devel", "p-cpe:/a:novell:opensuse:kernel-xen-devel-debuginfo", "cpe:/o:novell:opensuse:12.1"], "id": "OPENSUSE-2013-176.NASL", "href": "https://www.tenable.com/plugins/nessus/74914", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2013-176.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74914);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-0957\", \"CVE-2012-2745\", \"CVE-2012-3375\", \"CVE-2012-3400\", \"CVE-2012-3412\", \"CVE-2012-4508\", \"CVE-2012-4530\", \"CVE-2012-5374\", \"CVE-2013-0160\", \"CVE-2013-0216\", \"CVE-2013-0231\", \"CVE-2013-0268\", \"CVE-2013-0309\", \"CVE-2013-0871\");\n\n script_name(english:\"openSUSE Security Update : kernel (openSUSE-SU-2013:0396-1)\");\n script_summary(english:\"Check for the openSUSE-2013-176 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Linux kernel was updated to fix various bugs and security issues :\n\nCVE-2013-0871: Race condition in the ptrace functionality in the Linux\nkernel allowed local users to gain privileges via a PTRACE_SETREGS\nptrace system call in a crafted application, as demonstrated by\nptrace_death.\n\nCVE-2013-0160: Avoid a side channel attack on /dev/ptmx (keyboard\ninput timing).\n\nCVE-2012-5374: Fixed a local denial of service in the BTRFS hashing\ncode.\n\nCVE-2013-0309: arch/x86/include/asm/pgtable.h in the Linux kernel,\nwhen transparent huge pages are used, does not properly support\nPROT_NONE memory regions, which allows local users to cause a denial\nof service (system crash) via a crafted application.\n\nCVE-2013-0268: The msr_open function in arch/x86/kernel/msr.c in the\nLinux kernel allowed local users to bypass intended capability\nrestrictions by executing a crafted application as root, as\ndemonstrated by msr32.c.\n\nCVE-2012-0957: The override_release function in kernel/sys.c in the\nLinux kernel allowed local users to obtain sensitive information from\nkernel stack memory via a uname system call in conjunction with a\nUNAME26 personality.\n\nCVE-2013-0216: The Xen netback functionality in the Linux kernel\nallowed guest OS users to cause a denial of service (loop) by\ntriggering ring pointer corruption.\n\nCVE-2013-0231: The pciback_enable_msi function in the PCI backend\ndriver (drivers/xen/pciback/conf_space_capability_msi.c) in Xen for\nthe Linux kernel allowed guest OS users with PCI device access to\ncause a denial of service via a large number of kernel log messages.\nNOTE: some of these details are obtained from third-party information.\n\nCVE-2012-4530: The load_script function in fs/binfmt_script.c in the\nLinux kernel did not properly handle recursion, which allowed local\nusers to obtain sensitive information from kernel stack memory via a\ncrafted application.\n\nCVE-2012-4508: Race condition in fs/ext4/extents.c in the Linux kernel\nallowed local users to obtain sensitive information from a deleted\nfile by reading an extent that was not properly marked as\nuninitialized.\n\nCVE-2012-3412: The sfc (aka Solarflare Solarstorm) driver in the Linux\nkernel allowed remote attackers to cause a denial of service (DMA\ndescriptor consumption and network-controller outage) via crafted TCP\npackets that trigger a small MSS value.\n\nCVE-2012-2745: The copy_creds function in kernel/cred.c in the Linux\nkernel provided an invalid replacement session keyring to a child\nprocess, which allowed local users to cause a denial of service\n(panic) via a crafted application that uses the fork system call.\n\nCVE-2012-3375: The epoll_ctl system call in fs/eventpoll.c in the\nLinux kernel did not properly handle ELOOP errors in EPOLL_CTL_ADD\noperations, which allowed local users to cause a denial of service\n(file-descriptor consumption and system crash) via a crafted\napplication that attempts to create a circular epoll dependency.\n\nCVE-2012-3400: Heap-based buffer overflow in the udf_load_logicalvol\nfunction in fs/udf/super.c in the Linux kernel allowed remote\nattackers to cause a denial of service (system crash) or possibly have\nunspecified other impact via a crafted UDF filesystem.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=714906\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=720226\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=733148\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=755546\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=762693\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=765524\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=768506\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=769784\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=769896\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=770695\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=773406\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=773831\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=774285\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=774523\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=774859\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=776144\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=778630\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=779432\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=781134\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=783515\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=784192\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=786013\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=787168\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=792500\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=793671\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=797175\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=799209\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=800280\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=801178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=801782\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=802153\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=802642\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=804154\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=804652\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=804738\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2013-03/msg00013.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"kernel-debug-3.1.10-1.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"kernel-debug-base-3.1.10-1.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"kernel-debug-base-debuginfo-3.1.10-1.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"kernel-debug-debuginfo-3.1.10-1.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"kernel-debug-debugsource-3.1.10-1.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"kernel-debug-devel-3.1.10-1.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"kernel-debug-devel-debuginfo-3.1.10-1.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"kernel-default-3.1.10-1.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"kernel-default-base-3.1.10-1.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"kernel-default-base-debuginfo-3.1.10-1.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"kernel-default-debuginfo-3.1.10-1.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"kernel-default-debugsource-3.1.10-1.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"kernel-default-devel-3.1.10-1.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"kernel-default-devel-debuginfo-3.1.10-1.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"kernel-desktop-3.1.10-1.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"kernel-desktop-base-3.1.10-1.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"kernel-desktop-base-debuginfo-3.1.10-1.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"kernel-desktop-debuginfo-3.1.10-1.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"kernel-desktop-debugsource-3.1.10-1.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"kernel-desktop-devel-3.1.10-1.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"kernel-desktop-devel-debuginfo-3.1.10-1.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"kernel-devel-3.1.10-1.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"kernel-ec2-3.1.10-1.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"kernel-ec2-base-3.1.10-1.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"kernel-ec2-base-debuginfo-3.1.10-1.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"kernel-ec2-debuginfo-3.1.10-1.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"kernel-ec2-debugsource-3.1.10-1.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"kernel-ec2-devel-3.1.10-1.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"kernel-ec2-devel-debuginfo-3.1.10-1.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"kernel-ec2-extra-3.1.10-1.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"kernel-ec2-extra-debuginfo-3.1.10-1.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"kernel-pae-3.1.10-1.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"kernel-pae-base-3.1.10-1.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"kernel-pae-base-debuginfo-3.1.10-1.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"kernel-pae-debuginfo-3.1.10-1.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"kernel-pae-debugsource-3.1.10-1.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"kernel-pae-devel-3.1.10-1.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"kernel-pae-devel-debuginfo-3.1.10-1.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"kernel-source-3.1.10-1.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"kernel-source-vanilla-3.1.10-1.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"kernel-syms-3.1.10-1.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"kernel-trace-3.1.10-1.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"kernel-trace-base-3.1.10-1.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"kernel-trace-base-debuginfo-3.1.10-1.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"kernel-trace-debuginfo-3.1.10-1.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"kernel-trace-debugsource-3.1.10-1.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"kernel-trace-devel-3.1.10-1.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"kernel-trace-devel-debuginfo-3.1.10-1.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"kernel-vanilla-3.1.10-1.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"kernel-vanilla-base-3.1.10-1.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"kernel-vanilla-base-debuginfo-3.1.10-1.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"kernel-vanilla-debuginfo-3.1.10-1.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"kernel-vanilla-debugsource-3.1.10-1.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"kernel-vanilla-devel-3.1.10-1.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"kernel-vanilla-devel-debuginfo-3.1.10-1.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"kernel-xen-3.1.10-1.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"kernel-xen-base-3.1.10-1.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"kernel-xen-base-debuginfo-3.1.10-1.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"kernel-xen-debuginfo-3.1.10-1.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"kernel-xen-debugsource-3.1.10-1.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"kernel-xen-devel-3.1.10-1.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"kernel-xen-devel-debuginfo-3.1.10-1.19.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T12:45:42", "description": "This is a SUSE Linux Enterprise Server 11 SP1 LTSS roll up update to fix a lot of security issues and non-security bugs.\n\nThe following security bugs have been fixed :\n\nCVE-2011-3593: A certain Red Hat patch to the vlan_hwaccel_do_receive function in net/8021q/vlan_core.c in the Linux kernel 2.6.32 on Red Hat Enterprise Linux (RHEL) 6 allows remote attackers to cause a denial of service (system crash) via priority-tagged VLAN frames.\n(bnc#735347)\n\nCVE-2012-1601: The KVM implementation in the Linux kernel before 3.3.6 allows host OS users to cause a denial of service (NULL pointer dereference and host OS crash) by making a KVM_CREATE_IRQCHIP ioctl call after a virtual CPU already exists. (bnc#754898)\n\nCVE-2012-2137: Buffer overflow in virt/kvm/irq_comm.c in the KVM subsystem in the Linux kernel before 3.2.24 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to Message Signaled Interrupts (MSI), irq routing entries, and an incorrect check by the setup_routing_entry function before invoking the kvm_set_irq function. (bnc#767612)\n\nCVE-2012-2372: The rds_ib_xmit function in net/rds/ib_send.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel 3.7.4 and earlier allows local users to cause a denial of service (BUG_ON and kernel panic) by establishing an RDS connection with the source IP address equal to the IPoIB interfaces own IP address, as demonstrated by rds-ping. (bnc#767610)\n\nCVE-2012-2745: The copy_creds function in kernel/cred.c in the Linux kernel before 3.3.2 provides an invalid replacement session keyring to a child process, which allows local users to cause a denial of service (panic) via a crafted application that uses the fork system call.\n(bnc#770695)\n\nCVE-2012-3375: The epoll_ctl system call in fs/eventpoll.c in the Linux kernel before 3.2.24 does not properly handle ELOOP errors in EPOLL_CTL_ADD operations, which allows local users to cause a denial of service (file-descriptor consumption and system crash) via a crafted application that attempts to create a circular epoll dependency. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1083. (bnc#769896)\n\nCVE-2012-3412: The sfc (aka Solarflare Solarstorm) driver in the Linux kernel before 3.2.30 allows remote attackers to cause a denial of service (DMA descriptor consumption and network-controller outage) via crafted TCP packets that trigger a small MSS value. (bnc#774523)\n\nCVE-2012-3430: The rds_recvmsg function in net/rds/recv.c in the Linux kernel before 3.0.44 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a (1) recvfrom or (2) recvmsg system call on an RDS socket. (bnc#773383)\n\nCVE-2012-3511: Multiple race conditions in the madvise_remove function in mm/madvise.c in the Linux kernel before 3.4.5 allow local users to cause a denial of service (use-after-free and system crash) via vectors involving a (1) munmap or (2) close system call. (bnc#776885)\n\nCVE-2012-4444: The ip6_frag_queue function in net/ipv6/reassembly.c in the Linux kernel before 2.6.36 allows remote attackers to bypass intended network restrictions via overlapping IPv6 fragments. (bnc#789831)\n\nCVE-2012-4530: The load_script function in fs/binfmt_script.c in the Linux kernel before 3.7.2 does not properly handle recursion, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (bnc#786013)\n\nCVE-2012-4565: The tcp_illinois_info function in net/ipv4/tcp_illinois.c in the Linux kernel before 3.4.19, when the net.ipv4.tcp_congestion_control illinois setting is enabled, allows local users to cause a denial of service (divide-by-zero error and OOPS) by reading TCP stats.