kernel security, bug fix, and enhancement update

2011-08-23T00:00:00

Description

[2.6.32-131.12.1.el6] - [netdrv] be2net: clear intr bit in be_probe() (Ivan Vecera) [726308 722596] [2.6.32-131.11.1.el6] - [mm] hold the page lock until after set_page_stable_node (Andrea Arcangeli) [726095 683658] - [netdrv] be2net: remove certain cmd failure logging (Ivan Vecera) [725329 719304] - [net] nl80211: missing check for valid SSID size in scan operation (Stanislaw Gruszka) [718157 718158] {CVE-2011-2517} - [net] bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspace. (Thomas Graf) [703022 703023] {CVE-2011-2492} - [net] inet_diag: fix validation of user data in inet_diag_bc_audit() (Thomas Graf) [714540 714541] {CVE-2011-2213} - [fs] proc: restrict access to /proc/PID/io (Oleg Nesterov) [716829 716830] {CVE-2011-2495} - [fs] validate size of EFI GUID partition entries (Anton Arapov) [703029 703030] {CVE-2011-1776} - [fs] ext4: Fix max file size and logical block counting of extent format file (Lukas Czerner) [722568 722569] {CVE-2011-2695} - [virt] kvm: Disable device assignment without interrupt remapping (Alex Williamson) [716306 711504] {CVE-2011-1898} - [virt] iommu-api: Extension to check for interrupt remapping (Alex Williamson) [716306 711504] {CVE-2011-1898} - [netdrv] r8169: fix Rx checksum offloading bugs (Ivan Vecera) [723807 635596] - [netdrv] be2net: changes for BE3 native mode support (Ivan Vecera) [723820 695231] [2.6.32-131.10.1.el6] - [virt] ksm: fix race between ksmd and exiting task (Andrea Arcangeli) [710340 710341] {CVE-2011-2183} - [kernel] proc: signedness issue in next_pidmap() (Jerome Marchand) [697824 697825] {CVE-2011-1593} - [net] bluetooth: Prevent buffer overflow in l2cap config request (Jiri Pirko) [716809 716810] {CVE-2011-2497} - [fs] NLM: Don't hang forever on NLM unlock requests (Jeff Layton) [709548 709549] {CVE-2011-2491} - [fs] NFS: Fix NFSv3 exclusive open semantics (Jeff Layton) [719925 694210] - [fs] GFS2: Incorrect inode state during deallocation (Steven Whitehouse) [714982 712139] - [virt] KVM: Fix register corruption in pvclock_scale_delta (Avi Kivity) [719910 712102] - [netdrv] ehea: Fix memory hotplug oops (Steve Best) [720914 702036] - [net] Fix memory leak/corruption on VLAN GRO_DROP (Herbert Xu) [695175 695176] {CVE-2011-1576} - [md] Fix resync hang after surprise removal (James Paradis) [719928 707268] - GFS2: make sure fallocate bytes is a multiple of blksize (Benjamin Marzinski) [720863 695763] {CVE-2011-2689} - [kernel] Prevent rt_sigqueueinfo and rt_tgsigqueueinfo from spoofing the signal code (Oleg Nesterov) [715521 690033] {CVE-2011-1182} - [redhat] config: enable parallel port printer support (Aristeu Rozanski) [713827 635968] [2.6.32-131.9.1.el6] - [scsi] cciss: Annotate cciss_kdump_soft_reset and cciss_sent_reset as __devinit (Tomas Henzl) [715397 698268] - [scsi] cciss: Don't wait forever for soft reset to complete, give up after awhile (Tomas Henzl) [715397 698268] - [scsi] cciss: use cmd_alloc not cmd_special_alloc for the kdump soft reset command (Tomas Henzl) [715397 698268] - [scsi] cciss: do not use bit 2 doorbell reset (Tomas Henzl) [715397 698268] - [scsi] cciss: do not attempt PCI power management reset method if we know it won't work (Tomas Henzl) [715397 698268] - [scsi] cciss: increase timeouts for post-reset no-ops (Tomas Henzl) [715397 698268] - [scsi] cciss: remove superfluous sleeps around reset code (Tomas Henzl) [715397 698268] - [scsi] cciss: do soft reset if hard reset is broken (Tomas Henzl) [715397 698268] - [scsi] cciss: clarify messages around reset behavior (Tomas Henzl) [715397 698268] - [scsi] cciss: increase time to wait for board reset to start (Tomas Henzl) [715397 698268] - [scsi] cciss: factor out irq_request code (Tomas Henzl) [715397 698268] - [scsi] cciss: factor out scatterlist allocation functions (Tomas Henzl) [715397 698268] - [scsi] cciss: factor out command pool allocation functions (Tomas Henzl) [715397 698268] - [scsi] cciss: use new doorbell-bit-5 reset method (Tomas Henzl) [715397 698268] - [scsi] cciss: wait longer for no-op to complete after resetting controller (Tomas Henzl) [715397 698268] - [scsi] cciss: do a better job of detecting controller reset failure (Tomas Henzl) [715397 698268] - [scsi] hpsa: do not attempt PCI PM reset if we know it will not work (Tomas Henzl) [715397 698268] - [scsi] hpsa: remove superfluous sleeps around reset code (Tomas Henzl) [715397 698268] - [scsi] hpsa: do soft reset if hard reset is broken (Tomas Henzl) [715397 698268] - [scsi] hpsa: clarify messages around reset behavior (Tomas Henzl) [715397 698268] - [scsi] hpsa: factor out irq request code (Tomas Henzl) [715397 698268] - [scsi] hpsa: factor out cmd_pool allocation functions (Tomas Henzl) [715397 698268] - [scsi] hpsa: do not use bit 2 doorbell reset, it causes NMIs (Tomas Henzl) [715397 698268] - [scsi] hpsa: wait longer for no-op to complete after resetting controller (Tomas Henzl) [715397 698268] - [scsi] hpsa: use new doorbell-bit-5 reset method (Tomas Henzl) [715397 698268] - [scsi] hpsa: adjust timing of post-reset sleeps (Tomas Henzl) [715397 698268] - [scsi] hpsa: do a better job of detecting controller reset failure (Tomas Henzl) [715397 698268] [2.6.32-131.8.1.el6] - [fs] GFS2: force a log flush when invalidating the rindex glock (Benjamin Marzinski) [717018 702263] [2.6.32-131.7.1.el6] - [virt] xen: bump memory limit for x86_64 domU PV guest to 128Gb (Igor Mammedov) [716539 669739]

{"id": "ELSA-2011-1189", "type": "oraclelinux", "bulletinFamily": "unix", "title": "kernel security, bug fix, and enhancement update", "description": "[2.6.32-131.12.1.el6]\n- [netdrv] be2net: clear intr bit in be_probe() (Ivan Vecera) [726308 722596]\n[2.6.32-131.11.1.el6]\n- [mm] hold the page lock until after set_page_stable_node (Andrea Arcangeli) [726095 683658]\n- [netdrv] be2net: remove certain cmd failure logging (Ivan Vecera) [725329 719304]\n- [net] nl80211: missing check for valid SSID size in scan operation (Stanislaw Gruszka) [718157 718158] {CVE-2011-2517}\n- [net] bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspace. (Thomas Graf) [703022 703023] {CVE-2011-2492}\n- [net] inet_diag: fix validation of user data in inet_diag_bc_audit() (Thomas Graf) [714540 714541] {CVE-2011-2213}\n- [fs] proc: restrict access to /proc/PID/io (Oleg Nesterov) [716829 716830] {CVE-2011-2495}\n- [fs] validate size of EFI GUID partition entries (Anton Arapov) [703029 703030] {CVE-2011-1776}\n- [fs] ext4: Fix max file size and logical block counting of extent format file (Lukas Czerner) [722568 722569] {CVE-2011-2695}\n- [virt] kvm: Disable device assignment without interrupt remapping (Alex Williamson) [716306 711504] {CVE-2011-1898}\n- [virt] iommu-api: Extension to check for interrupt remapping (Alex Williamson) [716306 711504] {CVE-2011-1898}\n- [netdrv] r8169: fix Rx checksum offloading bugs (Ivan Vecera) [723807 635596]\n- [netdrv] be2net: changes for BE3 native mode support (Ivan Vecera) [723820 695231]\n[2.6.32-131.10.1.el6]\n- [virt] ksm: fix race between ksmd and exiting task (Andrea Arcangeli) [710340 710341] {CVE-2011-2183}\n- [kernel] proc: signedness issue in next_pidmap() (Jerome Marchand) [697824 697825] {CVE-2011-1593}\n- [net] bluetooth: Prevent buffer overflow in l2cap config request (Jiri Pirko) [716809 716810] {CVE-2011-2497}\n- [fs] NLM: Don't hang forever on NLM unlock requests (Jeff Layton) [709548 709549] {CVE-2011-2491}\n- [fs] NFS: Fix NFSv3 exclusive open semantics (Jeff Layton) [719925 694210]\n- [fs] GFS2: Incorrect inode state during deallocation (Steven Whitehouse) [714982 712139]\n- [virt] KVM: Fix register corruption in pvclock_scale_delta (Avi Kivity) [719910 712102]\n- [netdrv] ehea: Fix memory hotplug oops (Steve Best) [720914 702036]\n- [net] Fix memory leak/corruption on VLAN GRO_DROP (Herbert Xu) [695175 695176] {CVE-2011-1576}\n- [md] Fix resync hang after surprise removal (James Paradis) [719928 707268]\n- GFS2: make sure fallocate bytes is a multiple of blksize (Benjamin Marzinski) [720863 695763] {CVE-2011-2689}\n- [kernel] Prevent rt_sigqueueinfo and rt_tgsigqueueinfo from spoofing the signal code (Oleg Nesterov) [715521 690033] {CVE-2011-1182}\n- [redhat] config: enable parallel port printer support (Aristeu Rozanski) [713827 635968]\n[2.6.32-131.9.1.el6]\n- [scsi] cciss: Annotate cciss_kdump_soft_reset and cciss_sent_reset as __devinit (Tomas Henzl) [715397 698268]\n- [scsi] cciss: Don't wait forever for soft reset to complete, give up after awhile (Tomas Henzl) [715397 698268]\n- [scsi] cciss: use cmd_alloc not cmd_special_alloc for the kdump soft reset command (Tomas Henzl) [715397 698268]\n- [scsi] cciss: do not use bit 2 doorbell reset (Tomas Henzl) [715397 698268]\n- [scsi] cciss: do not attempt PCI power management reset method if we know it won't work (Tomas Henzl) [715397 698268]\n- [scsi] cciss: increase timeouts for post-reset no-ops (Tomas Henzl) [715397 698268]\n- [scsi] cciss: remove superfluous sleeps around reset code (Tomas Henzl) [715397 698268]\n- [scsi] cciss: do soft reset if hard reset is broken (Tomas Henzl) [715397 698268]\n- [scsi] cciss: clarify messages around reset behavior (Tomas Henzl) [715397 698268]\n- [scsi] cciss: increase time to wait for board reset to start (Tomas Henzl) [715397 698268]\n- [scsi] cciss: factor out irq_request code (Tomas Henzl) [715397 698268]\n- [scsi] cciss: factor out scatterlist allocation functions (Tomas Henzl) [715397 698268]\n- [scsi] cciss: factor out command pool allocation functions (Tomas Henzl) [715397 698268]\n- [scsi] cciss: use new doorbell-bit-5 reset method (Tomas Henzl) [715397 698268]\n- [scsi] cciss: wait longer for no-op to complete after resetting controller (Tomas Henzl) [715397 698268]\n- [scsi] cciss: do a better job of detecting controller reset failure (Tomas Henzl) [715397 698268]\n- [scsi] hpsa: do not attempt PCI PM reset if we know it will not work (Tomas Henzl) [715397 698268]\n- [scsi] hpsa: remove superfluous sleeps around reset code (Tomas Henzl) [715397 698268]\n- [scsi] hpsa: do soft reset if hard reset is broken (Tomas Henzl) [715397 698268]\n- [scsi] hpsa: clarify messages around reset behavior (Tomas Henzl) [715397 698268]\n- [scsi] hpsa: factor out irq request code (Tomas Henzl) [715397 698268]\n- [scsi] hpsa: factor out cmd_pool allocation functions (Tomas Henzl) [715397 698268]\n- [scsi] hpsa: do not use bit 2 doorbell reset, it causes NMIs (Tomas Henzl) [715397 698268]\n- [scsi] hpsa: wait longer for no-op to complete after resetting controller (Tomas Henzl) [715397 698268]\n- [scsi] hpsa: use new doorbell-bit-5 reset method (Tomas Henzl) [715397 698268]\n- [scsi] hpsa: adjust timing of post-reset sleeps (Tomas Henzl) [715397 698268]\n- [scsi] hpsa: do a better job of detecting controller reset failure (Tomas Henzl) [715397 698268]\n[2.6.32-131.8.1.el6]\n- [fs] GFS2: force a log flush when invalidating the rindex glock (Benjamin Marzinski) [717018 702263]\n[2.6.32-131.7.1.el6]\n- [virt] xen: bump memory limit for x86_64 domU PV guest to 128Gb (Igor Mammedov) [716539 669739]", "published": "2011-08-23T00:00:00", "modified": "2011-08-23T00:00:00", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}, "href": "http://linux.oracle.com/errata/ELSA-2011-1189.html", "reporter": "Oracle", "references": [], "cvelist": ["CVE-2011-2491", "CVE-2011-1776", "CVE-2011-2517", "CVE-2011-1576", "CVE-2011-2492", "CVE-2011-2495", "CVE-2011-1593", "CVE-2011-1898", "CVE-2011-2213", "CVE-2011-2497", "CVE-2011-2689", "CVE-2011-2695", "CVE-2011-1182", "CVE-2011-2183"], "immutableFields": [], "lastseen": "2019-05-29T18:37:59", "viewCount": 