Check for the Version of kernel
###############################################################################
# OpenVAS Vulnerability Test
#
# RedHat Update for kernel RHSA-2011:0498-01
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
include("revisions-lib.inc");
tag_insight = "The kernel packages contain the Linux kernel, the core of any Linux
operating system.
Security fixes:
* An integer overflow flaw in ib_uverbs_poll_cq() could allow a local,
unprivileged user to cause a denial of service or escalate their
privileges. (CVE-2010-4649, Important)
* An integer signedness flaw in drm_modeset_ctl() could allow a local,
unprivileged user to cause a denial of service or escalate their
privileges. (CVE-2011-1013, Important)
* The Radeon GPU drivers in the Linux kernel were missing sanity checks for
the Anti Aliasing (AA) resolve register values which could allow a local,
unprivileged user to cause a denial of service or escalate their privileges
on systems using a graphics card from the ATI Radeon R300, R400, or R500
family of cards. (CVE-2011-1016, Important)
* A flaw in dccp_rcv_state_process() could allow a remote attacker to
cause a denial of service, even when the socket was already closed.
(CVE-2011-1093, Important)
* A flaw in the Linux kernel's Stream Control Transmission Protocol (SCTP)
implementation could allow a remote attacker to cause a denial of service
if the sysctl "net.sctp.addip_enable" and "auth_enable" variables were
turned on (they are off by default). (CVE-2011-1573, Important)
* A memory leak in the inotify_init() system call. In some cases, it could
leak a group, which could allow a local, unprivileged user to eventually
cause a denial of service. (CVE-2010-4250, Moderate)
* A missing validation of a null-terminated string data structure element
in bnep_sock_ioctl() could allow a local user to cause an information leak
or a denial of service. (CVE-2011-1079, Moderate)
* An information leak in bcm_connect() in the Controller Area Network (CAN)
Broadcast Manager implementation could allow a local, unprivileged user to
leak kernel mode addresses in "/proc/net/can-bcm". (CVE-2010-4565, Low)
* A flaw was found in the Linux kernel's Integrity Measurement Architecture
(IMA) implementation. When SELinux was disabled, adding an IMA rule which
was supposed to be processed by SELinux would cause ima_match_rules() to
always succeed, ignoring any remaining rules. (CVE-2011-0006, Low)
* A missing initialization flaw in the XFS file system implementation could
lead to an information leak. (CVE-2011-0711, Low)
* Buffer overflow flaws in snd_usb_caiaq_audio_init() and
snd_usb_caiaq_midi_init() could allow a l ...
Description truncated, for more information please check the Reference URL";
tag_affected = "kernel on Red Hat Enterprise Linux Desktop (v. 6),
Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Workstation (v. 6)";
tag_solution = "Please Install the Updated Packages.";
if(description)
{
script_xref(name : "URL" , value : "https://www.redhat.com/archives/rhsa-announce/2011-May/msg00008.html");
script_id(870632);
script_version("$Revision: 8253 $");
script_tag(name:"last_modification", value:"$Date: 2017-12-28 07:29:51 +0100 (Thu, 28 Dec 2017) $");
script_tag(name:"creation_date", value:"2012-06-06 10:37:21 +0530 (Wed, 06 Jun 2012)");
script_cve_id("CVE-2010-4250", "CVE-2010-4565", "CVE-2010-4649", "CVE-2011-0006",
"CVE-2011-0711", "CVE-2011-0712", "CVE-2011-0726", "CVE-2011-1013",
"CVE-2011-1016", "CVE-2011-1019", "CVE-2011-1044", "CVE-2011-1079",
"CVE-2011-1080", "CVE-2011-1093", "CVE-2011-1573");
script_tag(name:"cvss_base", value:"7.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:C");
script_xref(name: "RHSA", value: "2011:0498-01");
script_name("RedHat Update for kernel RHSA-2011:0498-01");
script_tag(name: "summary" , value: "Check for the Version of kernel");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
script_family("Red Hat Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/rhel", "ssh/login/rpms");
script_tag(name : "affected" , value : tag_affected);
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "insight" , value : tag_insight);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("pkg-lib-rpm.inc");
release = get_kb_item("ssh/login/release");
res = "";
if(release == NULL){
exit(0);
}
if(release == "RHENT_6")
{
if ((res = isrpmvuln(pkg:"kernel", rpm:"kernel~2.6.32~71.29.1.el6", rls:"RHENT_6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"kernel-debug", rpm:"kernel-debug~2.6.32~71.29.1.el6", rls:"RHENT_6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"kernel-debug-debuginfo", rpm:"kernel-debug-debuginfo~2.6.32~71.29.1.el6", rls:"RHENT_6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"kernel-debug-devel", rpm:"kernel-debug-devel~2.6.32~71.29.1.el6", rls:"RHENT_6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"kernel-debuginfo", rpm:"kernel-debuginfo~2.6.32~71.29.1.el6", rls:"RHENT_6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"kernel-debuginfo-common-i686", rpm:"kernel-debuginfo-common-i686~2.6.32~71.29.1.el6", rls:"RHENT_6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"kernel-devel", rpm:"kernel-devel~2.6.32~71.29.1.el6", rls:"RHENT_6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"kernel-headers", rpm:"kernel-headers~2.6.32~71.29.1.el6", rls:"RHENT_6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"kernel-doc", rpm:"kernel-doc~2.6.32~71.29.1.el6", rls:"RHENT_6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"kernel-firmware", rpm:"kernel-firmware~2.6.32~71.29.1.el6", rls:"RHENT_6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"perf", rpm:"perf~2.6.32~71.29.1.el6", rls:"RHENT_6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"kernel-debuginfo-common-x86_64", rpm:"kernel-debuginfo-common-x86_64~2.6.32~71.29.1.el6", rls:"RHENT_6")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}