\n(bnc#787576)\n\nCVE-2012-6537: net/xfrm/xfrm_user.c in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability.\n(bnc#809889)\n\nCVE-2012-6538: The copy_to_user_auth function in net/xfrm/xfrm_user.c in the Linux kernel before 3.6 uses an incorrect C library function for copying a string, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability. (bnc#809889)\n\nCVE-2012-6539: The dev_ifconf function in net/socket.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (bnc#809891)\n\nCVE-2012-6540: The do_ip_vs_get_ctl function in net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel before 3.6 does not initialize a certain structure for IP_VS_SO_GET_TIMEOUT commands, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (bnc#809892)\n\nCVE-2012-6541: The ccid3_hc_tx_getsockopt function in net/dccp/ccids/ccid3.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (bnc#809893)\n\nCVE-2012-6542: The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel before 3.6 has an incorrect return value in certain circumstances, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that leverages an uninitialized pointer argument. (bnc#809894)\n\nCVE-2012-6544: The Bluetooth protocol stack in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that targets the (1) L2CAP or (2) HCI implementation. (bnc#809898)\n\nCVE-2012-6545: The Bluetooth RFCOMM implementation in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel memory via a crafted application.\n(bnc#809899)\n\nCVE-2012-6546: The ATM implementation in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (bnc#809900)\n\nCVE-2012-6547: The __tun_chr_ioctl function in drivers/net/tun.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (bnc#809901)\n\nCVE-2012-6548: The udf_encode_fh function in fs/udf/namei.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted application. (bnc#809902)\n\nCVE-2012-6549: The isofs_export_encode_fh function in fs/isofs/export.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted application. (bnc#809903)\n\nCVE-2013-0160: The Linux kernel through 3.7.9 allows local users to obtain sensitive information about keystroke timing by using the inotify API on the /dev/ptmx device.\n(bnc#797175)\n\nCVE-2013-0216: The Xen netback functionality in the Linux kernel before 3.7.8 allows guest OS users to cause a denial of service (loop) by triggering ring pointer corruption.\n(bnc#800280)(XSA-39)\n\nCVE-2013-0231: The pciback_enable_msi function in the PCI backend driver (drivers/xen/pciback/conf_space_capability_msi.c) in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to cause a denial of service via a large number of kernel log messages. NOTE: some of these details are obtained from third-party information.\n(bnc#801178)(XSA-43)\n\nCVE-2013-0268: The msr_open function in arch/x86/kernel/msr.c in the Linux kernel before 3.7.6 allows local users to bypass intended capability restrictions by executing a crafted application as root, as demonstrated by msr32.c. (bnc#802642)\n\nCVE-2013-0310: The cipso_v4_validate function in net/ipv4/cipso_ipv4.c in the Linux kernel before 3.4.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via an IPOPT_CIPSO IP_OPTIONS setsockopt system call. (bnc#804653)\n\nCVE-2013-0343: The ipv6_create_tempaddr function in net/ipv6/addrconf.c in the Linux kernel through 3.8 does not properly handle problems with the generation of IPv6 temporary addresses, which allows remote attackers to cause a denial of service (excessive retries and address-generation outage), and consequently obtain sensitive information, via ICMPv6 Router Advertisement (RA) messages. (bnc#805226)\n\nCVE-2013-0349: The hidp_setup_hid function in net/bluetooth/hidp/core.c in the Linux kernel before 3.7.6 does not properly copy a certain name field, which allows local users to obtain sensitive information from kernel memory by setting a long name and making an HIDPCONNADD ioctl call. (bnc#805227)\n\nCVE-2013-0871: Race condition in the ptrace functionality in the Linux kernel before 3.7.5 allows local users to gain privileges via a PTRACE_SETREGS ptrace system call in a crafted application, as demonstrated by ptrace_death.\n(bnc#804154)\n\nCVE-2013-0914: The flush_signal_handlers function in kernel/signal.c in the Linux kernel before 3.8.4 preserves the value of the sa_restorer field across an exec operation, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application containing a sigaction system call. (bnc#808827)\n\nCVE-2013-1767: Use-after-free vulnerability in the shmem_remount_fs function in mm/shmem.c in the Linux kernel before 3.7.10 allows local users to gain privileges or cause a denial of service (system crash) by remounting a tmpfs filesystem without specifying a required mpol (aka mempolicy) mount option. (bnc#806138)\n\nCVE-2013-1773: Buffer overflow in the VFAT filesystem implementation in the Linux kernel before 3.3 allows local users to gain privileges or cause a denial of service (system crash) via a VFAT write operation on a filesystem with the utf8 mount option, which is not properly handled during UTF-8 to UTF-16 conversion. (bnc#806977)\n\nCVE-2013-1774: The chase_port function in drivers/usb/serial/io_ti.c in the Linux kernel before 3.7.4 allows local users to cause a denial of service (NULL pointer dereference and system crash) via an attempted /dev/ttyUSB read or write operation on a disconnected Edgeport USB serial converter. (bnc#806976)\n\nCVE-2013-1792: Race condition in the install_user_keyrings function in security/keys/process_keys.c in the Linux kernel before 3.8.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) via crafted keyctl system calls that trigger keyring operations in simultaneous threads. (bnc#808358)\n\nCVE-2013-1796: The kvm_set_msr_common function in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 does not ensure a required time_page alignment during an MSR_KVM_SYSTEM_TIME operation, which allows guest OS users to cause a denial of service (buffer overflow and host OS memory corruption) or possibly have unspecified other impact via a crafted application. (bnc#806980)\n\nCVE-2013-1797: Use-after-free vulnerability in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 allows guest OS users to cause a denial of service (host OS memory corruption) or possibly have unspecified other impact via a crafted application that triggers use of a guest physical address (GPA) in (1) movable or (2) removable memory during an MSR_KVM_SYSTEM_TIME kvm_set_msr_common operation.\n(bnc#806980)\n\nCVE-2013-1798: The ioapic_read_indirect function in virt/kvm/ioapic.c in the Linux kernel through 3.8.4 does not properly handle a certain combination of invalid IOAPIC_REG_SELECT and IOAPIC_REG_WINDOW operations, which allows guest OS users to obtain sensitive information from host OS memory or cause a denial of service (host OS OOPS) via a crafted application. (bnc#806980)\n\nCVE-2013-1827: net/dccp/ccid.h in the Linux kernel before 3.5.4 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by leveraging the CAP_NET_ADMIN capability for a certain (1) sender or (2) receiver getsockopt call.\n(bnc#811354)\n\nCVE-2013-1928: The do_video_set_spu_palette function in fs/compat_ioctl.c in the Linux kernel before 3.6.5 on unspecified architectures lacks a certain error check, which might allow local users to obtain sensitive information from kernel stack memory via a crafted VIDEO_SET_SPU_PALETTE ioctl call on a /dev/dvb device. (bnc#813735)\n\nCVE-2013-1943: The KVM subsystem in the Linux kernel before 3.0 does not check whether kernel addresses are specified during allocation of memory slots for use in a guests physical address space, which allows local users to gain privileges or obtain sensitive information from kernel memory via a crafted application, related to arch/x86/kvm/paging_tmpl.h and virt/kvm/kvm_main.c.\n(bnc#828012)\n\nCVE-2013-2015: The ext4_orphan_del function in fs/ext4/namei.c in the Linux kernel before 3.7.3 does not properly handle orphan-list entries for non-journal filesystems, which allows physically proximate attackers to cause a denial of service (system hang) via a crafted filesystem on removable media, as demonstrated by the e2fsprogs tests/f_orphan_extents_inode/image.gz test.\n(bnc#817377)\n\nCVE-2013-2141: The do_tkill function in kernel/signal.c in the Linux kernel before 3.8.9 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via a crafted application that makes a (1) tkill or (2) tgkill system call.\n(bnc#823267)\n\nCVE-2013-2147: The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in the Linux kernel through 3.9.4 do not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via (1) a crafted IDAGETPCIINFO command for a /dev/ida device, related to the ida_locked_ioctl function in drivers/block/cpqarray.c or (2) a crafted CCISS_PASSTHRU32 command for a /dev/cciss device, related to the cciss_ioctl32_passthru function in drivers/block/cciss.c. (bnc#823260)\n\nCVE-2013-2164: The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel through 3.10 allows local users to obtain sensitive information from kernel memory via a read operation on a malfunctioning CD-ROM drive. (bnc#824295)\n\nCVE-2013-2232: The ip6_sk_dst_check function in net/ipv6/ip6_output.c in the Linux kernel before 3.10 allows local users to cause a denial of service (system crash) by using an AF_INET6 socket for a connection to an IPv4 interface. (bnc#827750)\n\nCVE-2013-2234: The (1) key_notify_sa_flush and (2) key_notify_policy_flush functions in net/key/af_key.c in the Linux kernel before 3.10 do not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify interface of an IPSec key_socket.\n(bnc#827749)\n\nCVE-2013-2237: The key_notify_policy_flush function in net/key/af_key.c in the Linux kernel before 3.9 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify_policy interface of an IPSec key_socket. (bnc#828119)\n\nCVE-2013-2634: net/dcb/dcbnl.c in the Linux kernel before 3.8.4 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (bnc#810473)\n\nCVE-2013-2851: Format string vulnerability in the register_disk function in block/genhd.c in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and writing format string specifiers to /sys/module/md_mod/parameters/new_array in order to create a crafted /dev/md device name. (bnc#822575)\n\nCVE-2013-2852: Format string vulnerability in the b43_request_firmware function in drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and including format string specifiers in an fwpostfix modprobe parameter, leading to improper construction of an error message.\n(bnc#822579)\n\nCVE-2013-2888: Multiple array index errors in drivers/hid/hid-core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11 allow physically proximate attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted device that provides an invalid Report ID. (bnc#835839)\n\nCVE-2013-2889: drivers/hid/hid-zpff.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_ZEROPLUS is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device. (bnc#835839)\n\nCVE-2013-2892: drivers/hid/hid-pl.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PANTHERLORD is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device. (bnc#835839)\n\nCVE-2013-2893: The Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_LOGITECH_FF, CONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device, related to (1) drivers/hid/hid-lgff.c, (2) drivers/hid/hid-lg3ff.c, and (3) drivers/hid/hid-lg4ff.c.\n(bnc#835839)\n\nCVE-2013-2897: Multiple array index errors in drivers/hid/hid-multitouch.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_MULTITOUCH is enabled, allow physically proximate attackers to cause a denial of service (heap memory corruption, or NULL pointer dereference and OOPS) via a crafted device. (bnc#835839)\n\nCVE-2013-2929: The Linux kernel before 3.12.2 does not properly use the get_dumpable function, which allows local users to bypass intended ptrace restrictions or obtain sensitive information from IA64 scratch registers via a crafted application, related to kernel/ptrace.c and arch/ia64/include/asm/processor.h. (bnc#847652)\n\nCVE-2013-3222: The vcc_recvmsg function in net/atm/common.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668)\n\nCVE-2013-3223: The ax25_recvmsg function in net/ax25/af_ax25.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.\n(bnc#816668)\n\nCVE-2013-3224: The bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the Linux kernel before 3.9-rc7 does not properly initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668)\n\nCVE-2013-3225: The rfcomm_sock_recvmsg function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668)\n\nCVE-2013-3228: The irda_recvmsg_dgram function in net/irda/af_irda.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.\n(bnc#816668)\n\nCVE-2013-3229: The iucv_sock_recvmsg function in net/iucv/af_iucv.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.\n(bnc#816668)\n\nCVE-2013-3231: The llc_ui_recvmsg function in net/llc/af_llc.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.\n(bnc#816668)\n\nCVE-2013-3232: The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.\n(bnc#816668)\n\nCVE-2013-3234: The rose_recvmsg function in net/rose/af_rose.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.\n(bnc#816668)\n\nCVE-2013-3235: net/tipc/socket.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure and a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668)\n\nCVE-2013-4345: Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the consumed data. (bnc#840226)\n\nCVE-2013-4470: The Linux kernel before 3.12, when UDP Fragmentation Offload (UFO) is enabled, does not properly initialize certain data structures, which allows local users to cause a denial of service (memory corruption and system crash) or possibly gain privileges via a crafted application that uses the UDP_CORK option in a setsockopt system call and sends both short and long packets, related to the ip_ufo_append_data function in net/ipv4/ip_output.c and the ip6_ufo_append_data function in net/ipv6/ip6_output.c.