9, "enchantments": {"dependencies": {"references": [{"type": "centos", "idList": ["CESA-2011:0927", "CESA-2011:1065", "CESA-2011:1212", "CESA-2011:1386", "CESA-2011:1479"]}, {"type": "cve", "idList": ["CVE-2011-1182", "CVE-2011-1576", "CVE-2011-1593", "CVE-2011-1776", "CVE-2011-1898", "CVE-2011-2183", "CVE-2011-2213", "CVE-2011-2491", "CVE-2011-2492", "CVE-2011-2495", "CVE-2011-2497", "CVE-2011-2517", "CVE-2011-2689", "CVE-2011-2695"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2240-1:38C7A", "DEBIAN:DSA-2264-1:87A7B", "DEBIAN:DSA-2303-1:FAE10", "DEBIAN:DSA-2303-2:A9DDE", "DEBIAN:DSA-2310-1:3E5BE", "DEBIAN:DSA-2337-1:3234A", "DEBIAN:DSA-2389-1:215DA"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2011-1898"]}, {"type": "fedora", "idList": ["FEDORA:07E3221245", "FEDORA:132A2110E5A", "FEDORA:4C1E320FD7", "FEDORA:5FADF110BC4", "FEDORA:6F955210EC", "FEDORA:8785411086D", "FEDORA:A272A110C4A", "FEDORA:ACEFF2102F", "FEDORA:BCC0720E13", "FEDORA:C03A1110E26", "FEDORA:CAA68215A9", "FEDORA:E55ED110828"]}, {"type": "nessus", "idList": ["CENTOS_RHSA-2011-0927.NASL", "CENTOS_RHSA-2011-1065.NASL", "CENTOS_RHSA-2011-1212.NASL", "CENTOS_RHSA-2011-1386.NASL", "CENTOS_RHSA-2011-1479.NASL", "DEBIAN_DSA-2240.NASL", "DEBIAN_DSA-2264.NASL", "DEBIAN_DSA-2303.NASL", "DEBIAN_DSA-2310.NASL", "DEBIAN_DSA-2337.NASL", "DEBIAN_DSA-2389.NASL", "FEDORA_2011-11103.NASL", "FEDORA_2011-6447.NASL", "FEDORA_2011-8403.NASL", "FEDORA_2011-8421.NASL", "FEDORA_2011-9130.NASL", "OPENSUSE-2012-342.NASL", "OPENSUSE-2012-756.NASL", "ORACLELINUX_ELSA-2011-0927.NASL", "ORACLELINUX_ELSA-2011-1189.NASL", "ORACLELINUX_ELSA-2011-1212.NASL", "ORACLELINUX_ELSA-2011-1386.NASL", "ORACLELINUX_ELSA-2011-1479.NASL", "ORACLELINUX_ELSA-2011-2024.NASL", "ORACLELINUX_ELSA-2011-2025.NASL", "ORACLELINUX_ELSA-2011-2037.NASL", "ORACLELINUX_ELSA-2011-2038.NASL", "ORACLEVM_OVMSA-2013-0039.NASL", "REDHAT-RHSA-2011-0883.NASL", "REDHAT-RHSA-2011-0927.NASL", "REDHAT-RHSA-2011-1065.NASL", "REDHAT-RHSA-2011-1090.NASL", "REDHAT-RHSA-2011-1106.NASL", "REDHAT-RHSA-2011-1189.NASL", "REDHAT-RHSA-2011-1212.NASL", "REDHAT-RHSA-2011-1253.NASL", "REDHAT-RHSA-2011-1386.NASL", "REDHAT-RHSA-2011-1408.NASL", "REDHAT-RHSA-2011-1479.NASL", "REDHAT-RHSA-2011-1813.NASL", "REDHAT-RHSA-2012-0358.NASL", "SL_20110715_KERNEL_ON_SL5_X.NASL", "SL_20110823_KERNEL_ON_SL6_X.NASL", "SL_20110906_KERNEL_ON_SL5_X.NASL", "SL_20111020_KERNEL_ON_SL5_X.NASL", "SL_20111129_KERNEL_ON_SL5_X.NASL", "SUSE_11_2_KERNEL-110413.NASL", "SUSE_11_3_KERNEL-110414.NASL", "SUSE_11_3_KERNEL-110726.NASL", "SUSE_11_3_KERNEL-111026.NASL", "SUSE_11_3_KERNEL-120104.NASL", "SUSE_11_3_XEN-201107-110726.NASL", "SUSE_11_4_KERNEL-110426.NASL", "SUSE_11_4_KERNEL-110726.NASL", "SUSE_11_4_KERNEL-111026.NASL", "SUSE_11_4_KERNEL-120104.NASL", "SUSE_11_4_XEN-201107-110726.NASL", "SUSE_11_KERNEL-110414.NASL", "SUSE_11_KERNEL-110415.NASL", "SUSE_11_KERNEL-110718.NASL", "SUSE_11_KERNEL-110823.NASL", "SUSE_11_KERNEL-110824.NASL", "SUSE_11_KERNEL-111202.NASL", "SUSE_11_XEN-201107-110808.NASL", "SUSE_KERNEL-7515.NASL", "SUSE_KERNEL-7516.NASL", "SUSE_KERNEL-7568.NASL", "SUSE_KERNEL-7665.NASL", "SUSE_KERNEL-7666.NASL", "SUSE_KERNEL-7729.NASL", "SUSE_KERNEL-7734.NASL", "SUSE_KERNEL-7811.NASL", "SUSE_KERNEL-7812.NASL", "SUSE_KERNEL-7915.NASL", "SUSE_KERNEL-7918.NASL", "SUSE_SU-2013-1832-1.NASL", "SUSE_SU-2014-0536-1.NASL", "SUSE_XEN-7654.NASL", "UBUNTU_USN-1141-1.NASL", "UBUNTU_USN-1146-1.NASL", "UBUNTU_USN-1159-1.NASL", "UBUNTU_USN-1160-1.NASL", "UBUNTU_USN-1161-1.NASL", "UBUNTU_USN-1162-1.NASL", "UBUNTU_USN-1164-1.NASL", "UBUNTU_USN-1167-1.NASL", "UBUNTU_USN-1168-1.NASL", "UBUNTU_USN-1187-1.NASL", "UBUNTU_USN-1189-1.NASL", "UBUNTU_USN-1201-1.NASL", "UBUNTU_USN-1202-1.NASL", "UBUNTU_USN-1203-1.NASL", "UBUNTU_USN-1204-1.NASL", "UBUNTU_USN-1205-1.NASL", "UBUNTU_USN-1208-1.NASL", "UBUNTU_USN-1211-1.NASL", "UBUNTU_USN-1212-1.NASL", "UBUNTU_USN-1216-1.NASL", "UBUNTU_USN-1218-1.NASL", "UBUNTU_USN-1219-1.NASL", "UBUNTU_USN-1220-1.NASL", "UBUNTU_USN-1225-1.NASL", "UBUNTU_USN-1227-1.NASL", "UBUNTU_USN-1228-1.NASL", "UBUNTU_USN-1236-1.NASL", "UBUNTU_USN-1239-1.NASL", "UBUNTU_USN-1240-1.NASL", "UBUNTU_USN-1241-1.NASL", "UBUNTU_USN-1242-1.NASL", "UBUNTU_USN-1243-1.NASL", "UBUNTU_USN-1244-1.NASL", "UBUNTU_USN-1245-1.NASL", "UBUNTU_USN-1246-1.NASL", "UBUNTU_USN-1253-1.NASL", "UBUNTU_USN-1256-1.NASL", "UBUNTU_USN-1268-1.NASL", "UBUNTU_USN-1269-1.NASL", "UBUNTU_USN-1271-1.NASL", "UBUNTU_USN-1272-1.NASL", "UBUNTU_USN-1274-1.NASL", "UBUNTU_USN-1278-1.NASL", "UBUNTU_USN-1279-1.NASL", "UBUNTU_USN-1281-1.NASL", "UBUNTU_USN-1285-1.NASL", "UBUNTU_USN-1286-1.NASL", "VMWARE_VMSA-2012-0001.NASL", "VMWARE_VMSA-2012-0001_REMOTE.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:103448", "OPENVAS:1361412562310103448", "OPENVAS:1361412562310122018", "OPENVAS:1361412562310122029", "OPENVAS:1361412562310122050", "OPENVAS:1361412562310122066", "OPENVAS:1361412562310122091", "OPENVAS:1361412562310122102", "OPENVAS:1361412562310122103", "OPENVAS:1361412562310122106", "OPENVAS:1361412562310122122", "OPENVAS:1361412562310122132", "OPENVAS:136141256231069970", "OPENVAS:136141256231070551", "OPENVAS:1361412562310840671", "OPENVAS:1361412562310840676", "OPENVAS:1361412562310840691", "OPENVAS:1361412562310840693", "OPENVAS:1361412562310840696", "OPENVAS:1361412562310840698", "OPENVAS:1361412562310840699", "OPENVAS:1361412562310840700", "OPENVAS:1361412562310840704", "OPENVAS:1361412562310840718", "OPENVAS:1361412562310840725", "OPENVAS:1361412562310840739", "OPENVAS:1361412562310840740", "OPENVAS:1361412562310840743", "OPENVAS:1361412562310840744", "OPENVAS:1361412562310840745", "OPENVAS:1361412562310840746", "OPENVAS:1361412562310840748", "OPENVAS:1361412562310840749", "OPENVAS:1361412562310840758", "OPENVAS:1361412562310840760", "OPENVAS:1361412562310840761", "OPENVAS:1361412562310840762", "OPENVAS:1361412562310840764", "OPENVAS:1361412562310840771", "OPENVAS:1361412562310840773", "OPENVAS:1361412562310840778", "OPENVAS:1361412562310840785", "OPENVAS:1361412562310840786", "OPENVAS:1361412562310840787", "OPENVAS:1361412562310840788", "OPENVAS:1361412562310840789", "OPENVAS:1361412562310840790", "OPENVAS:1361412562310840793", "OPENVAS:1361412562310840796", "OPENVAS:1361412562310840802", "OPENVAS:1361412562310840804", "OPENVAS:1361412562310840811", "OPENVAS:1361412562310840813", "OPENVAS:1361412562310840814", "OPENVAS:1361412562310840816", "OPENVAS:1361412562310840818", "OPENVAS:1361412562310840819", "OPENVAS:1361412562310840821", "OPENVAS:1361412562310840823", "OPENVAS:1361412562310840826", "OPENVAS:1361412562310840828", "OPENVAS:1361412562310850163", "OPENVAS:1361412562310850165", "OPENVAS:1361412562310850211", "OPENVAS:1361412562310850253", "OPENVAS:1361412562310863292", "OPENVAS:1361412562310863313", "OPENVAS:1361412562310863320", "OPENVAS:1361412562310863356", "OPENVAS:1361412562310863447", "OPENVAS:1361412562310863471", "OPENVAS:1361412562310863571", "OPENVAS:1361412562310863604", "OPENVAS:1361412562310863606", "OPENVAS:1361412562310863647", "OPENVAS:1361412562310863739", "OPENVAS:1361412562310864512", "OPENVAS:1361412562310870453", "OPENVAS:1361412562310870454", "OPENVAS:1361412562310870482", "OPENVAS:1361412562310870504", "OPENVAS:1361412562310870519", "OPENVAS:1361412562310870646", "OPENVAS:1361412562310880545", "OPENVAS:1361412562310880988", "OPENVAS:1361412562310880995", "OPENVAS:1361412562310881021", "OPENVAS:1361412562310881051", "OPENVAS:1361412562310881309", "OPENVAS:1361412562310881313", "OPENVAS:1361412562310881342", "OPENVAS:1361412562310881406", "OPENVAS:1361412562310881451", "OPENVAS:1361412562310892389", "OPENVAS:69970", "OPENVAS:70551", "OPENVAS:840671", "OPENVAS:840676", "OPENVAS:840691", "OPENVAS:840693", "OPENVAS:840696", "OPENVAS:840698", "OPENVAS:840699", "OPENVAS:840700", "OPENVAS:840704", "OPENVAS:840718", "OPENVAS:840725", "OPENVAS:840739", "OPENVAS:840740", "OPENVAS:840743", "OPENVAS:840744", "OPENVAS:840745", "OPENVAS:840746", "OPENVAS:840748", "OPENVAS:840749", "OPENVAS:840758", "OPENVAS:840760", "OPENVAS:840761", "OPENVAS:840762", "OPENVAS:840764", "OPENVAS:840771", "OPENVAS:840773", "OPENVAS:840778", "OPENVAS:840785", "OPENVAS:840786", "OPENVAS:840787", "OPENVAS:840788", "OPENVAS:840789", "OPENVAS:840790", "OPENVAS:840793", "OPENVAS:840796", "OPENVAS:840802", "OPENVAS:840804", "OPENVAS:840811", "OPENVAS:840813", "OPENVAS:840814", "OPENVAS:840816", "OPENVAS:840818", "OPENVAS:840819", "OPENVAS:840821", "OPENVAS:840823", "OPENVAS:840826", "OPENVAS:840828", "OPENVAS:850163", "OPENVAS:850165", "OPENVAS:850211", "OPENVAS:850253", "OPENVAS:863292", "OPENVAS:863313", "OPENVAS:863320", "OPENVAS:863356", "OPENVAS:863447", "OPENVAS:863471", "OPENVAS:863571", "OPENVAS:863604", "OPENVAS:863606", "OPENVAS:863647", "OPENVAS:863739", "OPENVAS:864512", "OPENVAS:870453", "OPENVAS:870454", "OPENVAS:870482", "OPENVAS:870504", "OPENVAS:870519", "OPENVAS:870646", "OPENVAS:880545", "OPENVAS:880988", "OPENVAS:880995", "OPENVAS:881021", "OPENVAS:881051", "OPENVAS:881309", "OPENVAS:881313", "OPENVAS:881342", "OPENVAS:881406", "OPENVAS:881451", "OPENVAS:892389"]}, {"type": "oraclelinux", "idList": ["ELSA-2011-0927", "ELSA-2011-1065", "ELSA-2011-1212", "ELSA-2011-1386", "ELSA-2011-1479", "ELSA-2011-2024", "ELSA-2011-2025", "ELSA-2011-2037", "ELSA-2011-2038", "ELSA-2012-0150"]}, {"type": "osv", "idList": ["OSV:DSA-2240-1", "OSV:DSA-2264-1", "OSV:DSA-2303-1", "OSV:DSA-2310-1", "OSV:DSA-2337-1", "OSV:DSA-2389-1"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:105078"]}, {"type": "redhat", "idList": ["RHSA-2011:0927", "RHSA-2011:1065", "RHSA-2011:1090", "RHSA-2011:1189", "RHSA-2011:1212", "RHSA-2011:1253", "RHSA-2011:1386", "RHSA-2011:1408", "RHSA-2011:1479", "RHSA-2011:1813", "RHSA-2012:0358"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:26354", "SECURITYVULNS:DOC:26416", "SECURITYVULNS:DOC:26447", "SECURITYVULNS:DOC:27006", "SECURITYVULNS:DOC:27054", "SECURITYVULNS:DOC:27375", "SECURITYVULNS:DOC:27376", "SECURITYVULNS:DOC:27566", "SECURITYVULNS:DOC:30403", "SECURITYVULNS:VULN:11588", "SECURITYVULNS:VULN:11656", "SECURITYVULNS:VULN:11708", "SECURITYVULNS:VULN:11922", "SECURITYVULNS:VULN:12030", "SECURITYVULNS:VULN:12057", "SECURITYVULNS:VULN:12151", "SECURITYVULNS:VULN:13641"]}, {"type": "seebug", "idList": ["SSV:20738", "SSV:20784"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2011:0941-1", "OPENSUSE-SU-2012:0206-1", "OPENSUSE-SU-2012:0236-1", "SUSE-SA:2011:017", "SUSE-SA:2011:019", "SUSE-SA:2011:020", "SUSE-SA:2011:021", "SUSE-SA:2011:026", "SUSE-SA:2011:027", "SUSE-SA:2011:031", "SUSE-SA:2011:034", "SUSE-SA:2011:038", "SUSE-SA:2011:040", "SUSE-SA:2011:042", "SUSE-SA:2011:046", "SUSE-SU-2011:0711-1", "SUSE-SU-2011:0832-1", "SUSE-SU-2011:0899-1", "SUSE-SU-2011:0925-1", "SUSE-SU-2011:0942-1", "SUSE-SU-2011:0984-1", "SUSE-SU-2011:0984-2", "SUSE-SU-2011:0984-3", "SUSE-SU-2011:1058-1", "SUSE-SU-2011:1195-1", "SUSE-SU-2011:1319-1", "SUSE-SU-2011:1319-2", "SUSE-SU-2012:0364-1", "SUSE-SU-2014:0536-1"]}, {"type": "ubuntu", "idList": ["USN-1141-1", "USN-1146-1", "USN-1159-1", "USN-1160-1", "USN-1161-1", "USN-1162-1", "USN-1164-1", "USN-1167-1", "USN-1168-1", "USN-1187-1", "USN-1189-1", "USN-1201-1", "USN-1202-1", "USN-1203-1", "USN-1204-1", "USN-1205-1", "USN-1208-1", "USN-1211-1", "USN-1212-1", "USN-1216-1", "USN-1218-1", "USN-1219-1", "USN-1220-1", "USN-1225-1", "USN-1227-1", "USN-1228-1", "USN-1236-1", "USN-1239-1", "USN-1240-1", "USN-1241-1", "USN-1242-1", "USN-1243-1", "USN-1244-1", "USN-1245-1", "USN-1246-1", "USN-1253-1", "USN-1256-1", "USN-1268-1", "USN-1269-1", "USN-1271-1", "USN-1272-1", "USN-1274-1", "USN-1278-1", "USN-1279-1", "USN-1281-1", "USN-1285-1", "USN-1286-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2011-1182", "UB:CVE-2011-1576", "UB:CVE-2011-1593", "UB:CVE-2011-1776", "UB:CVE-2011-1898", "UB:CVE-2011-2183", "UB:CVE-2011-2213", "UB:CVE-2011-2491", "UB:CVE-2011-2492", "UB:CVE-2011-2495", "UB:CVE-2011-2497", "UB:CVE-2011-2517", "UB:CVE-2011-2689", "UB:CVE-2011-2695"]}, {"type": "veracode", "idList": ["VERACODE:24582", "VERACODE:24671", "VERACODE:24672", "VERACODE:24673", "VERACODE:24776", "VERACODE:24777", "VERACODE:24778", "VERACODE:24780", "VERACODE:24781", "VERACODE:24788", "VERACODE:24789", "VERACODE:24797", "VERACODE:24831"]}, {"type": "vmware", "idList": ["VMSA-2012-0001", "VMSA-2012-0001.2"]}]}, "score": {"value": -0.4, "vector": "NONE"}, "backreferences": {"references": [{"type": "centos", "idList": ["CESA-2011:0927", "CESA-2011:1065", "CESA-2011:1212", "CESA-2011:1386", "CESA-2011:1479"]}, {"type": "cve", "idList": ["CVE-2011-1182", "CVE-2011-1576", "CVE-2011-1593"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2337-1:3234A"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2011-1898"]}, {"type": "fedora", "idList": ["FEDORA:6F955210EC", "FEDORA:C03A1110E26"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/LINUXRPM-RHSA-2011-1106/"]}, {"type": "nessus", "idList": ["ORACLELINUX_ELSA-2011-2025.NASL", "REDHAT-RHSA-2011-0883.NASL", "REDHAT-RHSA-2011-1065.NASL", "SUSE_11_XEN-201107-110808.NASL", "SUSE_KERNEL-7516.NASL", "SUSE_KERNEL-7568.NASL", "UBUNTU_USN-1164-1.NASL", "UBUNTU_USN-1202-1.NASL", "UBUNTU_USN-1211-1.NASL", "UBUNTU_USN-1240-1.NASL", "UBUNTU_USN-1269-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310122018", "OPENVAS:1361412562310840700", "OPENVAS:1361412562310840758", "OPENVAS:1361412562310840760", "OPENVAS:1361412562310840771", "OPENVAS:1361412562310863447", "OPENVAS:1361412562310870646", "OPENVAS:1361412562310881309", "OPENVAS:840814", "OPENVAS:863313", "OPENVAS:880545", "OPENVAS:881451"]}, {"type": "oraclelinux", "idList": ["ELSA-2011-0927", "ELSA-2011-1065", "ELSA-2011-1212", "ELSA-2011-1479", "ELSA-2011-2024", "ELSA-2011-2025", "ELSA-2011-2037", "ELSA-2011-2038", "ELSA-2012-0150"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:105078"]}, {"type": "redhat", "idList": ["RHSA-2011:0927", "RHSA-2011:1065", "RHSA-2011:1189", "RHSA-2011:1212", "RHSA-2011:1479", "RHSA-2011:1813"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:26447"]}, {"type": "seebug", "idList": ["SSV:20784"]}, {"type": "suse", "idList": ["SUSE-SU-2011:1058-1"]}, {"type": "ubuntu", "idList": ["USN-1219-1", "USN-1244-1", "USN-1285-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2011-2213"]}, {"type": "vmware", "idList": ["VMSA-2012-0001"]}]}, "exploitation": null, "vulnersScore": -0.4}, "affectedSoftware": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1660012827, "score": 1659821240}, "_internal": {"score_hash": "c2ebe25e1673ce030570584f045beb65"}}

{"openvas": [{"lastseen": "2019-05-29T18:38:48", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-07-09T00:00:00", "type": "openvas", "title": "RedHat Update for kernel RHSA-2011:1189-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2491", "CVE-2011-1776", "CVE-2011-2517", "CVE-2011-1576", "CVE-2011-2492", "CVE-2011-2495", "CVE-2011-1593", "CVE-2011-1898", "CVE-2011-2213", "CVE-2011-2497", "CVE-2011-2689", "CVE-2011-2695", "CVE-2011-1182", "CVE-2011-2183"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310870646", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870646", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for kernel RHSA-2011:1189-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2011-August/msg00018.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870646\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-09 10:39:18 +0530 (Mon, 09 Jul 2012)\");\n script_cve_id(\"CVE-2011-1182\", \"CVE-2011-1576\", \"CVE-2011-1593\", \"CVE-2011-1776\",\n \"CVE-2011-1898\", \"CVE-2011-2183\", \"CVE-2011-2213\", \"CVE-2011-2491\",\n \"CVE-2011-2492\", \"CVE-2011-2495\", \"CVE-2011-2497\", \"CVE-2011-2517\",\n \"CVE-2011-2689\", \"CVE-2011-2695\");\n script_tag(name:\"cvss_base\", value:\"8.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"RHSA\", value:\"2011:1189-01\");\n script_name(\"RedHat Update for kernel RHSA-2011:1189-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n script_tag(name:\"affected\", value:\"kernel on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Security issues:\n\n * Using PCI passthrough without interrupt remapping support allowed KVM\n guests to generate MSI interrupts and thus potentially inject traps. A\n privileged guest user could use this flaw to crash the host or possibly\n escalate their privileges on the host. The fix for this issue can prevent\n PCI passthrough working and guests starting. Refer to Red Hat Bugzilla bug\n 715555 for details. (CVE-2011-1898, Important)\n\n * Flaw in the client-side NLM implementation could allow a local,\n unprivileged user to cause a denial of service. (CVE-2011-2491, Important)\n\n * Integer underflow in the Bluetooth implementation could allow a remote\n attacker to cause a denial of service or escalate their privileges by\n sending a specially-crafted request to a target system via Bluetooth.\n (CVE-2011-2497, Important)\n\n * Buffer overflows in the netlink-based wireless configuration interface\n implementation could allow a local user, who has the CAP_NET_ADMIN\n capability, to cause a denial of service or escalate their privileges on\n systems that have an active wireless interface. (CVE-2011-2517, Important)\n\n * Flaw in the way the maximum file offset was handled for ext4 file systems\n could allow a local, unprivileged user to cause a denial of service.\n (CVE-2011-2695, Important)\n\n * Flaw allowed napi_reuse_skb() to be called on VLAN packets. An attacker\n on the local network could use this flaw to send crafted packets to a\n target, possibly causing a denial of service. (CVE-2011-1576, Moderate)\n\n * Integer signedness error in next_pidmap() could allow a local,\n unprivileged user to cause a denial of service. (CVE-2011-1593, Moderate)\n\n * Race condition in the memory merging support (KSM) could allow a local,\n unprivileged user to cause a denial of service. KSM is off by default, but\n on systems running VDSM, or on KVM hosts, it is likely turned on by the\n ksm/ksmtuned services. (CVE-2011-2183, Moderate)\n\n * Flaw in inet_diag_bc_audit() could allow a local, unprivileged user to\n cause a denial of service. (CVE-2011-2213, Moderate)\n\n * Flaw in the way space was allocated in the Global File System 2 (GFS2)\n implementation. If the file system was almost full, and a local,\n unprivileged user made an fallocate() request, it could result in a denial\n of service. Setting quotas to prevent users from using all available disk\n space would prevent exploitation of this flaw. (CVE-2011-2689, Moderate)\n\n * Local, unprivileged users could sen ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.32~131.12.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.32~131.12.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.32~131.12.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.32~131.12.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.32~131.12.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common-i686\", rpm:\"kernel-debuginfo-common-i686~2.6.32~131.12.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.32~131.12.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.32~131.12.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~2.6.32~131.12.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf-debuginfo\", rpm:\"perf-debuginfo~2.6.32~131.12.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.32~131.12.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.32~131.12.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~2.6.32~131.12.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-06T13:07:54", "description": "Check for the Version of kernel", "cvss3": {}, "published": "2012-07-09T00:00:00", "type": "openvas", "title": "RedHat Update for kernel RHSA-2011:1189-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2491", "CVE-2011-1776", "CVE-2011-2517", "CVE-2011-1576", "CVE-2011-2492", "CVE-2011-2495", "CVE-2011-1593", "CVE-2011-1898", "CVE-2011-2213", "CVE-2011-2497", "CVE-2011-2689", "CVE-2011-2695", "CVE-2011-1182", "CVE-2011-2183"], "modified": "2018-01-05T00:00:00", "id": "OPENVAS:870646", "href": "http://plugins.openvas.org/nasl.php?oid=870646", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for kernel RHSA-2011:1189-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Security issues:\n\n * Using PCI passthrough without interrupt remapping support allowed KVM\n guests to generate MSI interrupts and thus potentially inject traps. A\n privileged guest user could use this flaw to crash the host or possibly\n escalate their privileges on the host. The fix for this issue can prevent\n PCI passthrough working and guests starting. Refer to Red Hat Bugzilla bug\n 715555 for details. (CVE-2011-1898, Important)\n\n * Flaw in the client-side NLM implementation could allow a local,\n unprivileged user to cause a denial of service. (CVE-2011-2491, Important)\n\n * Integer underflow in the Bluetooth implementation could allow a remote\n attacker to cause a denial of service or escalate their privileges by\n sending a specially-crafted request to a target system via Bluetooth.\n (CVE-2011-2497, Important)\n\n * Buffer overflows in the netlink-based wireless configuration interface\n implementation could allow a local user, who has the CAP_NET_ADMIN\n capability, to cause a denial of service or escalate their privileges on\n systems that have an active wireless interface. (CVE-2011-2517, Important)\n\n * Flaw in the way the maximum file offset was handled for ext4 file systems\n could allow a local, unprivileged user to cause a denial of service.\n (CVE-2011-2695, Important)\n\n * Flaw allowed napi_reuse_skb() to be called on VLAN packets. An attacker\n on the local network could use this flaw to send crafted packets to a\n target, possibly causing a denial of service. (CVE-2011-1576, Moderate)\n\n * Integer signedness error in next_pidmap() could allow a local,\n unprivileged user to cause a denial of service. (CVE-2011-1593, Moderate)\n\n * Race condition in the memory merging support (KSM) could allow a local,\n unprivileged user to cause a denial of service. KSM is off by default, but\n on systems running VDSM, or on KVM hosts, it is likely turned on by the\n ksm/ksmtuned services. (CVE-2011-2183, Moderate)\n\n * Flaw in inet_diag_bc_audit() could allow a local, unprivileged user to\n cause a denial of service. (CVE-2011-2213, Moderate)\n\n * Flaw in the way space was allocated in the Global File System 2 (GFS2)\n implementation. If the file system was almost full, and a local,\n unprivileged user made an fallocate() request, it could result in a denial\n of service. Setting quotas to prevent users from using all available disk\n space would prevent exploitation of this flaw. (CVE-2011-2689, Moderate)\n\n * Local, unprivileged users could sen ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"kernel on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2011-August/msg00018.html\");\n script_id(870646);\n script_version(\"$Revision: 8295 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-05 07:29:18 +0100 (Fri, 05 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-09 10:39:18 +0530 (Mon, 09 Jul 2012)\");\n script_cve_id(\"CVE-2011-1182\", \"CVE-2011-1576\", \"CVE-2011-1593\", \"CVE-2011-1776\",\n \"CVE-2011-1898\", \"CVE-2011-2183\", \"CVE-2011-2213\", \"CVE-2011-2491\",\n \"CVE-2011-2492\", \"CVE-2011-2495\", \"CVE-2011-2497\", \"CVE-2011-2517\",\n \"CVE-2011-2689\", \"CVE-2011-2695\");\n script_tag(name:\"cvss_base\", value:\"8.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2011:1189-01\");\n script_name(\"RedHat Update for kernel RHSA-2011:1189-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.32~131.12.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.32~131.12.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.32~131.12.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.32~131.12.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.32~131.12.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common-i686\", rpm:\"kernel-debuginfo-common-i686~2.6.32~131.12.