\n(bnc#847672)\n\nCVE-2013-4483: The ipc_rcu_putref function in ipc/util.c in the Linux kernel before 3.10 does not properly manage a reference count, which allows local users to cause a denial of service (memory consumption or system crash) via a crafted application. (bnc#848321)\n\nCVE-2013-4511: Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted mmap operations, related to the (1) au1100fb_fb_mmap function in drivers/video/au1100fb.c and the (2) au1200fb_fb_mmap function in drivers/video/au1200fb.c. (bnc#849021)\n\nCVE-2013-4587: Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges via a large id value.\n(bnc#853050)\n\nCVE-2013-4588: Multiple stack-based buffer overflows in net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel before 2.6.33, when CONFIG_IP_VS is used, allow local users to gain privileges by leveraging the CAP_NET_ADMIN capability for (1) a getsockopt system call, related to the do_ip_vs_get_ctl function, or (2) a setsockopt system call, related to the do_ip_vs_set_ctl function. (bnc#851095)\n\nCVE-2013-4591: Buffer overflow in the\n__nfs4_get_acl_uncached function in fs/nfs/nfs4proc.c in the Linux kernel before 3.7.2 allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via a getxattr system call for the system.nfs4_acl extended attribute of a pathname on an NFSv4 filesystem. (bnc#851103)\n\nCVE-2013-6367: The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via crafted modifications of the TMICT value. (bnc#853051)\n\nCVE-2013-6368: The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address. (bnc#853052)\n\nCVE-2013-6378: The lbs_debugfs_write function in drivers/net/wireless/libertas/debugfs.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service (OOPS) by leveraging root privileges for a zero-length write operation. (bnc#852559)\n\nCVE-2013-6383: The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not require the CAP_SYS_RAWIO capability, which allows local users to bypass intended access restrictions via a crafted ioctl call. (bnc#852558)\n\nCVE-2014-1444: The fst_get_iface function in drivers/net/wan/farsync.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCWANDEV ioctl call. (bnc#858869)\n\nCVE-2014-1445: The wanxl_ioctl function in drivers/net/wan/wanxl.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an ioctl call. (bnc#858870)\n\nCVE-2014-1446: The yam_ioctl function in drivers/net/hamradio/yam.c in the Linux kernel before 3.12.8 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCYAMGCFG ioctl call. (bnc#858872)\n\nAlso the following non-security bugs have been fixed :\n\n - x86: Clear HPET configuration registers on startup (bnc#748896).\n\n - sched: fix divide by zero in task_utime() (bnc#761774).\n\n - sched: Fix pick_next_highest_task_rt() for cgroups (bnc#760596).\n\n - mm: hugetlbfs: Close race during teardown of hugetlbfs shared page tables.\n\n - mm: hugetlbfs: Correctly detect if page tables have just been shared. (Fix bad PMD message displayed while using hugetlbfs (bnc#762366)).\n\n - cpumask: Partition_sched_domains takes array of cpumask_var_t (bnc#812364).\n\n - cpumask: Simplify sched_rt.c (bnc#812364).\n\n - kabi: protect bind_conflict callback in struct inet_connection_sock_af_ops (bnc#823618).\n\n - memcg: fix init_section_page_cgroup pfn alignment (bnc#835481).\n\n - tty: fix up atime/mtime mess, take three (bnc#797175).\n\n - tty: fix atime/mtime regression (bnc#815745).\n\n - ptrace: ptrace_resume() should not wake up !TASK_TRACED thread (bnc#804154).\n\n - kbuild: Fix gcc -x syntax (bnc#773831).\n\n - ftrace: Disable function tracing during suspend/resume and hibernation, again (bnc#768668). proc: fix pagemap_read() error case (bnc#787573).\n\n net: Upgrade device features irrespective of mask (bnc#715250).\n\n - tcp: bind() fix autoselection to share ports (bnc#823618).\n\n - tcp: bind() use stronger condition for bind_conflict (bnc#823618).\n\n - tcp: ipv6: bind() use stronger condition for bind_conflict (bnc#823618).\n\n - netfilter: use RCU safe kfree for conntrack extensions (bnc#827416).\n\n - netfilter: prevent race condition breaking net reference counting (bnc#835094).\n\n - netfilter: send ICMPv6 message on fragment reassembly timeout (bnc#773577).\n\n - netfilter: fix sending ICMPv6 on netfilter reassembly timeout (bnc#773577).\n\n - tcp_cubic: limit delayed_ack ratio to prevent divide error (bnc#810045). bonding: in balance-rr mode, set curr_active_slave only if it is up (bnc#789648).\n\n scsi: Add 'eh_deadline' to limit SCSI EH runtime (bnc#798050).\n\n - scsi: Allow error handling timeout to be specified (bnc#798050).\n\n - scsi: Fixup compilation warning (bnc#798050).\n\n - scsi: Retry failfast commands after EH (bnc#798050).\n\n - scsi: Warn on invalid command completion (bnc#798050).\n\n - scsi: Always retry internal target error (bnc#745640, bnc#825227).\n\n - scsi: kABI fixes (bnc#798050).\n\n - scsi: remove check for 'resetting' (bnc#798050).\n\n - scsi: Eliminate error handler overload of the SCSI serial number (bnc#798050).\n\n - scsi: Reduce error recovery time by reducing use of TURs (bnc#798050).\n\n - scsi: Reduce sequential pointer derefs in scsi_error.c and reduce size as well (bnc#798050).\n\n - scsi: cleanup setting task state in scsi_error_handler() (bnc#798050).\n\n - scsi: fix eh wakeup (scsi_schedule_eh vs scsi_restart_operations) (bnc#798050). scsi: fix id computation in scsi_eh_target_reset() (bnc#798050).\n\n advansys: Remove 'last_reset' references (bnc#798050).\n\n - dc395: Move 'last_reset' into internal host structure (bnc#798050).\n\n - dpt_i2o: Remove DPTI_STATE_IOCTL (bnc#798050).\n\n - dpt_i2o: return SCSI_MLQUEUE_HOST_BUSY when in reset (bnc#798050).\n\n - fc class: fix scanning when devs are offline (bnc#798050). tmscsim: Move 'last_reset' into host structure (bnc#798050).\n\n st: Store page order before driver buffer allocation (bnc#769644).\n\n - st: Increase success probability in driver buffer allocation (bnc#769644). st: work around broken\n __bio_add_page logic (bnc#769644).\n\n avoid race by ignoring flush_time in cache_check (bnc#814363).\n\n writeback: remove the internal 5% low bound on dirty_ratio\n\n - writeback: skip balance_dirty_pages() for in-memory fs (Do not dirty throttle ram-based filesystems (bnc#840858)). writeback: Do not sync data dirtied after sync start (bnc#833820).\n\n blkdev_max_block: make private to fs/buffer.c (bnc#820338).\n\n - vfs: avoid 'attempt to access beyond end of device' warnings (bnc#820338). vfs: fix O_DIRECT read past end of block device (bnc#820338).\n\n lib/radix-tree.c: make radix_tree_node_alloc() work correctly within interrupt (bnc#763463).\n\n xfs: allow writeback from kswapd (bnc#826707).\n\n - xfs: skip writeback from reclaim context (bnc#826707).\n\n - xfs: Serialize file-extending direct IO (bnc#818371).\n\n - xfs: Avoid pathological backwards allocation (bnc#805945). xfs: fix inode lookup race (bnc#763463).\n\n cifs: clarify the meaning of tcpStatus == CifsGood (bnc#776024).\n\n cifs: do not allow cifs_reconnect to exit with NULL socket pointer (bnc#776024).\n\n ocfs2: Add a missing journal credit in ocfs2_link_credits() -v2 (bnc#773320).\n\n usb: Fix deadlock in hid_reset when Dell iDRAC is reset (bnc#814716).\n\n usb: xhci: Fix command completion after a drop endpoint (bnc#807320).\n\n netiucv: Hold rtnl between name allocation and device registration (bnc#824159).\n\n rwsem: Test for no active locks in __rwsem_do_wake undo code (bnc#813276).\n\n nfs: NFSv3/v2: Fix data corruption with NFS short reads (bnc#818337).\n\n - nfs: Allow sec=none mounts in certain cases (bnc#795354).\n\n - nfs: Make nfsiod a multi-thread queue (bnc#815352).\n\n - nfs: increase number of permitted callback connections (bnc#771706).\n\n - nfs: Fix Oops in nfs_lookup_revalidate (bnc#780008).\n\n - nfs: do not allow TASK_KILLABLE sleeps to block the freezer (bnc#775182). nfs: Avoid race in d_splice_alias and vfs_rmdir (bnc#845028).\n\n svcrpc: take lock on turning entry NEGATIVE in cache_check (bnc#803320).\n\n - svcrpc: ensure cache_check caller sees updated entry (bnc#803320).\n\n - sunrpc/cache: remove races with queuing an upcall (bnc#803320).\n\n - sunrpc/cache: use cache_fresh_unlocked consistently and correctly (bnc#803320).\n\n - sunrpc/cache: ensure items removed from cache do not have pending upcalls (bnc#803320).\n\n - sunrpc/cache: do not schedule update on cache item that has been replaced (bnc#803320). sunrpc/cache: fix test in try_to_negate (bnc#803320).\n\n xenbus: fix overflow check in xenbus_dev_write().\n\n - x86: do not corrupt %eip when returning from a signal handler.\n\n - scsiback/usbback: move cond_resched() invocations to proper place. netback: fix netbk_count_requests().\n\n dm: add dm_deleting_md function (bnc#785016).\n\n - dm: bind new table before destroying old (bnc#785016).\n\n - dm: keep old table until after resume succeeded (bnc#785016). dm: rename dm_get_table to dm_get_live_table (bnc#785016).\n\n drm/edid: Fix up partially corrupted headers (bnc#780004).\n\n drm/edid: Retry EDID fetch up to four times (bnc#780004).\n\n i2c-algo-bit: Fix spurious SCL timeouts under heavy load (bnc#780004).\n\n hpilo: remove pci_disable_device (bnc#752544).\n\n mptsas: handle 'Initializing Command Required' ASCQ (bnc#782178).\n\n mpt2sas: Fix race on shutdown (bnc#856917).\n\n ipmi: decrease the IPMI message transaction time in interrupt mode (bnc#763654).\n\n - ipmi: simplify locking (bnc#763654). ipmi: use a tasklet for handling received messages (bnc#763654).\n\n bnx2x: bug fix when loading after SAN boot (bnc#714906).\n\n bnx2x: previous driver unload revised (bnc#714906).\n\n ixgbe: Address fact that RSC was not setting GSO size for incoming frames (bnc#776144).\n\n ixgbe: pull PSRTYPE configuration into a separate function (bnc#780572 bnc#773640 bnc#776144).\n\n e1000e: clear REQ and GNT in EECD (82571 && 82572) (bnc#762099).\n\n hpsa: do not attempt to read from a write-only register (bnc#777473).\n\n aio: Fixup kABI for the aio-implement-request-batching patch (bnc#772849).\n\n - aio: bump i_count instead of using igrab (bnc#772849).\n aio: implement request batching (bnc#772849).\n\n Driver core: Do not remove kobjects in device_shutdown (bnc#771992).\n\n resources: fix call to alignf() in allocate_resource() (bnc#744955).\n\n - resources: when allocate_resource() fails, leave resource untouched (bnc#744955).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2015-05-20T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : kernel (SUSE-SU-2014:0287-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1083", "CVE-2011-3593", "CVE-2012-1601", "CVE-2012-2137", "CVE-2012-2372", "CVE-2012-2745", "CVE-2012-3375", "CVE-2012-3412", "CVE-2012-3430", "CVE-2012-3511", "CVE-2012-4444", "CVE-2012-4530", "CVE-2012-4565", "CVE-2012-6537", "CVE-2012-6538", "CVE-2012-6539", "CVE-2012-6540", "CVE-2012-6541", "CVE-2012-6542", "CVE-2012-6544", "CVE-2012-6545", "CVE-2012-6546", "CVE-2012-6547", "CVE-2012-6548", "CVE-2012-6549", "CVE-2013-0160", "CVE-2013-0216", "CVE-2013-0231", "CVE-2013-0268", "CVE-2013-0310", "CVE-2013-0343", "CVE-2013-0349", "CVE-2013-0871", "CVE-2013-0914", "CVE-2013-1767", "CVE-2013-1773", "CVE-2013-1774", "CVE-2013-1792", "CVE-2013-1796", "CVE-2013-1797", "CVE-2013-1798", "CVE-2013-1827", "CVE-2013-1928", "CVE-2013-1943", "CVE-2013-2015", "CVE-2013-2141", "CVE-2013-2147", "CVE-2013-2164", "CVE-2013-2232", "CVE-2013-2234", "CVE-2013-2237", "CVE-2013-2634", "CVE-2013-2851", "CVE-2013-2852", "CVE-2013-2888", "CVE-2013-2889", "CVE-2013-2892", "CVE-2013-2893", "CVE-2013-2897", "CVE-2013-2929", "CVE-2013-3222", "CVE-2013-3223", "CVE-2013-3224", "CVE-2013-3225", "CVE-2013-3228", "CVE-2013-3229", "CVE-2013-3231", "CVE-2013-3232", "CVE-2013-3234", "CVE-2013-3235", "CVE-2013-4345", "CVE-2013-4470", "CVE-2013-4483", "CVE-2013-4511", "CVE-2013-4587", "CVE-2013-4588", "CVE-2013-4591", "CVE-2013-6367", "CVE-2013-6368", "CVE-2013-6378", "CVE-2013-6383", "CVE-2014-1444", "CVE-2014-1445", "CVE-2014-1446"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:btrfs-kmp-default", "p-cpe:/a:novell:suse_linux:btrfs-kmp-pae", "p-cpe:/a:novell:suse_linux:btrfs-kmp-xen", "p-cpe:/a:novell:suse_linux:ext4dev-kmp-default", "p-cpe:/a:novell:suse_linux:ext4dev-kmp-pae", "p-cpe:/a:novell:suse_linux:ext4dev-kmp-trace", "p-cpe:/a:novell:suse_linux:ext4dev-kmp-xen", "p-cpe:/a:novell:suse_linux:hyper-v-kmp-default", "p-cpe:/a:novell:suse_linux:hyper-v-kmp-pae", "p-cpe:/a:novell:suse_linux:hyper-v-kmp-trace", "p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-ec2", "p-cpe:/a:novell:suse_linux:kernel-ec2-base", "p-cpe:/a:novell:suse_linux:kernel-ec2-devel", "p-cpe:/a:novell:suse_linux:kernel-pae", "p-cpe:/a:novell:suse_linux:kernel-pae-base", "p-cpe:/a:novell:suse_linux:kernel-pae-devel", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-trace", "p-cpe:/a:novell:suse_linux:kernel-trace-base", "p-cpe:/a:novell:suse_linux:kernel-trace-devel", "p-cpe:/a:novell:suse_linux:kernel-xen", "p-cpe:/a:novell:suse_linux:kernel-xen-base", "p-cpe:/a:novell:suse_linux:kernel-xen-devel", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2014-0287-1.NASL", "href": "https://www.tenable.com/plugins/nessus/83611", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2014:0287-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83611);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-1083\", \"CVE-2011-3593\", \"CVE-2012-1601\", \"CVE-2012-2137\", \"CVE-2012-2372\", \"CVE-2012-2745\", \"CVE-2012-3375\", \"CVE-2012-3412\", \"CVE-2012-3430\", \"CVE-2012-3511\", \"CVE-2012-4444\", \"CVE-2012-4530\", \"CVE-2012-4565\", \"CVE-2012-6537\", \"CVE-2012-6538\", \"CVE-2012-6539\", \"CVE-2012-6540\", \"CVE-2012-6541\", \"CVE-2012-6542\", \"CVE-2012-6544\", \"CVE-2012-6545\", \"CVE-2012-6546\", \"CVE-2012-6547\", \"CVE-2012-6548\", \"CVE-2012-6549\", \"CVE-2013-0160\", \"CVE-2013-0216\", \"CVE-2013-0231\", \"CVE-2013-0268\", \"CVE-2013-0310\", \"CVE-2013-0343\", \"CVE-2013-0349\", \"CVE-2013-0871\", \"CVE-2013-0914\", \"CVE-2013-1767\", \"CVE-2013-1773\", \"CVE-2013-1774\", \"CVE-2013-1792\", \"CVE-2013-1796\", \"CVE-2013-1797\", \"CVE-2013-1798\", \"CVE-2013-1827\", \"CVE-2013-1928\", \"CVE-2013-1943\", \"CVE-2013-2015\", \"CVE-2013-2141\", \"CVE-2013-2147\", \"CVE-2013-2164\", \"CVE-2013-2232\", \"CVE-2013-2234\", \"CVE-2013-2237\", \"CVE-2013-2634\", \"CVE-2013-2851\", \"CVE-2013-2852\", \"CVE-2013-2888\", \"CVE-2013-2889\", \"CVE-2013-2892\", \"CVE-2013-2893\", \"CVE-2013-2897\", \"CVE-2013-2929\", \"CVE-2013-3222\", \"CVE-2013-3223\", \"CVE-2013-3224\", \"CVE-2013-3225\", \"CVE-2013-3228\", \"CVE-2013-3229\", \"CVE-2013-3231\", \"CVE-2013-3232\", \"CVE-2013-3234\", \"CVE-2013-3235\", \"CVE-2013-4345\", \"CVE-2013-4470\", \"CVE-2013-4483\", \"CVE-2013-4511\", \"CVE-2013-4587\", \"CVE-2013-4588\", \"CVE-2013-4591\", \"CVE-2013-6367\", \"CVE-2013-6368\", \"CVE-2013-6378\", \"CVE-2013-6383\", \"CVE-2014-1444\", \"CVE-2014-1445\", \"CVE-2014-1446\");\n script_bugtraq_id(46630, 50767, 53488, 54062, 54063, 54283, 54365, 54702, 54763, 55151, 55878, 56346, 56891, 57176, 57740, 57743, 57838, 57986, 58052, 58112, 58177, 58200, 58202, 58368, 58383, 58409, 58426, 58597, 58604, 58605, 58607, 58795, 58906, 58977, 58978, 58985, 58986, 58987, 58989, 58990, 58991, 58992, 58993, 58994, 58996, 59377, 59380, 59381, 59383, 59385, 59389, 59390, 59393, 59394, 59397, 59512, 60254, 60280, 60375, 60409, 60410, 60466, 60874, 60893, 60953, 62042, 62043, 62044, 62049, 62050, 62740, 63359, 63445, 63512, 63744, 63791, 63886, 63888, 64111, 64270, 64291, 64328, 64952, 64953, 64954);\n\n script_name(english:\"SUSE SLES11 Security Update : kernel (SUSE-SU-2014:0287-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This is a SUSE Linux Enterprise Server 11 SP1 LTSS roll up update to\nfix a lot of security issues and non-security bugs.