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.32~131.12.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.32~131.12.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~2.6.32~131.12.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf-debuginfo\", rpm:\"perf-debuginfo~2.6.32~131.12.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.32~131.12.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.32~131.12.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~2.6.32~131.12.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 8.3, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:36:59", "description": "Oracle Linux Local Security Checks ELSA-2011-1189", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2011-1189", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2491", "CVE-2011-1776", "CVE-2011-2517", "CVE-2011-1576", "CVE-2011-2492", "CVE-2011-2495", "CVE-2011-1593", "CVE-2011-1898", "CVE-2011-2213", "CVE-2011-2497", "CVE-2011-2689", "CVE-2011-2695", "CVE-2011-1182", "CVE-2011-2183"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122103", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122103", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2011-1189.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122103\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:13:08 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2011-1189\");\n script_tag(name:\"insight\", value:\"ELSA-2011-1189 - kernel security, bug fix, and enhancement update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2011-1189\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2011-1189.html\");\n script_cve_id(\"CVE-2011-1182\", \"CVE-2011-1576\", \"CVE-2011-1593\", \"CVE-2011-1776\", \"CVE-2011-1898\", \"CVE-2011-2183\", \"CVE-2011-2213\", \"CVE-2011-2491\", \"CVE-2011-2492\", \"CVE-2011-2495\", \"CVE-2011-2497\", \"CVE-2011-2517\", \"CVE-2011-2689\", \"CVE-2011-2695\");\n script_tag(name:\"cvss_base\", value:\"8.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.32~131.12.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.32~131.12.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.32~131.12.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.32~131.12.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.32~131.12.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.32~131.12.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.32~131.12.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~2.6.32~131.12.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:13", "description": "Oracle Linux Local Security Checks ELSA-2011-2025", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2011-2025", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2491", "CVE-2011-2517", "CVE-2011-1576", "CVE-2011-2492", "CVE-2011-2495", "CVE-2011-1898", "CVE-2011-2497", "CVE-2011-2695", "CVE-2011-2183"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122102", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122102", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2011-2025.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122102\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:13:06 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2011-2025\");\n script_tag(name:\"insight\", value:\"ELSA-2011-2025 - Unbreakable Enterprise kernel security and bug fix update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2011-2025\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2011-2025.html\");\n script_cve_id(\"CVE-2011-1576\", \"CVE-2011-1898\", \"CVE-2011-2183\", \"CVE-2011-2491\", \"CVE-2011-2492\", \"CVE-2011-2495\", \"CVE-2011-2497\", \"CVE-2011-2517\", \"CVE-2011-2695\");\n script_tag(name:\"cvss_base\", value:\"8.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(5|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"kernel-uek\", rpm:\"kernel-uek~2.6.32~200.19.1.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug\", rpm:\"kernel-uek-debug~2.6.32~200.19.1.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug-devel\", rpm:\"kernel-uek-debug-devel~2.6.32~200.19.1.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-devel\", rpm:\"kernel-uek-devel~2.6.32~200.19.1.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-doc\", rpm:\"kernel-uek-doc~2.6.32~200.19.1.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-firmware\", rpm:\"kernel-uek-firmware~2.6.32~200.19.1.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-headers\", rpm:\"kernel-uek-headers~2.6.32~200.19.1.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ofa\", rpm:\"ofa~2.6.32~200.19.1.el5uek~1.5.1~4.0.28\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ofa\", rpm:\"ofa~2.6.32~200.19.1.el5uekdebug~1.5.1~4.0.28\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"kernel-uek\", rpm:\"kernel-uek~2.6.32~200.19.1.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug\", rpm:\"kernel-uek-debug~2.6.32~200.19.1.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug-devel\", rpm:\"kernel-uek-debug-devel~2.6.32~200.19.1.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-devel\", rpm:\"kernel-uek-devel~2.6.32~200.19.1.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-doc\", rpm:\"kernel-uek-doc~2.6.32~200.19.1.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-firmware\", rpm:\"kernel-uek-firmware~2.6.32~200.19.1.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-headers\", rpm:\"kernel-uek-headers~2.6.32~200.19.1.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ofa\", rpm:\"ofa~2.6.32~200.19.1.el6uek~1.5.1~4.0.47\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ofa\", rpm:\"ofa~2.6.32~200.19.1.el6uekdebug~1.5.1~4.0.47\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-25T10:55:23", "description": "Check for the Version of kernel", "cvss3": {}, "published": "2011-07-18T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2011-9130", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2517", "CVE-2011-2497", "CVE-2011-2183"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:863356", "href": "http://plugins.openvas.org/nasl.php?oid=863356", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2011-9130\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"kernel on Fedora 15\";\ntag_insight = \"The kernel package contains the Linux kernel (vmlinuz), the core of any\n Linux operating system. The kernel handles the basic functions\n of the operating system: memory allocation, process allocation, device\n input and output, etc.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062611.html\");\n script_id(863356);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-07-18 15:23:56 +0200 (Mon, 18 Jul 2011)\");\n script_tag(name:\"cvss_base\", value:\"8.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2011-9130\");\n script_cve_id(\"CVE-2011-2497\", \"CVE-2011-2517\", \"CVE-2011-2183\");\n script_name(\"Fedora Update for kernel FEDORA-2011-9130\");\n\n script_summary(\"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.38.8~35.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 8.3, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:38", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-07-18T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2011-9130", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2517", "CVE-2011-2497", "CVE-2011-2183"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310863356", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863356", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2011-9130\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062611.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863356\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-07-18 15:23:56 +0200 (Mon, 18 Jul 2011)\");\n script_tag(name:\"cvss_base\", value:\"8.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"FEDORA\", value:\"2011-9130\");\n script_cve_id(\"CVE-2011-2497\", \"CVE-2011-2517\", \"CVE-2011-2183\");\n script_name(\"Fedora Update for kernel FEDORA-2011-9130\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC15\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 15\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.38.8~35.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:37", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1285-1", "cvss3": {}, "published": "2011-12-02T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-1285-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2491", "CVE-2011-2517", "CVE-2011-2495", "CVE-2011-2909", "CVE-2011-2494", "CVE-2011-2905", "CVE-2011-2183"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840826", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840826", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1285_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux USN-1285-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1285-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840826\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-12-02 13:30:37 +0530 (Fri, 02 Dec 2011)\");\n script_xref(name:\"USN\", value:\"1285-1\");\n script_cve_id(\"CVE-2011-2183\", \"CVE-2011-2491\", \"CVE-2011-2494\", \"CVE-2011-2495\",\n \"CVE-2011-2517\", \"CVE-2011-2905\", \"CVE-2011-2909\");\n script_name(\"Ubuntu Update for linux USN-1285-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU11\\.04\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1285-1\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 11.04\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Andrea Righi discovered a race condition in the KSM memory merging support.\n If KSM was being used, a local attacker could exploit this to crash the\n system, leading to a denial of service. (CVE-2011-2183)\n\n Vasily Averin discovered that the NFS Lock Manager (NLM) incorrectly\n handled unlock requests. A local attacker could exploit this to cause a\n denial of service. (CVE-2011-2491)\n\n Vasiliy Kulikov discovered that taskstats did not enforce access\n restrictions. A local attacker could exploit this to read certain\n information, leading to a loss of privacy. (CVE-2011-2494)\n\n Vasiliy Kulikov discovered that /proc/PID/io did not enforce access\n restrictions. A local attacker could exploit this to read certain\n information, leading to a loss of privacy. (CVE-2011-2495)\n\n It was discovered that the wireless stack incorrectly verified SSID\n lengths. A local attacker could exploit this to cause a denial of service\n or gain root privileges. (CVE-2011-2517)\n\n Christian Ohm discovered that the perf command looks for configuration\n files in the current directory. If a privileged user were tricked into\n running perf in a directory containing a malicious configuration file, an\n attacker could run arbitrary commands and possibly gain privileges.\n (CVE-2011-2905)\n\n Vasiliy Kulikov discovered that the Comedi driver did not correctly clear\n memory. A local attacker could exploit this to read kernel stack memory,\n leading to a loss of privacy. (CVE-2011-2909)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-13-generic\", ver:\"2.6.38-13.52\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-13-generic-pae\", ver:\"2.6.38-13.52\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-13-omap\", ver:\"2.6.38-13.52\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-13-powerpc\", ver:\"2.6.38-13.52\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-13-powerpc-smp\", ver:\"2.6.38-13.52\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-13-powerpc64-smp\", ver:\"2.6.38-13.52\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-13-server\", ver:\"2.6.38-13.52\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-13-versatile\", ver:\"2.6.38-13.52\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-13-virtual\", ver:\"2.6.38-13.52\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-12-04T11:27:19", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1279-1", "cvss3": {}, "published": "2011-11-25T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-lts-backport-natty USN-1279-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2491", "CVE-2011-2517", "CVE-2011-2495", "CVE-2011-2909", "CVE-2011-2494", "CVE-2011-2905", "CVE-2011-2183"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840821", "href": "http://plugins.openvas.org/nasl.php?oid=840821", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1279_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for linux-lts-backport-natty USN-1279-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Andrea Righi discovered a race condition in the KSM memory merging support.\n If KSM was being used, a local attacker could exploit this to crash the\n system, leading to a denial of service. (CVE-2011-2183)\n\n Vasily Averin discovered that the NFS Lock Manager (NLM) incorrectly\n handled unlock requests. A local attacker could exploit this to cause a\n denial of service. (CVE-2011-2491)\n\n Vasiliy Kulikov discovered that taskstats did not enforce access\n restrictions. A local attacker could exploit this to read certain\n information, leading to a loss of privacy. (CVE-2011-2494)\n\n Vasiliy Kulikov discovered that /proc/PID/io did not enforce access\n restrictions. A local attacker could exploit this to read certain\n information, leading to a loss of privacy. (CVE-2011-2495)\n\n It was discovered that the wireless stack incorrectly verified SSID\n lengths. A local attacker could exploit this to cause a denial of service\n or gain root privileges. (CVE-2011-2517)\n\n Christian Ohm discovered that the perf command looks for configuration\n files in the current directory. If a privileged user were tricked into\n running perf in a directory containing a malicious configuration file, an\n attacker could run arbitrary commands and possibly gain privileges.\n (CVE-2011-2905)\n\n Vasiliy Kulikov discovered that the Comedi driver did not correctly clear\n memory. A local attacker could exploit this to read kernel stack memory,\n leading to a loss of privacy. (CVE-2011-2909)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1279-1\";\ntag_affected = \"linux-lts-backport-natty on Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1279-1/\");\n script_id(840821);\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-25 12:03:33 +0530 (Fri, 25 Nov 2011)\");\n script_xref(name: \"USN\", value: \"1279-1\");\n script_cve_id(\"CVE-2011-2183\", \"CVE-2011-2491\", \"CVE-2011-2494\", \"CVE-2011-2495\", \"CVE-2011-2517\", \"CVE-2011-2905\", \"CVE-2011-2909\");\n script_name(\"Ubuntu Update for linux-lts-backport-natty USN-1279-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-13-generic\", ver:\"2.6.38-13.52~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-13-generic-pae\", ver:\"2.6.38-13.52~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-13-server\", ver:\"2.6.38-13.52~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-13-virtual\", ver:\"2.6.38-13.52~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:35", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1279-1", "cvss3": {}, "published": "2011-11-25T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-lts-backport-natty USN-1279-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2491", "CVE-2011-2517", "CVE-2011-2495", "CVE-2011-2909", "CVE-2011-2494", "CVE-2011-2905", "CVE-2011-2183"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840821", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840821", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1279_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux-lts-backport-natty USN-1279-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1279-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840821\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-25 12:03:33 +0530 (Fri, 25 Nov 2011)\");\n script_xref(name:\"USN\", value:\"1279-1\");\n script_cve_id(\"CVE-2011-2183\", \"CVE-2011-2491\", \"CVE-2011-2494\", \"CVE-2011-2495\", \"CVE-2011-2517\", \"CVE-2011-2905\", \"CVE-2011-2909\");\n script_name(\"Ubuntu Update for linux-lts-backport-natty USN-1279-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU10\\.04 LTS\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1279-1\");\n script_tag(name:\"affected\", value:\"linux-lts-backport-natty on Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Andrea Righi discovered a race condition in the KSM memory merging support.\n If KSM was being used, a local attacker could exploit this to crash the\n system, leading to a denial of service. (CVE-2011-2183)\n\n Vasily Averin discovered that the NFS Lock Manager (NLM) incorrectly\n handled unlock requests. A local attacker could exploit this to cause a\n denial of service. (CVE-2011-2491)\n\n Vasiliy Kulikov discovered that taskstats did not enforce access\n restrictions. A local attacker could exploit this to read certain\n information, leading to a loss of privacy. (CVE-2011-2494)\n\n Vasiliy Kulikov discovered that /proc/PID/io did not enforce access\n restrictions. A local attacker could exploit this to read certain\n information, leading to a loss of privacy. (CVE-2011-2495)\n\n It was discovered that the wireless stack incorrectly verified SSID\n lengths. A local attacker could exploit this to cause a denial of service\n or gain root privileges. (CVE-2011-2517)\n\n Christian Ohm discovered that the perf command looks for configuration\n files in the current directory. If a privileged user were tricked into\n running perf in a directory containing a malicious configuration file, an\n attacker could run arbitrary commands and possibly gain privileges.\n (CVE-2011-2905)\n\n Vasiliy Kulikov discovered that the Comedi driver did not correctly clear\n memory. A local attacker could exploit this to read kernel stack memory,\n leading to a loss of privacy. (CVE-2011-2909)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-13-generic\", ver:\"2.6.38-13.52~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-13-generic-pae\", ver:\"2.6.38-13.52~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-13-server\", ver:\"2.6.38-13.52~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-13-virtual\", ver:\"2.6.38-13.52~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-12-04T11:27:07", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1285-1", "cvss3": {}, "published": "2011-12-02T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-1285-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2491", "CVE-2011-2517", "CVE-2011-2495", "CVE-2011-2909", "CVE-2011-2494", "CVE-2011-2905", "CVE-2011-2183"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840826", "href": "http://plugins.openvas.org/nasl.php?oid=840826", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1285_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for linux USN-1285-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Andrea Righi discovered a race condition in the KSM memory merging support.\n If KSM was being used, a local attacker could exploit this to crash the\n system, leading to a denial of service. (CVE-2011-2183)\n\n Vasily Averin discovered that the NFS Lock Manager (NLM) incorrectly\n handled unlock requests. A local attacker could exploit this to cause a\n denial of service. (CVE-2011-2491)\n\n Vasiliy Kulikov discovered that taskstats did not enforce access\n restrictions. A local attacker could exploit this to read certain\n information, leading to a loss of privacy. (CVE-2011-2494)\n\n Vasiliy Kulikov discovered that /proc/PID/io did not enforce access\n restrictions. A local attacker could exploit this to read certain\n information, leading to a loss of privacy. (CVE-2011-2495)\n\n It was discovered that the wireless stack incorrectly verified SSID\n lengths. A local attacker could exploit this to cause a denial of service\n or gain root privileges. (CVE-2011-2517)\n\n Christian Ohm discovered that the perf command looks for configuration\n files in the current directory. If a privileged user were tricked into\n running perf in a directory containing a malicious configuration file, an\n attacker could run arbitrary commands and possibly gain privileges.\n (CVE-2011-2905)\n\n Vasiliy Kulikov discovered that the Comedi driver did not correctly clear\n memory. A local attacker could exploit this to read kernel stack memory,\n leading to a loss of privacy. (CVE-2011-2909)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1285-1\";\ntag_affected = \"linux on Ubuntu 11.04\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1285-1/\");\n script_id(840826);\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-12-02 13:30:37 +0530 (Fri, 02 Dec 2011)\");\n script_xref(name: \"USN\", value: \"1285-1\");\n script_cve_id(\"CVE-2011-2183\", \"CVE-2011-2491\", \"CVE-2011-2494\", \"CVE-2011-2495\",\n \"CVE-2011-2517\", \"CVE-2011-2905\", \"CVE-2011-2909\");\n script_name(\"Ubuntu Update for linux USN-1285-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-13-generic\", ver:\"2.6.38-13.52\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-13-generic-pae\", ver:\"2.6.38-13.52\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-13-omap\", ver:\"2.6.38-13.52\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-13-powerpc\", ver:\"2.6.38-13.52\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-13-powerpc-smp\", ver:\"2.6.38-13.52\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-13-powerpc64-smp\", ver:\"2.6.38-13.52\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-13-server\", ver:\"2.6.38-13.52\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-13-versatile\", ver:\"2.6.38-13.52\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-13-virtual\", ver:\"2.6.38-13.52\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:26:46", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1244-1", "cvss3": {}, "published": "2011-10-31T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-ti-omap4 USN-1244-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2491", "CVE-2011-2517", "CVE-2011-2495", "CVE-2011-2909", "CVE-2011-2494", "CVE-2011-3363", "CVE-2011-2905", "CVE-2011-2695", "CVE-2010-3873", "CVE-2011-2183"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840787", "href": "http://plugins.openvas.org/nasl.php?oid=840787", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1244_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for linux-ti-omap4 USN-1244-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Dan Rosenberg discovered that the Linux kernel X.25 implementation\n incorrectly parsed facilities. A remote attacker could exploit this to\n crash the kernel, leading to a denial of service. (CVE-2010-3873)\n\n Andrea Righi discovered a race condition in the KSM memory merging support.\n If KSM was being used, a local attacker could exploit this to crash the\n system, leading to a denial of service. (CVE-2011-2183)\n \n Vasily Averin discovered that the NFS Lock Manager (NLM) incorrectly\n handled unlock requests. A local attacker could exploit this to cause a\n denial of service. (CVE-2011-2491)\n \n Vasiliy Kulikov discovered that taskstats did not enforce access\n restrictions. A local attacker could exploit this to read certain\n information, leading to a loss of privacy. (CVE-2011-2494)\n \n Vasiliy Kulikov discovered that /proc/PID/io did not enforce access\n restrictions. A local attacker could exploit this to read certain\n information, leading to a loss of privacy. (CVE-2011-2495)\n \n It was discovered that the wireless stack incorrectly verified SSID\n lengths. A local attacker could exploit this to cause a denial of service\n or gain root privileges. (CVE-2011-2517)\n \n It was discovered that the EXT4 filesystem contained multiple off-by-one\n flaws. A local attacker could exploit this to crash the system, leading to\n a denial of service. (CVE-2011-2695)\n \n Christian Ohm discovered that the perf command looks for configuration\n files in the current directory. If a privileged user were tricked into\n running perf in a directory containing a malicious configuration file, an\n attacker could run arbitrary commands and possibly gain privileges.