\n\nThe following security bugs have been fixed :\n\nCVE-2011-3593: A certain Red Hat patch to the vlan_hwaccel_do_receive\nfunction in net/8021q/vlan_core.c in the Linux kernel 2.6.32 on Red\nHat Enterprise Linux (RHEL) 6 allows remote attackers to cause a\ndenial of service (system crash) via priority-tagged VLAN frames.\n(bnc#735347)\n\nCVE-2012-1601: The KVM implementation in the Linux kernel\nbefore 3.3.6 allows host OS users to cause a denial of\nservice (NULL pointer dereference and host OS crash) by\nmaking a KVM_CREATE_IRQCHIP ioctl call after a virtual CPU\nalready exists. (bnc#754898)\n\nCVE-2012-2137: Buffer overflow in virt/kvm/irq_comm.c in the\nKVM subsystem in the Linux kernel before 3.2.24 allows local\nusers to cause a denial of service (crash) and possibly\nexecute arbitrary code via vectors related to Message\nSignaled Interrupts (MSI), irq routing entries, and an\nincorrect check by the setup_routing_entry function before\ninvoking the kvm_set_irq function. (bnc#767612)\n\nCVE-2012-2372: The rds_ib_xmit function in net/rds/ib_send.c\nin the Reliable Datagram Sockets (RDS) protocol\nimplementation in the Linux kernel 3.7.4 and earlier allows\nlocal users to cause a denial of service (BUG_ON and kernel\npanic) by establishing an RDS connection with the source IP\naddress equal to the IPoIB interfaces own IP address, as\ndemonstrated by rds-ping. (bnc#767610)\n\nCVE-2012-2745: The copy_creds function in kernel/cred.c in\nthe Linux kernel before 3.3.2 provides an invalid\nreplacement session keyring to a child process, which allows\nlocal users to cause a denial of service (panic) via a\ncrafted application that uses the fork system call.\n(bnc#770695)\n\nCVE-2012-3375: The epoll_ctl system call in fs/eventpoll.c\nin the Linux kernel before 3.2.24 does not properly handle\nELOOP errors in EPOLL_CTL_ADD operations, which allows local\nusers to cause a denial of service (file-descriptor\nconsumption and system crash) via a crafted application that\nattempts to create a circular epoll dependency. NOTE: this\nvulnerability exists because of an incorrect fix for\nCVE-2011-1083. (bnc#769896)\n\nCVE-2012-3412: The sfc (aka Solarflare Solarstorm) driver in\nthe Linux kernel before 3.2.30 allows remote attackers to\ncause a denial of service (DMA descriptor consumption and\nnetwork-controller outage) via crafted TCP packets that\ntrigger a small MSS value. (bnc#774523)\n\nCVE-2012-3430: The rds_recvmsg function in net/rds/recv.c in\nthe Linux kernel before 3.0.44 does not initialize a certain\nstructure member, which allows local users to obtain\npotentially sensitive information from kernel stack memory\nvia a (1) recvfrom or (2) recvmsg system call on an RDS\nsocket. (bnc#773383)\n\nCVE-2012-3511: Multiple race conditions in the\nmadvise_remove function in mm/madvise.c in the Linux kernel\nbefore 3.4.5 allow local users to cause a denial of service\n(use-after-free and system crash) via vectors involving a\n(1) munmap or (2) close system call. (bnc#776885)\n\nCVE-2012-4444: The ip6_frag_queue function in\nnet/ipv6/reassembly.c in the Linux kernel before 2.6.36\nallows remote attackers to bypass intended network\nrestrictions via overlapping IPv6 fragments. (bnc#789831)\n\nCVE-2012-4530: The load_script function in\nfs/binfmt_script.c in the Linux kernel before 3.7.2 does not\nproperly handle recursion, which allows local users to\nobtain sensitive information from kernel stack memory via a\ncrafted application. (bnc#786013)\n\nCVE-2012-4565: The tcp_illinois_info function in\nnet/ipv4/tcp_illinois.c in the Linux kernel before 3.4.19,\nwhen the net.ipv4.tcp_congestion_control illinois setting is\nenabled, allows local users to cause a denial of service\n(divide-by-zero error and OOPS) by reading TCP stats.\n(bnc#787576)\n\nCVE-2012-6537: net/xfrm/xfrm_user.c in the Linux kernel\nbefore 3.6 does not initialize certain structures, which\nallows local users to obtain sensitive information from\nkernel memory by leveraging the CAP_NET_ADMIN capability.\n(bnc#809889)\n\nCVE-2012-6538: The copy_to_user_auth function in\nnet/xfrm/xfrm_user.c in the Linux kernel before 3.6 uses an\nincorrect C library function for copying a string, which\nallows local users to obtain sensitive information from\nkernel heap memory by leveraging the CAP_NET_ADMIN\ncapability. (bnc#809889)\n\nCVE-2012-6539: The dev_ifconf function in net/socket.c in\nthe Linux kernel before 3.6 does not initialize a certain\nstructure, which allows local users to obtain sensitive\ninformation from kernel stack memory via a crafted\napplication. (bnc#809891)\n\nCVE-2012-6540: The do_ip_vs_get_ctl function in\nnet/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel before\n3.6 does not initialize a certain structure for\nIP_VS_SO_GET_TIMEOUT commands, which allows local users to\nobtain sensitive information from kernel stack memory via a\ncrafted application. (bnc#809892)\n\nCVE-2012-6541: The ccid3_hc_tx_getsockopt function in\nnet/dccp/ccids/ccid3.c in the Linux kernel before 3.6 does\nnot initialize a certain structure, which allows local users\nto obtain sensitive information from kernel stack memory via\na crafted application. (bnc#809893)\n\nCVE-2012-6542: The llc_ui_getname function in\nnet/llc/af_llc.c in the Linux kernel before 3.6 has an\nincorrect return value in certain circumstances, which\nallows local users to obtain sensitive information from\nkernel stack memory via a crafted application that leverages\nan uninitialized pointer argument. (bnc#809894)\n\nCVE-2012-6544: The Bluetooth protocol stack in the Linux\nkernel before 3.6 does not properly initialize certain\nstructures, which allows local users to obtain sensitive\ninformation from kernel stack memory via a crafted\napplication that targets the (1) L2CAP or (2) HCI\nimplementation. (bnc#809898)\n\nCVE-2012-6545: The Bluetooth RFCOMM implementation in the\nLinux kernel before 3.6 does not properly initialize certain\nstructures, which allows local users to obtain sensitive\ninformation from kernel memory via a crafted application.\n(bnc#809899)\n\nCVE-2012-6546: The ATM implementation in the Linux kernel\nbefore 3.6 does not initialize certain structures, which\nallows local users to obtain sensitive information from\nkernel stack memory via a crafted application. (bnc#809900)\n\nCVE-2012-6547: The __tun_chr_ioctl function in\ndrivers/net/tun.c in the Linux kernel before 3.6 does not\ninitialize a certain structure, which allows local users to\nobtain sensitive information from kernel stack memory via a\ncrafted application. (bnc#809901)\n\nCVE-2012-6548: The udf_encode_fh function in fs/udf/namei.c\nin the Linux kernel before 3.6 does not initialize a certain\nstructure member, which allows local users to obtain\nsensitive information from kernel heap memory via a crafted\napplication. (bnc#809902)\n\nCVE-2012-6549: The isofs_export_encode_fh function in\nfs/isofs/export.c in the Linux kernel before 3.6 does not\ninitialize a certain structure member, which allows local\nusers to obtain sensitive information from kernel heap\nmemory via a crafted application. (bnc#809903)\n\nCVE-2013-0160: The Linux kernel through 3.7.9 allows local\nusers to obtain sensitive information about keystroke timing\nby using the inotify API on the /dev/ptmx device.\n(bnc#797175)\n\nCVE-2013-0216: The Xen netback functionality in the Linux\nkernel before 3.7.8 allows guest OS users to cause a denial\nof service (loop) by triggering ring pointer corruption.\n(bnc#800280)(XSA-39)\n\nCVE-2013-0231: The pciback_enable_msi function in the PCI\nbackend driver\n(drivers/xen/pciback/conf_space_capability_msi.c) in Xen for\nthe Linux kernel 2.6.18 and 3.8 allows guest OS users with\nPCI device access to cause a denial of service via a large\nnumber of kernel log messages. NOTE: some of these details\nare obtained from third-party information.\n(bnc#801178)(XSA-43)\n\nCVE-2013-0268: The msr_open function in\narch/x86/kernel/msr.c in the Linux kernel before 3.7.6\nallows local users to bypass intended capability\nrestrictions by executing a crafted application as root, as\ndemonstrated by msr32.c. (bnc#802642)\n\nCVE-2013-0310: The cipso_v4_validate function in\nnet/ipv4/cipso_ipv4.c in the Linux kernel before 3.4.8\nallows local users to cause a denial of service (NULL\npointer dereference and system crash) or possibly have\nunspecified other impact via an IPOPT_CIPSO IP_OPTIONS\nsetsockopt system call. (bnc#804653)\n\nCVE-2013-0343: The ipv6_create_tempaddr function in\nnet/ipv6/addrconf.c in the Linux kernel through 3.8 does not\nproperly handle problems with the generation of IPv6\ntemporary addresses, which allows remote attackers to cause\na denial of service (excessive retries and\naddress-generation outage), and consequently obtain\nsensitive information, via ICMPv6 Router Advertisement (RA)\nmessages. (bnc#805226)\n\nCVE-2013-0349: The hidp_setup_hid function in\nnet/bluetooth/hidp/core.c in the Linux kernel before 3.7.6\ndoes not properly copy a certain name field, which allows\nlocal users to obtain sensitive information from kernel\nmemory by setting a long name and making an HIDPCONNADD\nioctl call. (bnc#805227)\n\nCVE-2013-0871: Race condition in the ptrace functionality in\nthe Linux kernel before 3.7.5 allows local users to gain\nprivileges via a PTRACE_SETREGS ptrace system call in a\ncrafted application, as demonstrated by ptrace_death.\n(bnc#804154)\n\nCVE-2013-0914: The flush_signal_handlers function in\nkernel/signal.c in the Linux kernel before 3.8.4 preserves\nthe value of the sa_restorer field across an exec operation,\nwhich makes it easier for local users to bypass the ASLR\nprotection mechanism via a crafted application containing a\nsigaction system call. (bnc#808827)\n\nCVE-2013-1767: Use-after-free vulnerability in the\nshmem_remount_fs function in mm/shmem.c in the Linux kernel\nbefore 3.7.10 allows local users to gain privileges or cause\na denial of service (system crash) by remounting a tmpfs\nfilesystem without specifying a required mpol (aka\nmempolicy) mount option. (bnc#806138)\n\nCVE-2013-1773: Buffer overflow in the VFAT filesystem\nimplementation in the Linux kernel before 3.3 allows local\nusers to gain privileges or cause a denial of service\n(system crash) via a VFAT write operation on a filesystem\nwith the utf8 mount option, which is not properly handled\nduring UTF-8 to UTF-16 conversion. (bnc#806977)\n\nCVE-2013-1774: The chase_port function in\ndrivers/usb/serial/io_ti.c in the Linux kernel before 3.7.4\nallows local users to cause a denial of service (NULL\npointer dereference and system crash) via an attempted\n/dev/ttyUSB read or write operation on a disconnected\nEdgeport USB serial converter. (bnc#806976)\n\nCVE-2013-1792: Race condition in the install_user_keyrings\nfunction in security/keys/process_keys.c in the Linux kernel\nbefore 3.8.3 allows local users to cause a denial of service\n(NULL pointer dereference and system crash) via crafted\nkeyctl system calls that trigger keyring operations in\nsimultaneous threads. (bnc#808358)\n\nCVE-2013-1796: The kvm_set_msr_common function in\narch/x86/kvm/x86.c in the Linux kernel through 3.8.4 does\nnot ensure a required time_page alignment during an\nMSR_KVM_SYSTEM_TIME operation, which allows guest OS users\nto cause a denial of service (buffer overflow and host OS\nmemory corruption) or possibly have unspecified other impact\nvia a crafted application. (bnc#806980)\n\nCVE-2013-1797: Use-after-free vulnerability in\narch/x86/kvm/x86.c in the Linux kernel through 3.8.4 allows\nguest OS users to cause a denial of service (host OS memory\ncorruption) or possibly have unspecified other impact via a\ncrafted application that triggers use of a guest physical\naddress (GPA) in (1) movable or (2) removable memory during\nan MSR_KVM_SYSTEM_TIME kvm_set_msr_common operation.\n(bnc#806980)\n\nCVE-2013-1798: The ioapic_read_indirect function in\nvirt/kvm/ioapic.c in the Linux kernel through 3.8.4 does not\nproperly handle a certain combination of invalid\nIOAPIC_REG_SELECT and IOAPIC_REG_WINDOW operations, which\nallows guest OS users to obtain sensitive information from\nhost OS memory or cause a denial of service (host OS OOPS)\nvia a crafted application. (bnc#806980)\n\nCVE-2013-1827: net/dccp/ccid.h in the Linux kernel before\n3.5.4 allows local users to gain privileges or cause a\ndenial of service (NULL pointer dereference and system\ncrash) by leveraging the CAP_NET_ADMIN capability for a\ncertain (1) sender or (2) receiver getsockopt call.\n(bnc#811354)\n\nCVE-2013-1928: The do_video_set_spu_palette function in\nfs/compat_ioctl.c in the Linux kernel before 3.6.5 on\nunspecified architectures lacks a certain error check, which\nmight allow local users to obtain sensitive information from\nkernel stack memory via a crafted VIDEO_SET_SPU_PALETTE\nioctl call on a /dev/dvb device. (bnc#813735)\n\nCVE-2013-1943: The KVM subsystem in the Linux kernel before\n3.0 does not check whether kernel addresses are specified\nduring allocation of memory slots for use in a guests\nphysical address space, which allows local users to gain\nprivileges or obtain sensitive information from kernel\nmemory via a crafted application, related to\narch/x86/kvm/paging_tmpl.h and virt/kvm/kvm_main.c.