\n (CVE-2011-2905)\n \n Vasiliy Kulikov discovered that the Comedi driver did not correctly clear\n memory. A local attacker could exploit this to read kernel stack memory,\n leading to a loss of privacy. (CVE-2011-2909)\n \n Yogesh Sharma discovered that CIFS did not correctly handle UNCs that had\n no prefixpaths. A local attacker with access to a CIFS partition could\n exploit this to crash the system, leading to a denial of service.\n (CVE-2011-3363)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1244-1\";\ntag_affected = \"linux-ti-omap4 on Ubuntu 10.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1244-1/\");\n script_id(840787);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-31 13:45:00 +0100 (Mon, 31 Oct 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"USN\", value: \"1244-1\");\n script_cve_id(\"CVE-2010-3873\", \"CVE-2011-2183\", \"CVE-2011-2491\", \"CVE-2011-2494\",\n \"CVE-2011-2495\", \"CVE-2011-2517\", \"CVE-2011-2695\", \"CVE-2011-2905\",\n \"CVE-2011-2909\", \"CVE-2011-3363\");\n script_name(\"Ubuntu Update for linux-ti-omap4 USN-1244-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-903-omap4\", ver:\"2.6.35-903.26\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2020-08-15T16:26:46", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1244-1", "cvss3": {}, "published": "2011-10-31T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-ti-omap4 USN-1244-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2491", "CVE-2011-2517", "CVE-2011-2495", "CVE-2011-2909", "CVE-2011-2494", "CVE-2011-3363", "CVE-2011-2905", "CVE-2011-2695", "CVE-2010-3873", "CVE-2011-2183"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840787", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840787", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1244_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux-ti-omap4 USN-1244-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1244-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840787\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-31 13:45:00 +0100 (Mon, 31 Oct 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name:\"USN\", value:\"1244-1\");\n script_cve_id(\"CVE-2010-3873\", \"CVE-2011-2183\", \"CVE-2011-2491\", \"CVE-2011-2494\",\n \"CVE-2011-2495\", \"CVE-2011-2517\", \"CVE-2011-2695\", \"CVE-2011-2905\",\n \"CVE-2011-2909\", \"CVE-2011-3363\");\n script_name(\"Ubuntu Update for linux-ti-omap4 USN-1244-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU10\\.10\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1244-1\");\n script_tag(name:\"affected\", value:\"linux-ti-omap4 on Ubuntu 10.10\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Dan Rosenberg discovered that the Linux kernel X.25 implementation\n incorrectly parsed facilities. A remote attacker could exploit this to\n crash the kernel, leading to a denial of service. (CVE-2010-3873)\n\n Andrea Righi discovered a race condition in the KSM memory merging support.\n If KSM was being used, a local attacker could exploit this to crash the\n system, leading to a denial of service. (CVE-2011-2183)\n\n Vasily Averin discovered that the NFS Lock Manager (NLM) incorrectly\n handled unlock requests. A local attacker could exploit this to cause a\n denial of service. (CVE-2011-2491)\n\n Vasiliy Kulikov discovered that taskstats did not enforce access\n restrictions. A local attacker could exploit this to read certain\n information, leading to a loss of privacy. (CVE-2011-2494)\n\n Vasiliy Kulikov discovered that /proc/PID/io did not enforce access\n restrictions. A local attacker could exploit this to read certain\n information, leading to a loss of privacy. (CVE-2011-2495)\n\n It was discovered that the wireless stack incorrectly verified SSID\n lengths. A local attacker could exploit this to cause a denial of service\n or gain root privileges. (CVE-2011-2517)\n\n It was discovered that the EXT4 filesystem contained multiple off-by-one\n flaws. A local attacker could exploit this to crash the system, leading to\n a denial of service. (CVE-2011-2695)\n\n Christian Ohm discovered that the perf command looks for configuration\n files in the current directory. If a privileged user were tricked into\n running perf in a directory containing a malicious configuration file, an\n attacker could run arbitrary commands and possibly gain privileges.\n (CVE-2011-2905)\n\n Vasiliy Kulikov discovered that the Comedi driver did not correctly clear\n memory. A local attacker could exploit this to read kernel stack memory,\n leading to a loss of privacy. (CVE-2011-2909)\n\n Yogesh Sharma discovered that CIFS did not correctly handle UNCs that had\n no prefixpaths. A local attacker with access to a CIFS partition could\n exploit this to crash the system, leading to a denial of service.\n (CVE-2011-3363)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-903-omap4\", ver:\"2.6.35-903.26\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-12-04T11:27:14", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1278-1", "cvss3": {}, "published": "2011-11-25T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-lts-backport-maverick USN-1278-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2491", "CVE-2011-2517", "CVE-2011-2183", "CVE-2011-1585", "CVE-2011-2496"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840819", "href": "http://plugins.openvas.org/nasl.php?oid=840819", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1278_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for linux-lts-backport-maverick USN-1278-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that CIFS incorrectly handled authentication. When a user\n had a CIFS share mounted that required authentication, a local user could\n mount the same share without knowing the correct password. (CVE-2011-1585)\n\n Andrea Righi discovered a race condition in the KSM memory merging support.\n If KSM was being used, a local attacker could exploit this to crash the\n system, leading to a denial of service. (CVE-2011-2183)\n\n Vasily Averin discovered that the NFS Lock Manager (NLM) incorrectly\n handled unlock requests. A local attacker could exploit this to cause a\n denial of service. (CVE-2011-2491)\n\n Robert Swiecki discovered that mapping extensions were incorrectly handled.\n A local attacker could exploit this to crash the system, leading to a\n denial of service. (CVE-2011-2496)\n\n It was discovered that the wireless stack incorrectly verified SSID\n lengths. A local attacker could exploit this to cause a denial of service\n or gain root privileges. (CVE-2011-2517)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1278-1\";\ntag_affected = \"linux-lts-backport-maverick on Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1278-1/\");\n script_id(840819);\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-25 12:03:26 +0530 (Fri, 25 Nov 2011)\");\n script_xref(name: \"USN\", value: \"1278-1\");\n script_cve_id(\"CVE-2011-1585\", \"CVE-2011-2183\", \"CVE-2011-2491\", \"CVE-2011-2496\", \"CVE-2011-2517\");\n script_name(\"Ubuntu Update for linux-lts-backport-maverick USN-1278-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-31-generic\", ver:\"2.6.35-31.62~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-31-generic-pae\", ver:\"2.6.35-31.62~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-31-server\", ver:\"2.6.35-31.62~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-31-virtual\", ver:\"2.6.35-31.62~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:47", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1272-1", "cvss3": {}, "published": "2011-11-25T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-1272-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2491", "CVE-2011-2517", "CVE-2011-2183", "CVE-2011-1585", "CVE-2011-2496"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840814", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840814", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1272_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux USN-1272-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1272-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840814\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-25 12:00:44 +0530 (Fri, 25 Nov 2011)\");\n script_xref(name:\"USN\", value:\"1272-1\");\n script_cve_id(\"CVE-2011-1585\", \"CVE-2011-2183\", \"CVE-2011-2491\", \"CVE-2011-2496\", \"CVE-2011-2517\");\n script_name(\"Ubuntu Update for linux USN-1272-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU10\\.10\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1272-1\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 10.10\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"It was discovered that CIFS incorrectly handled authentication. When a user\n had a CIFS share mounted that required authentication, a local user could\n mount the same share without knowing the correct password. (CVE-2011-1585)\n\n Andrea Righi discovered a race condition in the KSM memory merging support.\n If KSM was being used, a local attacker could exploit this to crash the\n system, leading to a denial of service. (CVE-2011-2183)\n\n Vasily Averin discovered that the NFS Lock Manager (NLM) incorrectly\n handled unlock requests. A local attacker could exploit this to cause a\n denial of service. (CVE-2011-2491)\n\n Robert Swiecki discovered that mapping extensions were incorrectly handled.\n A local attacker could exploit this to crash the system, leading to a\n denial of service. (CVE-2011-2496)\n\n It was discovered that the wireless stack incorrectly verified SSID\n lengths. A local attacker could exploit this to cause a denial of service\n or gain root privileges. (CVE-2011-2517)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-31-generic\", ver:\"2.6.35-31.62\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-31-generic-pae\", ver:\"2.6.35-31.62\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-31-omap\", ver:\"2.6.35-31.62\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-31-powerpc\", ver:\"2.6.35-31.62\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-31-powerpc-smp\", ver:\"2.6.35-31.62\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-31-powerpc64-smp\", ver:\"2.6.35-31.62\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-31-server\", ver:\"2.6.35-31.62\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-31-versatile\", ver:\"2.6.35-31.62\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-31-virtual\", ver:\"2.6.35-31.62\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-12-04T11:26:43", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1272-1", "cvss3": {}, "published": "2011-11-25T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-1272-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2491", "CVE-2011-2517", "CVE-2011-2183", "CVE-2011-1585", "CVE-2011-2496"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840814", "href": "http://plugins.openvas.org/nasl.php?oid=840814", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1272_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for linux USN-1272-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that CIFS incorrectly handled authentication. When a user\n had a CIFS share mounted that required authentication, a local user could\n mount the same share without knowing the correct password. (CVE-2011-1585)\n\n Andrea Righi discovered a race condition in the KSM memory merging support.