\n(bnc#828012)\n\nCVE-2013-2015: The ext4_orphan_del function in\nfs/ext4/namei.c in the Linux kernel before 3.7.3 does not\nproperly handle orphan-list entries for non-journal\nfilesystems, which allows physically proximate attackers to\ncause a denial of service (system hang) via a crafted\nfilesystem on removable media, as demonstrated by the\ne2fsprogs tests/f_orphan_extents_inode/image.gz test.\n(bnc#817377)\n\nCVE-2013-2141: The do_tkill function in kernel/signal.c in\nthe Linux kernel before 3.8.9 does not initialize a certain\ndata structure, which allows local users to obtain sensitive\ninformation from kernel memory via a crafted application\nthat makes a (1) tkill or (2) tgkill system call.\n(bnc#823267)\n\nCVE-2013-2147: The HP Smart Array controller disk-array\ndriver and Compaq SMART2 controller disk-array driver in the\nLinux kernel through 3.9.4 do not initialize certain data\nstructures, which allows local users to obtain sensitive\ninformation from kernel memory via (1) a crafted\nIDAGETPCIINFO command for a /dev/ida device, related to the\nida_locked_ioctl function in drivers/block/cpqarray.c or (2)\na crafted CCISS_PASSTHRU32 command for a /dev/cciss device,\nrelated to the cciss_ioctl32_passthru function in\ndrivers/block/cciss.c. (bnc#823260)\n\nCVE-2013-2164: The mmc_ioctl_cdrom_read_data function in\ndrivers/cdrom/cdrom.c in the Linux kernel through 3.10\nallows local users to obtain sensitive information from\nkernel memory via a read operation on a malfunctioning\nCD-ROM drive. (bnc#824295)\n\nCVE-2013-2232: The ip6_sk_dst_check function in\nnet/ipv6/ip6_output.c in the Linux kernel before 3.10 allows\nlocal users to cause a denial of service (system crash) by\nusing an AF_INET6 socket for a connection to an IPv4\ninterface. (bnc#827750)\n\nCVE-2013-2234: The (1) key_notify_sa_flush and (2)\nkey_notify_policy_flush functions in net/key/af_key.c in the\nLinux kernel before 3.10 do not initialize certain structure\nmembers, which allows local users to obtain sensitive\ninformation from kernel heap memory by reading a broadcast\nmessage from the notify interface of an IPSec key_socket.\n(bnc#827749)\n\nCVE-2013-2237: The key_notify_policy_flush function in\nnet/key/af_key.c in the Linux kernel before 3.9 does not\ninitialize a certain structure member, which allows local\nusers to obtain sensitive information from kernel heap\nmemory by reading a broadcast message from the notify_policy\ninterface of an IPSec key_socket. (bnc#828119)\n\nCVE-2013-2634: net/dcb/dcbnl.c in the Linux kernel before\n3.8.4 does not initialize certain structures, which allows\nlocal users to obtain sensitive information from kernel\nstack memory via a crafted application. (bnc#810473)\n\nCVE-2013-2851: Format string vulnerability in the\nregister_disk function in block/genhd.c in the Linux kernel\nthrough 3.9.4 allows local users to gain privileges by\nleveraging root access and writing format string specifiers\nto /sys/module/md_mod/parameters/new_array in order to\ncreate a crafted /dev/md device name. (bnc#822575)\n\nCVE-2013-2852: Format string vulnerability in the\nb43_request_firmware function in\ndrivers/net/wireless/b43/main.c in the Broadcom B43 wireless\ndriver in the Linux kernel through 3.9.4 allows local users\nto gain privileges by leveraging root access and including\nformat string specifiers in an fwpostfix modprobe parameter,\nleading to improper construction of an error message.\n(bnc#822579)\n\nCVE-2013-2888: Multiple array index errors in\ndrivers/hid/hid-core.c in the Human Interface Device (HID)\nsubsystem in the Linux kernel through 3.11 allow physically\nproximate attackers to execute arbitrary code or cause a\ndenial of service (heap memory corruption) via a crafted\ndevice that provides an invalid Report ID. (bnc#835839)\n\nCVE-2013-2889: drivers/hid/hid-zpff.c in the Human Interface\nDevice (HID) subsystem in the Linux kernel through 3.11,\nwhen CONFIG_HID_ZEROPLUS is enabled, allows physically\nproximate attackers to cause a denial of service (heap-based\nout-of-bounds write) via a crafted device. (bnc#835839)\n\nCVE-2013-2892: drivers/hid/hid-pl.c in the Human Interface\nDevice (HID) subsystem in the Linux kernel through 3.11,\nwhen CONFIG_HID_PANTHERLORD is enabled, allows physically\nproximate attackers to cause a denial of service (heap-based\nout-of-bounds write) via a crafted device. (bnc#835839)\n\nCVE-2013-2893: The Human Interface Device (HID) subsystem in\nthe Linux kernel through 3.11, when CONFIG_LOGITECH_FF,\nCONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF is enabled,\nallows physically proximate attackers to cause a denial of\nservice (heap-based out-of-bounds write) via a crafted\ndevice, related to (1) drivers/hid/hid-lgff.c, (2)\ndrivers/hid/hid-lg3ff.c, and (3) drivers/hid/hid-lg4ff.c.\n(bnc#835839)\n\nCVE-2013-2897: Multiple array index errors in\ndrivers/hid/hid-multitouch.c in the Human Interface Device\n(HID) subsystem in the Linux kernel through 3.11, when\nCONFIG_HID_MULTITOUCH is enabled, allow physically proximate\nattackers to cause a denial of service (heap memory\ncorruption, or NULL pointer dereference and OOPS) via a\ncrafted device. (bnc#835839)\n\nCVE-2013-2929: The Linux kernel before 3.12.2 does not\nproperly use the get_dumpable function, which allows local\nusers to bypass intended ptrace restrictions or obtain\nsensitive information from IA64 scratch registers via a\ncrafted application, related to kernel/ptrace.c and\narch/ia64/include/asm/processor.h. (bnc#847652)\n\nCVE-2013-3222: The vcc_recvmsg function in net/atm/common.c\nin the Linux kernel before 3.9-rc7 does not initialize a\ncertain length variable, which allows local users to obtain\nsensitive information from kernel stack memory via a crafted\nrecvmsg or recvfrom system call. (bnc#816668)\n\nCVE-2013-3223: The ax25_recvmsg function in\nnet/ax25/af_ax25.c in the Linux kernel before 3.9-rc7 does\nnot initialize a certain data structure, which allows local\nusers to obtain sensitive information from kernel stack\nmemory via a crafted recvmsg or recvfrom system call.\n(bnc#816668)\n\nCVE-2013-3224: The bt_sock_recvmsg function in\nnet/bluetooth/af_bluetooth.c in the Linux kernel before\n3.9-rc7 does not properly initialize a certain length\nvariable, which allows local users to obtain sensitive\ninformation from kernel stack memory via a crafted recvmsg\nor recvfrom system call. (bnc#816668)\n\nCVE-2013-3225: The rfcomm_sock_recvmsg function in\nnet/bluetooth/rfcomm/sock.c in the Linux kernel before\n3.9-rc7 does not initialize a certain length variable, which\nallows local users to obtain sensitive information from\nkernel stack memory via a crafted recvmsg or recvfrom system\ncall. (bnc#816668)\n\nCVE-2013-3228: The irda_recvmsg_dgram function in\nnet/irda/af_irda.c in the Linux kernel before 3.9-rc7 does\nnot initialize a certain length variable, which allows local\nusers to obtain sensitive information from kernel stack\nmemory via a crafted recvmsg or recvfrom system call.\n(bnc#816668)\n\nCVE-2013-3229: The iucv_sock_recvmsg function in\nnet/iucv/af_iucv.c in the Linux kernel before 3.9-rc7 does\nnot initialize a certain length variable, which allows local\nusers to obtain sensitive information from kernel stack\nmemory via a crafted recvmsg or recvfrom system call.\n(bnc#816668)\n\nCVE-2013-3231: The llc_ui_recvmsg function in\nnet/llc/af_llc.c in the Linux kernel before 3.9-rc7 does not\ninitialize a certain length variable, which allows local\nusers to obtain sensitive information from kernel stack\nmemory via a crafted recvmsg or recvfrom system call.\n(bnc#816668)\n\nCVE-2013-3232: The nr_recvmsg function in\nnet/netrom/af_netrom.c in the Linux kernel before 3.9-rc7\ndoes not initialize a certain data structure, which allows\nlocal users to obtain sensitive information from kernel\nstack memory via a crafted recvmsg or recvfrom system call.\n(bnc#816668)\n\nCVE-2013-3234: The rose_recvmsg function in\nnet/rose/af_rose.c in the Linux kernel before 3.9-rc7 does\nnot initialize a certain data structure, which allows local\nusers to obtain sensitive information from kernel stack\nmemory via a crafted recvmsg or recvfrom system call.\n(bnc#816668)\n\nCVE-2013-3235: net/tipc/socket.c in the Linux kernel before\n3.9-rc7 does not initialize a certain data structure and a\ncertain length variable, which allows local users to obtain\nsensitive information from kernel stack memory via a crafted\nrecvmsg or recvfrom system call. (bnc#816668)\n\nCVE-2013-4345: Off-by-one error in the get_prng_bytes\nfunction in crypto/ansi_cprng.c in the Linux kernel through\n3.11.4 makes it easier for context-dependent attackers to\ndefeat cryptographic protection mechanisms via multiple\nrequests for small amounts of data, leading to improper\nmanagement of the state of the consumed data. (bnc#840226)\n\nCVE-2013-4470: The Linux kernel before 3.12, when UDP\nFragmentation Offload (UFO) is enabled, does not properly\ninitialize certain data structures, which allows local users\nto cause a denial of service (memory corruption and system\ncrash) or possibly gain privileges via a crafted application\nthat uses the UDP_CORK option in a setsockopt system call\nand sends both short and long packets, related to the\nip_ufo_append_data function in net/ipv4/ip_output.c and the\nip6_ufo_append_data function in net/ipv6/ip6_output.c.\n(bnc#847672)\n\nCVE-2013-4483: The ipc_rcu_putref function in ipc/util.c in\nthe Linux kernel before 3.10 does not properly manage a\nreference count, which allows local users to cause a denial\nof service (memory consumption or system crash) via a\ncrafted application. (bnc#848321)\n\nCVE-2013-4511: Multiple integer overflows in Alchemy LCD\nframe-buffer drivers in the Linux kernel before 3.12 allow\nlocal users to create a read-write memory mapping for the\nentirety of kernel memory, and consequently gain privileges,\nvia crafted mmap operations, related to the (1)\nau1100fb_fb_mmap function in drivers/video/au1100fb.c and\nthe (2) au1200fb_fb_mmap function in\ndrivers/video/au1200fb.c. (bnc#849021)\n\nCVE-2013-4587: Array index error in the\nkvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in\nthe KVM subsystem in the Linux kernel through 3.12.5 allows\nlocal users to gain privileges via a large id value.\n(bnc#853050)\n\nCVE-2013-4588: Multiple stack-based buffer overflows in\nnet/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel before\n2.6.33, when CONFIG_IP_VS is used, allow local users to gain\nprivileges by leveraging the CAP_NET_ADMIN capability for\n(1) a getsockopt system call, related to the\ndo_ip_vs_get_ctl function, or (2) a setsockopt system call,\nrelated to the do_ip_vs_set_ctl function. (bnc#851095)\n\nCVE-2013-4591: Buffer overflow in the\n__nfs4_get_acl_uncached function in fs/nfs/nfs4proc.c in the\nLinux kernel before 3.7.2 allows local users to cause a\ndenial of service (memory corruption and system crash) or\npossibly have unspecified other impact via a getxattr system\ncall for the system.nfs4_acl extended attribute of a\npathname on an NFSv4 filesystem. (bnc#851103)\n\nCVE-2013-6367: The apic_get_tmcct function in\narch/x86/kvm/lapic.c in the KVM subsystem in the Linux\nkernel through 3.12.5 allows guest OS users to cause a\ndenial of service (divide-by-zero error and host OS crash)\nvia crafted modifications of the TMICT value. (bnc#853051)\n\nCVE-2013-6368: The KVM subsystem in the Linux kernel through\n3.12.5 allows local users to gain privileges or cause a\ndenial of service (system crash) via a VAPIC synchronization\noperation involving a page-end address. (bnc#853052)\n\nCVE-2013-6378: The lbs_debugfs_write function in\ndrivers/net/wireless/libertas/debugfs.c in the Linux kernel\nthrough 3.12.1 allows local users to cause a denial of\nservice (OOPS) by leveraging root privileges for a\nzero-length write operation. (bnc#852559)\n\nCVE-2013-6383: The aac_compat_ioctl function in\ndrivers/scsi/aacraid/linit.c in the Linux kernel before\n3.11.8 does not require the CAP_SYS_RAWIO capability, which\nallows local users to bypass intended access restrictions\nvia a crafted ioctl call. (bnc#852558)\n\nCVE-2014-1444: The fst_get_iface function in\ndrivers/net/wan/farsync.c in the Linux kernel before 3.11.7\ndoes not properly initialize a certain data structure, which\nallows local users to obtain sensitive information from\nkernel memory by leveraging the CAP_NET_ADMIN capability for\nan SIOCWANDEV ioctl call. (bnc#858869)\n\nCVE-2014-1445: The wanxl_ioctl function in\ndrivers/net/wan/wanxl.c in the Linux kernel before 3.11.7\ndoes not properly initialize a certain data structure, which\nallows local users to obtain sensitive information from\nkernel memory via an ioctl call. (bnc#858870)\n\nCVE-2014-1446: The yam_ioctl function in\ndrivers/net/hamradio/yam.c in the Linux kernel before 3.12.8\ndoes not initialize a certain structure member, which allows\nlocal users to obtain sensitive information from kernel\nmemory by leveraging the CAP_NET_ADMIN capability for an\nSIOCYAMGCFG ioctl call. (bnc#858872)\n\nAlso the following non-security bugs have been fixed :\n\n - x86: Clear HPET configuration registers on startup\n (bnc#748896).\n\n - sched: fix divide by zero in task_utime() (bnc#761774).\n\n - sched: Fix pick_next_highest_task_rt() for cgroups\n (bnc#760596).\n\n - mm: hugetlbfs: Close race during teardown of hugetlbfs\n shared page tables.\n\n - mm: hugetlbfs: Correctly detect if page tables have just\n been shared. (Fix bad PMD message displayed while using\n hugetlbfs (bnc#762366)).\n\n - cpumask: Partition_sched_domains takes array of\n cpumask_var_t (bnc#812364).\n\n - cpumask: Simplify sched_rt.c (bnc#812364).\n\n - kabi: protect bind_conflict callback in struct\n inet_connection_sock_af_ops (bnc#823618).\n\n - memcg: fix init_section_page_cgroup pfn alignment\n (bnc#835481).\n\n - tty: fix up atime/mtime mess, take three (bnc#797175).\n\n - tty: fix atime/mtime regression (bnc#815745).\n\n - ptrace: ptrace_resume() should not wake up !TASK_TRACED\n thread (bnc#804154).\n\n - kbuild: Fix gcc -x syntax (bnc#773831).\n\n - ftrace: Disable function tracing during suspend/resume\n and hibernation, again (bnc#768668). proc: fix\n pagemap_read() error case (bnc#787573).\n\n net: Upgrade device features irrespective of mask\n (bnc#715250).\n\n - tcp: bind() fix autoselection to share ports\n (bnc#823618).\n\n - tcp: bind() use stronger condition for bind_conflict\n (bnc#823618).\n\n - tcp: ipv6: bind() use stronger condition for\n bind_conflict (bnc#823618).\n\n - netfilter: use RCU safe kfree for conntrack extensions\n (bnc#827416).\n\n - netfilter: prevent race condition breaking net reference\n counting (bnc#835094).\n\n - netfilter: send ICMPv6 message on fragment reassembly\n timeout (bnc#773577).\n\n - netfilter: fix sending ICMPv6 on netfilter reassembly\n timeout (bnc#773577).\n\n - tcp_cubic: limit delayed_ack ratio to prevent divide\n error (bnc#810045). bonding: in balance-rr mode, set\n curr_active_slave only if it is up (bnc#789648).\n\n scsi: Add 'eh_deadline' to limit SCSI EH runtime\n (bnc#798050).\n\n - scsi: Allow error handling timeout to be specified\n (bnc#798050).\n\n - scsi: Fixup compilation warning (bnc#798050).\n\n - scsi: Retry failfast commands after EH (bnc#798050).\n\n - scsi: Warn on invalid command completion (bnc#798050).\n\n - scsi: Always retry internal target error (bnc#745640,\n bnc#825227).\n\n - scsi: kABI fixes (bnc#798050).\n\n - scsi: remove check for 'resetting' (bnc#798050).\n\n - scsi: Eliminate error handler overload of the SCSI\n serial number (bnc#798050).\n\n - scsi: Reduce error recovery time by reducing use of TURs\n (bnc#798050).\n\n - scsi: Reduce sequential pointer derefs in scsi_error.c\n and reduce size as well (bnc#798050).\n\n - scsi: cleanup setting task state in scsi_error_handler()\n (bnc#798050).\n\n - scsi: fix eh wakeup (scsi_schedule_eh vs\n scsi_restart_operations) (bnc#798050). scsi: fix id\n computation in scsi_eh_target_reset() (bnc#798050).\n\n advansys: Remove 'last_reset' references (bnc#798050).\n\n - dc395: Move 'last_reset' into internal host structure\n (bnc#798050).\n\n - dpt_i2o: Remove DPTI_STATE_IOCTL (bnc#798050).\n\n - dpt_i2o: return SCSI_MLQUEUE_HOST_BUSY when in reset\n (bnc#798050).\n\n - fc class: fix scanning when devs are offline\n (bnc#798050). tmscsim: Move 'last_reset' into host\n structure (bnc#798050).\n\n st: Store page order before driver buffer allocation\n (bnc#769644).\n\n - st: Increase success probability in driver buffer\n allocation (bnc#769644). st: work around broken\n __bio_add_page logic (bnc#769644).\n\n avoid race by ignoring flush_time in cache_check\n (bnc#814363).\n\n writeback: remove the internal 5% low bound on\n dirty_ratio\n\n - writeback: skip balance_dirty_pages() for in-memory fs\n (Do not dirty throttle ram-based filesystems\n (bnc#840858)). writeback: Do not sync data dirtied after\n sync start (bnc#833820).\n\n blkdev_max_block: make private to fs/buffer.c\n (bnc#820338).\n\n - vfs: avoid 'attempt to access beyond end of device'\n warnings (bnc#820338). vfs: fix O_DIRECT read past end\n of block device (bnc#820338).\n\n lib/radix-tree.c: make radix_tree_node_alloc() work\n correctly within interrupt (bnc#763463).\n\n xfs: allow writeback from kswapd (bnc#826707).\n\n - xfs: skip writeback from reclaim context (bnc#826707).\n\n - xfs: Serialize file-extending direct IO (bnc#818371).\n\n - xfs: Avoid pathological backwards allocation\n (bnc#805945). xfs: fix inode lookup race (bnc#763463).\n\n cifs: clarify the meaning of tcpStatus == CifsGood\n (bnc#776024).\n\n cifs: do not allow cifs_reconnect to exit with NULL\n socket pointer (bnc#776024).\n\n ocfs2: Add a missing journal credit in\n ocfs2_link_credits() -v2 (bnc#773320).\n\n usb: Fix deadlock in hid_reset when Dell iDRAC is reset\n (bnc#814716).\n\n usb: xhci: Fix command completion after a drop endpoint\n (bnc#807320).\n\n netiucv: Hold rtnl between name allocation and device\n registration (bnc#824159).\n\n rwsem: Test for no active locks in __rwsem_do_wake undo\n code (bnc#813276).\n\n nfs: NFSv3/v2: Fix data corruption with NFS short reads\n (bnc#818337).\n\n - nfs: Allow sec=none mounts in certain cases\n (bnc#795354).\n\n - nfs: Make nfsiod a multi-thread queue (bnc#815352).\n\n - nfs: increase number of permitted callback connections\n (bnc#771706).\n\n - nfs: Fix Oops in nfs_lookup_revalidate (bnc#780008).\n\n - nfs: do not allow TASK_KILLABLE sleeps to block the\n freezer (bnc#775182). nfs: Avoid race in d_splice_alias\n and vfs_rmdir (bnc#845028).\n\n svcrpc: take lock on turning entry NEGATIVE in\n cache_check (bnc#803320).\n\n - svcrpc: ensure cache_check caller sees updated entry\n (bnc#803320).\n\n - sunrpc/cache: remove races with queuing an upcall\n (bnc#803320).\n\n - sunrpc/cache: use cache_fresh_unlocked consistently and\n correctly (bnc#803320).\n\n - sunrpc/cache: ensure items removed from cache do not\n have pending upcalls (bnc#803320).\n\n - sunrpc/cache: do not schedule update on cache item that\n has been replaced (bnc#803320). sunrpc/cache: fix test\n in try_to_negate (bnc#803320).\n\n xenbus: fix overflow check in xenbus_dev_write().\n\n - x86: do not corrupt %eip when returning from a signal\n handler.\n\n - scsiback/usbback: move cond_resched() invocations to\n proper place. netback: fix netbk_count_requests().\n\n dm: add dm_deleting_md function (bnc#785016).\n\n - dm: bind new table before destroying old (bnc#785016).\n\n - dm: keep old table until after resume succeeded\n (bnc#785016). dm: rename dm_get_table to\n dm_get_live_table (bnc#785016).\n\n drm/edid: Fix up partially corrupted headers\n (bnc#780004).\n\n drm/edid: Retry EDID fetch up to four times\n (bnc#780004).\n\n i2c-algo-bit: Fix spurious SCL timeouts under heavy load\n (bnc#780004).\n\n hpilo: remove pci_disable_device (bnc#752544).\n\n mptsas: handle 'Initializing Command Required' ASCQ\n (bnc#782178).\n\n mpt2sas: Fix race on shutdown (bnc#856917).\n\n ipmi: decrease the IPMI message transaction time in\n interrupt mode (bnc#763654).\n\n - ipmi: simplify locking (bnc#763654). ipmi: use a tasklet\n for handling received messages (bnc#763654).\n\n bnx2x: bug fix when loading after SAN boot (bnc#714906).\n\n bnx2x: previous driver unload revised (bnc#714906).\n\n ixgbe: Address fact that RSC was not setting GSO size\n for incoming frames (bnc#776144).\n\n ixgbe: pull PSRTYPE configuration into a separate\n function (bnc#780572 bnc#773640 bnc#776144).\n\n e1000e: clear REQ and GNT in EECD (82571 && 82572)\n (bnc#762099).\n\n hpsa: do not attempt to read from a write-only register\n (bnc#777473).\n\n aio: Fixup kABI for the aio-implement-request-batching\n patch (bnc#772849).\n\n - aio: bump i_count instead of using igrab (bnc#772849).\n aio: implement request batching (bnc#772849).\n\n Driver core: Do not remove kobjects in device_shutdown\n (bnc#771992).\n\n resources: fix call to alignf() in allocate_resource()\n (bnc#744955).\n\n - resources: when allocate_resource() fails, leave\n resource untouched (bnc#744955).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://download.novell.com/patch/finder/?keywords=36a4c03a7a6e23326bdc75867718c3f5\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?499ef588\"\n );\n # http://download.novell.com/patch/finder/?keywords=78a90ce26186ad3c08d3168f7c56498f\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6524481b\"\n );\n # http://download.novell.com/patch/finder/?keywords=92db776383896ad395b93d570e1b0440\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c3b1d361\"\n );\n # http://download.novell.com/patch/finder/?keywords=c00b87e84b1ec845f992a53432644809\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3327c148\"\n );\n # http://download.novell.com/patch/finder/?keywords=cebd648c35a6ff05d60a592debc063f7\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?85cb8767\"\n );\n # http://download.novell.com/patch/finder/?keywords=f67e971841459d6799882fcccab88393\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7458efe4\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1083.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-3593.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1601.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-2137.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-2372.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-2745.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-3375.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-3412.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-3430.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-3511.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-4444.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-4530.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-4565.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-6537.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-6538.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-6539.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-6540.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-6541.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-6542.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-6544.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-6545.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-6546.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-6547.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-6548.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-6549.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-0160.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-0216.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-0231.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-0268.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-0310.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-0343.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-0349.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-0871.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-0914.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1767.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1773.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1774.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1792.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1796.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1797.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1798.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1827.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1928.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1943.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2015.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2141.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2147.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2164.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2232.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2234.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2237.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2634.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2851.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2852.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2888.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2889.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2892.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2893.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2897.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2929.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-3222.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-3223.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-3224.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-3225.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-3228.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-3229.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-3231.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-3232.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-3234.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-3235.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-4345.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-4470.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-4483.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-4511.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-4587.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-4588.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-4591.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-6367.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-6368.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-6378.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-6383.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-1444.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-1445.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-1446.