\n If KSM was being used, a local attacker could exploit this to crash the\n system, leading to a denial of service. (CVE-2011-2183)\n\n Vasily Averin discovered that the NFS Lock Manager (NLM) incorrectly\n handled unlock requests. A local attacker could exploit this to cause a\n denial of service. (CVE-2011-2491)\n\n Robert Swiecki discovered that mapping extensions were incorrectly handled.\n A local attacker could exploit this to crash the system, leading to a\n denial of service. (CVE-2011-2496)\n\n It was discovered that the wireless stack incorrectly verified SSID\n lengths. A local attacker could exploit this to cause a denial of service\n or gain root privileges. (CVE-2011-2517)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1272-1\";\ntag_affected = \"linux on Ubuntu 10.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1272-1/\");\n script_id(840814);\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-25 12:00:44 +0530 (Fri, 25 Nov 2011)\");\n script_xref(name: \"USN\", value: \"1272-1\");\n script_cve_id(\"CVE-2011-1585\", \"CVE-2011-2183\", \"CVE-2011-2491\", \"CVE-2011-2496\", \"CVE-2011-2517\");\n script_name(\"Ubuntu Update for linux USN-1272-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-31-generic\", ver:\"2.6.35-31.62\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-31-generic-pae\", ver:\"2.6.35-31.62\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-31-omap\", ver:\"2.6.35-31.62\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-31-powerpc\", ver:\"2.6.35-31.62\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-31-powerpc-smp\", ver:\"2.6.35-31.62\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-31-powerpc64-smp\", ver:\"2.6.35-31.62\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-31-server\", ver:\"2.6.35-31.62\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-31-versatile\", ver:\"2.6.35-31.62\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-31-virtual\", ver:\"2.6.35-31.62\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:32", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1278-1", "cvss3": {}, "published": "2011-11-25T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-lts-backport-maverick USN-1278-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2491", "CVE-2011-2517", "CVE-2011-2183", "CVE-2011-1585", "CVE-2011-2496"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840819", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840819", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1278_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux-lts-backport-maverick USN-1278-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1278-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840819\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-25 12:03:26 +0530 (Fri, 25 Nov 2011)\");\n script_xref(name:\"USN\", value:\"1278-1\");\n script_cve_id(\"CVE-2011-1585\", \"CVE-2011-2183\", \"CVE-2011-2491\", \"CVE-2011-2496\", \"CVE-2011-2517\");\n script_name(\"Ubuntu Update for linux-lts-backport-maverick USN-1278-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU10\\.04 LTS\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1278-1\");\n script_tag(name:\"affected\", value:\"linux-lts-backport-maverick on Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"It was discovered that CIFS incorrectly handled authentication. When a user\n had a CIFS share mounted that required authentication, a local user could\n mount the same share without knowing the correct password. (CVE-2011-1585)\n\n Andrea Righi discovered a race condition in the KSM memory merging support.\n If KSM was being used, a local attacker could exploit this to crash the\n system, leading to a denial of service. (CVE-2011-2183)\n\n Vasily Averin discovered that the NFS Lock Manager (NLM) incorrectly\n handled unlock requests. A local attacker could exploit this to cause a\n denial of service. (CVE-2011-2491)\n\n Robert Swiecki discovered that mapping extensions were incorrectly handled.\n A local attacker could exploit this to crash the system, leading to a\n denial of service. (CVE-2011-2496)\n\n It was discovered that the wireless stack incorrectly verified SSID\n lengths. A local attacker could exploit this to cause a denial of service\n or gain root privileges. (CVE-2011-2517)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-31-generic\", ver:\"2.6.35-31.62~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-31-generic-pae\", ver:\"2.6.35-31.62~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-31-server\", ver:\"2.6.35-31.62~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-31-virtual\", ver:\"2.6.35-31.62~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-12-04T11:27:35", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1241-1", "cvss3": {}, "published": "2011-10-31T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-fsl-imx51 USN-1241-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3188", "CVE-2011-2723", "CVE-2011-1776", "CVE-2011-2517", "CVE-2011-1576", "CVE-2011-1573", "CVE-2011-2928", "CVE-2011-2495", "CVE-2011-2909", "CVE-2011-2494", "CVE-2011-3363", "CVE-2011-2905", "CVE-2011-2213", "CVE-2011-2497", "CVE-2011-2695", "CVE-2011-2525", "CVE-2011-3191", "CVE-2011-2496"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840790", "href": "http://plugins.openvas.org/nasl.php?oid=840790", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1241_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for linux-fsl-imx51 USN-1241-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that the Stream Control Transmission Protocol (SCTP)\n implementation incorrectly calculated lengths. If the net.sctp.addip_enable\n variable was turned on, a remote attacker could send specially crafted\n traffic to crash the system. (CVE-2011-1573)\n\n Ryan Sweat discovered that the kernel incorrectly handled certain VLAN\n packets. On some systems, a remote attacker could send specially crafted\n traffic to crash the system, leading to a denial of service.\n (CVE-2011-1576)\n \n Timo Warns discovered that the EFI GUID partition table was not correctly\n parsed. A physically local attacker that could insert mountable devices\n could exploit this to crash the system or possibly gain root privileges.\n (CVE-2011-1776)\n \n Dan Rosenberg discovered that the IPv4 diagnostic routines did not\n correctly validate certain requests. A local attacker could exploit this to\n consume CPU resources, leading to a denial of service. (CVE-2011-2213)\n \n Vasiliy Kulikov discovered that taskstats did not enforce access\n restrictions. A local attacker could exploit this to read certain\n information, leading to a loss of privacy. (CVE-2011-2494)\n \n Vasiliy Kulikov discovered that /proc/PID/io did not enforce access\n restrictions. A local attacker could exploit this to read certain\n information, leading to a loss of privacy. (CVE-2011-2495)\n \n Robert Swiecki discovered that mapping extensions were incorrectly handled.\n A local attacker could exploit this to crash the system, leading to a\n denial of service. (CVE-2011-2496)\n \n Dan Rosenberg discovered that the Bluetooth stack incorrectly handled\n certain L2CAP requests. If a system was using Bluetooth, a remote attacker\n could send specially crafted traffic to crash the system or gain root\n privileges. (CVE-2011-2497)\n \n It was discovered that the wireless stack incorrectly verified SSID\n lengths. A local attacker could exploit this to cause a denial of service\n or gain root privileges. (CVE-2011-2517)\n \n Ben Pfaff discovered that Classless Queuing Disciplines (qdiscs) were being\n incorrectly handled. A local attacker could exploit this to crash the\n system, leading to a denial of service. (CVE-2011-2525)\n \n It was discovered that the EXT4 filesystem contained multiple off-by-one\n flaws. A local attacker could exploit this to crash the system, leading to\n a denial of service. (CVE-2011-2695)\n \n Herbert Xu discovered that certain fields were incorrectly handled when\n Generic Receive Offload (CVE-2011-2723)\n \n Christian Ohm discovered that the perf command looks for configuration\n files in the curre ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1241-1\";\ntag_affected = \"linux-fsl-imx51 on Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1241-1/\");\n script_id(840790);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-31 13:45:00 +0100 (Mon, 31 Oct 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"1241-1\");\n script_cve_id(\"CVE-2011-1573\", \"CVE-2011-1576\", \"CVE-2011-1776\", \"CVE-2011-2213\",\n \"CVE-2011-2494\", \"CVE-2011-2495\", \"CVE-2011-2496\", \"CVE-2011-2497\",\n \"CVE-2011-2517\", \"CVE-2011-2525\", \"CVE-2011-2695\", \"CVE-2011-2723\",\n \"CVE-2011-2905\", \"CVE-2011-2909\", \"CVE-2011-2928\", \"CVE-2011-3188\",\n \"CVE-2011-3191\", \"CVE-2011-3363\");\n script_name(\"Ubuntu Update for linux-fsl-imx51 USN-1241-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.31-611-imx51\", ver:\"2.6.31-611.29\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-08-01T16:18:33", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1241-1", "cvss3": {}, "published": "2011-10-31T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-fsl-imx51 USN-1241-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3188", "CVE-2011-2723", "CVE-2011-1776", "CVE-2011-2517", "CVE-2011-1576", "CVE-2011-1573", "CVE-2011-2928", "CVE-2011-2495", "CVE-2011-2909", "CVE-2011-2494", "CVE-2011-3363", "CVE-2011-2905", "CVE-2011-2213", "CVE-2011-2497", "CVE-2011-2695", "CVE-2011-2525", "CVE-2011-3191", "CVE-2011-2496"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840790", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840790", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1241_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux-fsl-imx51 USN-1241-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1241-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840790\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-31 13:45:00 +0100 (Mon, 31 Oct 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"USN\", value:\"1241-1\");\n script_cve_id(\"CVE-2011-1573\", \"CVE-2011-1576\", \"CVE-2011-1776\", \"CVE-2011-2213\",\n \"CVE-2011-2494\", \"CVE-2011-2495\", \"CVE-2011-2496\", \"CVE-2011-2497\",\n \"CVE-2011-2517\", \"CVE-2011-2525\", \"CVE-2011-2695\", \"CVE-2011-2723\",\n \"CVE-2011-2905\", \"CVE-2011-2909\", \"CVE-2011-2928\", \"CVE-2011-3188\",\n \"CVE-2011-3191\", \"CVE-2011-3363\");\n script_name(\"Ubuntu Update for linux-fsl-imx51 USN-1241-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU10\\.04 LTS\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1241-1\");\n script_tag(name:\"affected\", value:\"linux-fsl-imx51 on Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"It was discovered that the Stream Control Transmission Protocol (SCTP)\n implementation incorrectly calculated lengths. If the net.sctp.addip_enable\n variable was turned on, a remote attacker could send specially crafted\n traffic to crash the system. (CVE-2011-1573)\n\n Ryan Sweat discovered that the kernel incorrectly handled certain VLAN\n packets. On some systems, a remote attacker could send specially crafted\n traffic to crash the system, leading to a denial of service.\n (CVE-2011-1576)\n\n Timo Warns discovered that the EFI GUID partition table was not correctly\n parsed. A physically local attacker that could insert mountable devices\n could exploit this to crash the system or possibly gain root privileges.\n (CVE-2011-1776)\n\n Dan Rosenberg discovered that the IPv4 diagnostic routines did not\n correctly validate certain requests. A local attacker could exploit this to\n consume CPU resources, leading to a denial of service. (CVE-2011-2213)\n\n Vasiliy Kulikov discovered that taskstats did not enforce access\n restrictions. A local attacker could exploit this to read certain\n information, leading to a loss of privacy. (CVE-2011-2494)\n\n Vasiliy Kulikov discovered that /proc/PID/io did not enforce access\n restrictions. A local attacker could exploit this to read certain\n information, leading to a loss of privacy. (CVE-2011-2495)\n\n Robert Swiecki discovered that mapping extensions were incorrectly handled.