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/714906\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/715250\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/735347\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/744955\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/745640\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/748896\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/752544\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/754898\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/760596\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/761774\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/762099\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/762366\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/763463\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/763654\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/767610\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/767612\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/768668\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/769644\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/769896\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/770695\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/771706\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/771992\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/772849\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/773320\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/773383\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/773577\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/773640\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/773831\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/774523\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/775182\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/776024\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/776144\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/776885\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/777473\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/780004\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/780008\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/780572\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/782178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/785016\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/786013\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/787573\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/787576\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/789648\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/789831\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/795354\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/797175\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/798050\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/800280\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/801178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/802642\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/803320\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/804154\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/804653\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/805226\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/805227\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/805945\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/806138\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/806976\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/806977\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/806980\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/807320\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/808358\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/808827\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/809889\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/809891\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/809892\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/809893\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/809894\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/809898\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/809899\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/809900\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/809901\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/809902\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/809903\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/810045\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/810473\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/811354\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/812364\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/813276\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/813735\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/814363\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/814716\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/815352\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/815745\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/816668\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/817377\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/818337\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/818371\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/820338\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/822575\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/822579\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/823260\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/823267\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/823618\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/824159\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/824295\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/825227\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/826707\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/827416\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/827749\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/827750\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/828012\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/828119\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/833820\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/835094\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/835481\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/835839\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/840226\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/840858\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/845028\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/847652\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/847672\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/848321\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/849021\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/851095\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/851103\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/852558\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/852559\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/853050\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/853051\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/853052\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/856917\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/858869\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/858870\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/858872\"\n );\n # https://www.suse.com/support/update/announcement/2014/suse-su-20140287-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3c7c0d67\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11 SP1 LTSS :\n\nzypper in -t patch slessp1-kernel-8847 slessp1-kernel-8848\nslessp1-kernel-8849\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:btrfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:btrfs-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:btrfs-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ext4dev-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ext4dev-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ext4dev-kmp-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ext4dev-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:hyper-v-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:hyper-v-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:hyper-v-kmp-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = eregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! ereg(pattern:\"^1$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"x86_64\", reference:\"btrfs-kmp-xen-0_2.6.32.59_0.9-0.3.151\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"x86_64\", reference:\"ext4dev-kmp-xen-0_2.6.32.59_0.9-7.9.118\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"x86_64\", reference:\"hyper-v-kmp-default-0_2.6.32.59_0.9-0.18.37\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"x86_64\", reference:\"hyper-v-kmp-trace-0_2.6.32.59_0.9-0.18.37\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-ec2-2.6.32.59-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-ec2-base-2.6.32.59-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-ec2-devel-2.6.32.59-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-2.6.32.59-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-base-2.6.32.59-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-devel-2.6.32.59-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"x86_64\", reference:\"btrfs-kmp-pae-0_2.6.32.59_0.9-0.3.151\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"x86_64\", reference:\"ext4dev-kmp-pae-0_2.6.32.59_0.9-7.9.118\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"x86_64\", reference:\"hyper-v-kmp-pae-0_2.6.32.59_0.9-0.18.37\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-pae-2.6.32.59-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-pae-base-2.6.32.59-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-pae-devel-2.6.32.59-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-default-man-2.6.32.59-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"btrfs-kmp-default-0_2.6.32.59_0.9-0.3.151\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"ext4dev-kmp-default-0_2.6.32.59_0.9-7.9.118\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"ext4dev-kmp-trace-0_2.6.32.59_0.9-7.9.118\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"kernel-default-2.6.32.59-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"kernel-default-base-2.6.32.59-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"kernel-default-devel-2.6.32.59-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"kernel-source-2.6.32.59-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"kernel-syms-2.6.32.59-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"kernel-trace-2.6.32.59-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"kernel-trace-base-2.6.32.59-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"kernel-trace-devel-2.6.32.59-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"i586\", reference:\"btrfs-kmp-xen-0_2.6.32.59_0.9-0.3.151\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"i586\", reference:\"ext4dev-kmp-xen-0_2.6.32.59_0.9-7.9.118\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"i586\", reference:\"hyper-v-kmp-default-0_2.6.32.59_0.9-0.18.37\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"i586\", reference:\"hyper-v-kmp-trace-0_2.6.32.59_0.9-0.18.37\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"i586\", reference:\"kernel-ec2-2.6.32.59-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"i586\", reference:\"kernel-ec2-base-2.6.32.59-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"i586\", reference:\"kernel-ec2-devel-2.6.32.59-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"i586\", reference:\"kernel-xen-2.6.32.59-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"i586\", reference:\"kernel-xen-base-2.6.32.59-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"i586\", reference:\"kernel-xen-devel-2.6.32.59-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"i586\", reference:\"btrfs-kmp-pae-0_2.6.32.59_0.9-0.3.151\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"i586\", reference:\"ext4dev-kmp-pae-0_2.6.32.59_0.9-7.9.118\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"i586\", reference:\"hyper-v-kmp-pae-0_2.6.32.59_0.9-0.18.37\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"i586\", reference:\"kernel-pae-2.6.32.59-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"i586\", reference:\"kernel-pae-base-2.6.32.59-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"i586\", reference:\"kernel-pae-devel-2.6.32.59-0.9.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "ubuntucve": [{"lastseen": "2021-11-22T21:55:05", "description": "The copy_creds function in kernel/cred.c in the Linux kernel before 3.3.2\nprovides an invalid replacement session keyring to a child process, which\nallows local users to cause a denial of service (panic) via a crafted\napplication that uses the fork system call.\n\n#### Bugs\n\n * <https://launchpad.net/bugs/1023535>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | linux-armadaxp is maintained by OEM\n", "cvss3": {}, "published": "2012-08-09T00:00:00", "type": "ubuntucve", "title": "CVE-2012-2745", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.7, "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2745"], "modified": "2012-08-09T00:00:00", "id": "UB:CVE-2012-2745", "href": "https://ubuntu.com/security/CVE-2012-2745", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C"}}], "redhat": [{"lastseen": "2021-10-19T18:40:21", "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues:\n\n* A NULL pointer dereference flaw was found in the nf_ct_frag6_reasm()\nfunction in the Linux kernel's netfilter IPv6 connection tracking\nimplementation. A remote attacker could use this flaw to send\nspecially-crafted packets to a target system that is using IPv6 and also\nhas the nf_conntrack_ipv6 kernel module loaded, causing it to crash.\n(CVE-2012-2744, Important)\n\n* A flaw was found in the way the Linux kernel's key management facility\nhandled replacement session keyrings on process forks. A local,\nunprivileged user could use this flaw to cause a denial of service.\n(CVE-2012-2745, Moderate)\n\nRed Hat would like to thank an anonymous contributor working with the\nBeyond Security SecuriTeam Secure Disclosure program for reporting\nCVE-2012-2744.\n\nThis update also fixes the following bugs:\n\n* Previously introduced firmware files required for new Realtek chipsets\ncontained an invalid prefix (\"rtl_nic_\") in the file names, for example\n\"/lib/firmware/rtl_nic/rtl_nic_rtl8168d-1.fw\". This update corrects these\nfile names. For example, the aforementioned file is now correctly named\n\"/lib/firmware/rtl_nic/rtl8168d-1.fw\". (BZ#832359)\n\n* This update blacklists the ADMA428M revision of the 2GB ATA Flash Disk\ndevice. This is due to data corruption occurring on the said device when\nthe Ultra-DMA 66 transfer mode is used. When the\n\"libata.force=5:pio0,6:pio0\" kernel parameter is set, the aforementioned\ndevice works as expected. (BZ#832363)\n\n* On Red Hat Enterprise Linux 6, mounting an NFS export from a Windows 2012\nserver failed due to the fact that the Windows server contains support for\nthe minor version 1 (v4.1) of the NFS version 4 protocol only, along with\nsupport for versions 2 and 3. The lack of the minor version 0 (v4.0)\nsupport caused Red Hat Enterprise Linux 6 clients to fail instead of\nrolling back to version 3 as expected. This update fixes this bug and\nmounting an NFS export works as expected. (BZ#832365)\n\n* On ext4 file systems, when fallocate() failed to allocate blocks due to\nthe ENOSPC condition (no space left on device) for a file larger than 4 GB,\nthe size of the file became corrupted and, consequently, caused file system\ncorruption. This was due to a missing cast operator in the\n\"ext4_fallocate()\" function. With this update, the underlying source code\nhas been modified to address this issue, and file system corruption no\nlonger occurs. (BZ#833034)\n\nUsers should upgrade to these updated packages, which contain backported\npatches to correct these issues. The system must be rebooted for this\nupdate to take effect.\n", "cvss3": {}, "published": "2012-07-10T00:00:00", "type": "redhat", "title": "(RHSA-2012:1064) Important: kernel security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2744", "CVE-2012-2745"], "modified": "2018-06-06T16:24:16", "id": "RHSA-2012:1064", "href": "https://access.redhat.com/errata/RHSA-2012:1064", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:37:58", "description": "[2.6.32-279.1.1.el6]\n- [kernel] Prevent keyctl new_session from causing a panic (David Howells) [833433 827424] {CVE-2012-2745}\n- [net] ipv6/netfilter: fix null pointer dereference in nf_ct_frag6_reasm() (Petr Matousek) [833410 833412] {CVE-2012-2744}\n- [fs] nfs: Map minor mismatch error to protocol not support error (Steve Dickson) [832365 796352]\n- [fs] ext4: Fix overflow caused by missing cast in ext4_fallocate() (Lukas Czerner) [833034 830209]\n- [ata] libata: Add 2GB ATA Flash Disk/ADMA428M to DMA blacklist (Prarit Bhargava) [832363 812904]\n- [netdrv] r8169: fix typo in firmware filenames (Ivan Vecera) [832359 829211]", "cvss3": {}, "published": "2012-07-10T00:00:00", "type": "oraclelinux", "title": "kernel security and bug fix update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2012-2745", "CVE-2012-2744"], "modified": "2012-07-10T00:00:00", "id": "ELSA-2012-1064", "href": "http://linux.oracle.com/errata/ELSA-2012-1064.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:35:16", "description": "[2.6.39-200.29.2]\r\n- epoll: clear the tfile_check_list on -ELOOP (Joe Jin) {CVE-2012-3375}\r\n- Don't limit non-nested epoll paths (Jason Baron)\r\n- epoll: kabi fixups for epoll limit wakeup paths (Joe Jin) {CVE-2011-1083}\r\n- epoll: limit paths (Jason Baron) {CVE-2011-1083}\r\n- cred: copy_process() should clear child->replacement_session_keyring (Oleg\r\n Nesterov) {CVE-2012-2745}", "cvss3": {}, "published": "2012-07-16T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel Security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2011-1083", "CVE-2012-2745", "CVE-2012-3375"], "modified": "2012-07-16T00:00:00", "id": "ELSA-2012-2025", "href": "http://linux.oracle.com/errata/ELSA-2012-2025.html", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:39:31", "description": "[2.6.32-300.29.2]\n- epoll: epoll_wait() should not use timespec_add_ns() (Eric Dumazet)\n- epoll: clear the tfile_check_list on -ELOOP (Joe Jin) {CVE-2012-3375}\n- Don't limit non-nested epoll paths (Jason Baron)\n- epoll: kabi fixups for epoll limit wakeup paths (Joe Jin) {CVE-2011-1083}\n- epoll: limit paths (Jason Baron) {CVE-2011-1083}\n- eventpoll: fix comment typo 'evenpoll' (Paul Bolle)\n- epoll: fix compiler warning and optimize the non-blocking path (Shawn Bohrer)\n- epoll: move ready event check into proper inline (Davide Libenzi)\n- epoll: make epoll_wait() use the hrtimer range feature (Shawn Bohrer)\n- select: rename estimate_accuracy() to select_estimate_accuracy() (Andrew Morton)\n- cred: copy_process() should clear child->replacement_session_keyring (Oleg\n Nesterov) {CVE-2012-2745}", "cvss3": {}, "published": "2012-07-17T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel Security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2011-1083", "CVE-2012-2745", "CVE-2012-3375"], "modified": "2012-07-17T00:00:00", "id": "ELSA-2012-2026", "href": "http://linux.oracle.com/errata/ELSA-2012-2026.html", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}], "centos": [{"lastseen": "2022-02-27T11:55:31", "description": "**CentOS Errata and Security Advisory** CESA-2012:1064\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues:\n\n* A NULL pointer dereference flaw was found in the nf_ct_frag6_reasm()\nfunction in the Linux kernel's netfilter IPv6 connection tracking\nimplementation. A remote attacker could use this flaw to send\nspecially-crafted packets to a target system that is using IPv6 and also\nhas the nf_conntrack_ipv6 kernel module loaded, causing it to crash.\n(CVE-2012-2744, Important)\n\n* A flaw was found in the way the Linux kernel's key management facility\nhandled replacement session keyrings on process forks. A local,\nunprivileged user could use this flaw to cause a denial of service.\n(CVE-2012-2745, Moderate)\n\nRed Hat would like to thank an anonymous contributor working with the\nBeyond Security SecuriTeam Secure Disclosure program for reporting\nCVE-2012-2744.\n\nThis update also fixes the following bugs:\n\n* Previously introduced firmware files required for new Realtek chipsets\ncontained an invalid prefix (\"rtl_nic_\") in the file names, for example\n\"/lib/firmware/rtl_nic/rtl_nic_rtl8168d-1.fw\". This update corrects these\nfile names. For example, the aforementioned file is now correctly named\n\"/lib/firmware/rtl_nic/rtl8168d-1.fw\". (BZ#832359)\n\n* This update blacklists the ADMA428M revision of the 2GB ATA Flash Disk\ndevice. This is due to data corruption occurring on the said device when\nthe Ultra-DMA 66 transfer mode is used. When the\n\"libata.force=5:pio0,6:pio0\" kernel parameter is set, the aforementioned\ndevice works as expected. (BZ#832363)\n\n* On Red Hat Enterprise Linux 6, mounting an NFS export from a Windows 2012\nserver failed due to the fact that the Windows server contains support for\nthe minor version 1 (v4.1) of the NFS version 4 protocol only, along with\nsupport for versions 2 and 3. The lack of the minor version 0 (v4.0)\nsupport caused Red Hat Enterprise Linux 6 clients to fail instead of\nrolling back to version 3 as expected. This update fixes this bug and\nmounting an NFS export works as expected. (BZ#832365)\n\n* On ext4 file systems, when fallocate() failed to allocate blocks due to\nthe ENOSPC condition (no space left on device) for a file larger than 4 GB,\nthe size of the file became corrupted and, consequently, caused file system\ncorruption. This was due to a missing cast operator in the\n\"ext4_fallocate()\" function. With this update, the underlying source code\nhas been modified to address this issue, and file system corruption no\nlonger occurs. (BZ#833034)\n\nUsers should upgrade to these updated packages, which contain backported\npatches to correct these issues. The system must be rebooted for this\nupdate to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2012-July/055650.html\n\n**Affected packages:**\nkernel\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-firmware\nkernel-headers\nperf\npython-perf\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2012:1064", "cvss3": {}, "published": "2012-07-10T17:40:45", "type": "centos", "title": "kernel, perf, python security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2744", "CVE-2012-2745"], "modified": "2012-07-10T17:40:45", "id": "CESA-2012:1064", "href": "https://lists.centos.org/pipermail/centos-announce/2012-July/055650.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:45", "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-1567-1\r\nSeptember 14, 2012\r\n\r\nlinux vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 11.04\r\n\r\nSummary:\r\n\r\nSeveral security issues were fixed in the kernel.\r\n\r\nSoftware Description:\r\n- linux: Linux kernel\r\n\r\nDetails:\r\n\r\nA flaw was found in how the Linux kernel passed the replacement session\r\nkeyring to a child process. An unprivileged local user could exploit this\r\nflaw to cause a denial of service (panic). (CVE-2012-2745)\r\n\r\nBen Hutchings reported a flaw in the Linux kernel with some network drivers\r\nthat support TSO (TCP segment offload). A local or peer user could exploit\r\nthis flaw to to cause a denial of service. (CVE-2012-3412)\r\n\r\nJay Fenlason and Doug Ledford discovered a bug in the Linux kernel\r\nimplementation of RDS sockets. A local unprivileged user could potentially\r\nuse this flaw to read privileged information from the kernel.\r\n(CVE-2012-3430)\r\n\r\nA flaw was discovered in the madvise feature of the Linux kernel's memory\r\nsubsystem. An unprivileged local use could exploit the flaw to cause a\r\ndenial of service (crash the system). (CVE-2012-3511)\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 11.04:\r\n linux-image-2.6.38-16-generic 2.6.38-16.67\r\n linux-image-2.6.38-16-generic-pae 2.6.38-16.67\r\n linux-image-2.6.38-16-omap 2.6.38-16.67\r\n linux-image-2.6.38-16-powerpc 2.6.38-16.67\r\n linux-image-2.6.38-16-powerpc-smp 2.6.38-16.67\r\n linux-image-2.6.38-16-powerpc64-smp 2.6.38-16.67\r\n linux-image-2.6.38-16-server 2.6.38-16.67\r\n linux-image-2.6.38-16-versatile 2.6.38-16.67\r\n linux-image-2.6.38-16-virtual 2.6.38-16.67\r\n\r\nAfter a standard system update you need to reboot your computer to make\r\nall the necessary changes.\r\n\r\nATTENTION: Due to an unavoidable ABI change the kernel updates have\r\nbeen given a new version number, which requires you to recompile and\r\nreinstall all third party kernel modules you might have installed. If\r\nyou use linux-restricted-modules, you have to update that package as\r\nwell to get modules which work with the new kernel version. Unless you\r\nmanually uninstalled the standard kernel metapackages (e.g. linux-generic,\r\nlinux-server, linux-powerpc), a standard system upgrade will automatically\r\nperform this as well.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-1567-1\r\n CVE-2012-2745, CVE-2012-3412, CVE-2012-3430, CVE-2012-3511\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/linux/2.6.38-16.67\r\n\r\n\r\nAttached Message Part\r\n\r\n\r\n\r\n-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n", "edition": 1, "cvss3": {}, "published": "2012-09-18T00:00:00", "title": "[USN-1567-1] Linux kernel vulnerabilities", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2012-3511", "CVE-2012-2745", "CVE-2012-3412", "CVE-2012-3430"], "modified": "2012-09-18T00:00:00", "id": "SECURITYVULNS:DOC:28560", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28560", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:48", "description": "DoS conditions, information leakage.", "edition": 1, "cvss3": {}, "published": "2012-09-18T00:00:00", "title": "Linux kernel multiple security vulnerabilities", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2012-3511", "CVE-2012-2745", "CVE-2012-3412", "CVE-2012-3430"], "modified": "2012-09-18T00:00:00", "id": "SECURITYVULNS:VULN:12587", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12587", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "suse": [{"lastseen": "2016-09-04T11:43:03", "description": "The Linux kernel was updated to fix various bugs and\n security issues:\n\n CVE-2013-0871: Race condition in the ptrace functionality\n in the Linux kernel allowed local users to gain privileges\n via a PTRACE_SETREGS ptrace system call in a crafted\n application, as demonstrated by ptrace_death.\n\n CVE-2013-0160: Avoid a side channel attack on /dev/ptmx\n (keyboard input timing).\n\n CVE-2012-5374: Fixed a local denial of service in the BTRFS\n hashing code.\n\n CVE-2013-0309: arch/x86/include/asm/pgtable.h in the Linux\n kernel, when transparent huge pages are used, does not\n properly support PROT_NONE memory regions, which allows\n local users to cause a denial of service (system crash) via\n a crafted application.\n\n CVE-2013-0268: The msr_open function in\n arch/x86/kernel/msr.c in the Linux kernel allowed local\n users to bypass intended capability restrictions by\n executing a crafted application as root, as demonstrated by\n msr32.c.\n\n CVE-2012-0957: The override_release function in\n kernel/sys.c in the Linux kernel allowed local users to\n obtain sensitive information from kernel stack memory via a\n uname system call in conjunction with a UNAME26 personality.\n\n CVE-2013-0216: The Xen netback functionality in the Linux\n kernel allowed guest OS users to cause a denial of service\n (loop) by triggering ring pointer corruption.\n\n CVE-2013-0231: The pciback_enable_msi function in the PCI\n backend driver\n (drivers/xen/pciback/conf_space_capability_msi.c) in Xen\n for the Linux kernel allowed guest OS users with PCI device\n access to cause a denial of service via a large number of\n kernel log messages. NOTE: some of these details are\n obtained from third party information.\n\n CVE-2012-4530: The load_script function in\n fs/binfmt_script.c in the Linux kernel did not properly\n handle recursion, which allowed local users to obtain\n sensitive information from kernel stack memory via a\n crafted application.\n\n CVE-2012-4508: Race condition in fs/ext4/extents.c in the\n Linux kernel allowed local users to obtain sensitive\n information from a deleted file by reading an extent that\n was not properly marked as uninitialized.\n\n CVE-2012-3412: The sfc (aka Solarflare Solarstorm) driver\n in the Linux kernel allowed remote attackers to cause a\n denial of service (DMA descriptor consumption and\n network-controller outage) via crafted TCP packets that\n trigger a small MSS value.\n\n CVE-2012-2745: The copy_creds function in kernel/cred.c in\n the Linux kernel provided an invalid replacement session\n keyring to a child process, which allowed local users to\n cause a denial of service (panic) via a crafted application\n that uses the fork system call.\n\n CVE-2012-3375: The epoll_ctl system call in fs/eventpoll.c\n in the Linux kernel did not properly handle ELOOP errors in\n EPOLL_CTL_ADD operations, which allowed local users to\n cause a denial of service (file-descriptor consumption and\n system crash) via a crafted application that attempts to\n create a circular epoll dependency.\n\n CVE-2012-3400: Heap-based buffer overflow in the\n udf_load_logicalvol function in fs/udf/super.c in the Linux\n kernel allowed remote attackers to cause a denial of\n service (system crash) or possibly have unspecified other\n impact via a crafted UDF filesystem.\n\n", "cvss3": {}, "published": "2013-03-05T18:04:24", "type": "suse", "title": "kernel: security and bugfix update (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2013-0871", "CVE-2012-4508", "CVE-2013-0268", "CVE-2013-0160", "CVE-2012-0957", "CVE-2012-2745", "CVE-2013-0231", "CVE-2012-3412", "CVE-2012-4530", "CVE-2013-0216", "CVE-2012-3400", "CVE-2012-3375", "CVE-2013-0309", "CVE-2012-5374"], "modified": "2013-03-05T18:04:24", "id": "OPENSUSE-SU-2013:0396-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00005.html", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}]}