\n A local attacker could exploit this to crash the system, leading to a\n denial of service. (CVE-2011-2496)\n\n Dan Rosenberg discovered that the Bluetooth stack incorrectly handled\n certain L2CAP requests. If a system was using Bluetooth, a remote attacker\n could send specially crafted traffic to crash the system or gain root\n privileges. (CVE-2011-2497)\n\n It was discovered that the wireless stack incorrectly verified SSID\n lengths. A local attacker could exploit this to cause a denial of service\n or gain root privileges. (CVE-2011-2517)\n\n Ben Pfaff discovered that Classless Queuing Disciplines (qdiscs) were being\n incorrectly handled. A local attacker could exploit this to crash the\n system, leading to a denial of service. (CVE-2011-2525)\n\n It was discovered that the EXT4 filesystem contained multiple off-by-one\n flaws. A local attacker could exploit this to crash the system, leading to\n a denial of service. (CVE-2011-2695)\n\n Herbert Xu discovered that certain fields were incorrectly handled when\n Generic Receive Offload (CVE-2011-2723)\n\n Christian Ohm discovered that the perf command looks for configuration\n files in the curre ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.31-611-imx51\", ver:\"2.6.31-611.29\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-01T16:15:50", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1228-1", "cvss3": {}, "published": "2011-10-14T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-ti-omap4 USN-1228-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3188", "CVE-2011-2723", "CVE-2011-1776", "CVE-2011-2928", "CVE-2011-2700", "CVE-2011-2213", "CVE-2011-2497", "CVE-2011-2695", "CVE-2011-3191"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840771", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840771", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1228_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux-ti-omap4 USN-1228-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1228-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840771\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-14 14:22:41 +0200 (Fri, 14 Oct 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"USN\", value:\"1228-1\");\n script_cve_id(\"CVE-2011-1776\", \"CVE-2011-2213\", \"CVE-2011-2497\", \"CVE-2011-2695\", \"CVE-2011-2700\", \"CVE-2011-2723\", \"CVE-2011-2928\", \"CVE-2011-3188\", \"CVE-2011-3191\");\n script_name(\"Ubuntu Update for linux-ti-omap4 USN-1228-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU11\\.04\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1228-1\");\n script_tag(name:\"affected\", value:\"linux-ti-omap4 on Ubuntu 11.04\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Timo Warns discovered that the EFI GUID partition table was not correctly\n parsed. A physically local attacker that could insert mountable devices\n could exploit this to crash the system or possibly gain root privileges.\n (CVE-2011-1776)\n\n Dan Rosenberg discovered that the IPv4 diagnostic routines did not\n correctly validate certain requests. A local attacker could exploit this to\n consume CPU resources, leading to a denial of service. (CVE-2011-2213)\n\n Dan Rosenberg discovered that the Bluetooth stack incorrectly handled\n certain L2CAP requests. If a system was using Bluetooth, a remote attacker\n could send specially crafted traffic to crash the system or gain root\n privileges. (CVE-2011-2497)\n\n It was discovered that the EXT4 filesystem contained multiple off-by-one\n flaws. A local attacker could exploit this to crash the system, leading to\n a denial of service. (CVE-2011-2695)\n\n Mauro Carvalho Chehab discovered that the si4713 radio driver did not\n correctly check the length of memory copies. If this hardware was\n available, a local attacker could exploit this to crash the system or gain\n root privileges. (CVE-2011-2700)\n\n Herbert Xu discovered that certain fields were incorrectly handled when\n Generic Receive Offload (CVE-2011-2723)\n\n Time Warns discovered that long symlinks were incorrectly handled on Be\n filesystems. A local attacker could exploit this with a malformed Be\n filesystem and crash the system, leading to a denial of service.\n (CVE-2011-2928)\n\n Dan Kaminsky discovered that the kernel incorrectly handled random sequence\n number generation. An attacker could use this flaw to possibly predict\n sequence numbers and inject packets. (CVE-2011-3188)\n\n Darren Lavender discovered that the CIFS client incorrectly handled certain\n large values. A remote attacker with a malicious server could exploit this\n to crash the system or possibly execute arbitrary code as the root user.\n (CVE-2011-3191)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-1209-omap4\", ver:\"2.6.38-1209.16\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-12-04T11:26:35", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1228-1", "cvss3": {}, "published": "2011-10-14T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-ti-omap4 USN-1228-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3188", "CVE-2011-2723", "CVE-2011-1776", "CVE-2011-2928", "CVE-2011-2700", "CVE-2011-2213", "CVE-2011-2497", "CVE-2011-2695", "CVE-2011-3191"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840771", "href": "http://plugins.openvas.org/nasl.php?oid=840771", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1228_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for linux-ti-omap4 USN-1228-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Timo Warns discovered that the EFI GUID partition table was not correctly\n parsed. A physically local attacker that could insert mountable devices\n could exploit this to crash the system or possibly gain root privileges.\n (CVE-2011-1776)\n\n Dan Rosenberg discovered that the IPv4 diagnostic routines did not\n correctly validate certain requests. A local attacker could exploit this to\n consume CPU resources, leading to a denial of service. (CVE-2011-2213)\n \n Dan Rosenberg discovered that the Bluetooth stack incorrectly handled\n certain L2CAP requests. If a system was using Bluetooth, a remote attacker\n could send specially crafted traffic to crash the system or gain root\n privileges. (CVE-2011-2497)\n \n It was discovered that the EXT4 filesystem contained multiple off-by-one\n flaws. A local attacker could exploit this to crash the system, leading to\n a denial of service. (CVE-2011-2695)\n \n Mauro Carvalho Chehab discovered that the si4713 radio driver did not\n correctly check the length of memory copies. If this hardware was\n available, a local attacker could exploit this to crash the system or gain\n root privileges. (CVE-2011-2700)\n \n Herbert Xu discovered that certain fields were incorrectly handled when\n Generic Receive Offload (CVE-2011-2723)\n \n Time Warns discovered that long symlinks were incorrectly handled on Be\n filesystems. A local attacker could exploit this with a malformed Be\n filesystem and crash the system, leading to a denial of service.\n (CVE-2011-2928)\n \n Dan Kaminsky discovered that the kernel incorrectly handled random sequence\n number generation. An attacker could use this flaw to possibly predict\n sequence numbers and inject packets. (CVE-2011-3188)\n \n Darren Lavender discovered that the CIFS client incorrectly handled certain\n large values. A remote attacker with a malicious server could exploit this\n to crash the system or possibly execute arbitrary code as the root user.\n (CVE-2011-3191)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1228-1\";\ntag_affected = \"linux-ti-omap4 on Ubuntu 11.04\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1228-1/\");\n script_id(840771);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-14 14:22:41 +0200 (Fri, 14 Oct 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"1228-1\");\n script_cve_id(\"CVE-2011-1776\", \"CVE-2011-2213\", \"CVE-2011-2497\", \"CVE-2011-2695\", \"CVE-2011-2700\", \"CVE-2011-2723\", \"CVE-2011-2928\", \"CVE-2011-3188\", \"CVE-2011-3191\");\n script_name(\"Ubuntu Update for linux-ti-omap4 USN-1228-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-1209-omap4\", ver:\"2.6.38-1209.16\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-06-11T17:53:22", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for kernel CESA-2011:0927 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1746", "CVE-2011-0695", "CVE-2010-4649", "CVE-2011-1776", "CVE-2011-1576", "CVE-2011-1573", "CVE-2011-2492", "CVE-2011-0711", "CVE-2011-2022", "CVE-2011-1044", "CVE-2011-1593", "CVE-2011-1936", "CVE-2011-2213", "CVE-2011-1745", "CVE-2011-1182"], "modified": "2020-06-09T00:00:00", "id": "OPENVAS:1361412562310880545", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880545", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kernel CESA-2011:0927 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2011-July/017646.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880545\");\n script_version(\"2020-06-09T14:44:58+0000\");\n script_tag(name:\"last_modification\", value:\"2020-06-09 14:44:58 +0000 (Tue, 09 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2011:0927\");\n script_cve_id(\"CVE-2010-4649\", \"CVE-2011-0695\", \"CVE-2011-0711\", \"CVE-2011-1044\",\n \"CVE-2011-1182\", \"CVE-2011-1573\", \"CVE-2011-1576\", \"CVE-2011-1593\",\n \"CVE-2011-1745\", \"CVE-2011-1746\", \"CVE-2011-1776\", \"CVE-2011-1936\",\n \"CVE-2011-2022\", \"CVE-2011-2213\", \"CVE-2011-2492\");\n script_name(\"CentOS Update for kernel CESA-2011:0927 centos5 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"kernel on CentOS 5\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n This update fixes the following security issues:\n\n * An integer overflow flaw in ib_uverbs_poll_cq() could allow a local,\n unprivileged user to cause a denial of service or escalate their\n privileges. (CVE-2010-4649, Important)\n\n * A race condition in the way new InfiniBand connections were set up could\n allow a remote user to cause a denial of service. (CVE-2011-0695,\n Important)\n\n * A flaw in the Stream Control Transmission Protocol (SCTP) implementation\n could allow a remote attacker to cause a denial of service if the sysctl\n 'net.sctp.addip_enable' variable was turned on (it is off by default).\n (CVE-2011-1573, Important)\n\n * Flaws in the AGPGART driver implementation when handling certain IOCTL\n commands could allow a local, unprivileged user to cause a denial of\n service or escalate their privileges. (CVE-2011-1745, CVE-2011-2022,\n Important)\n\n * An integer overflow flaw in agp_allocate_memory() could allow a local,\n unprivileged user to cause a denial of service or escalate their\n privileges. (CVE-2011-1746, Important)\n\n * A flaw allowed napi_reuse_skb() to be called on VLAN (virtual LAN)\n packets. An attacker on the local network could trigger this flaw by\n sending specially-crafted packets to a target system, possibly causing a\n denial of service. (CVE-2011-1576, Moderate)\n\n * An integer signedness error in next_pidmap() could allow a local,\n unprivileged user to cause a denial of service. (CVE-2011-1593, Moderate)\n\n * A flaw in the way the Xen hypervisor implementation handled CPUID\n instruction emulation during virtual machine exits could allow an\n unprivileged guest user to crash a guest. This only affects systems that\n have an Intel x86 processor with the Intel VT-x extension enabled.\n (CVE-2011-1936, Moderate)\n\n * A flaw in inet_diag_bc_audit() could allow a local, unprivileged user to\n cause a denial of service (infinite loop). (CVE-2011-2213, Moderate)\n\n * A missing initialization flaw in the XFS file system implementation\n could lead to an information leak. (CVE-2011-0711, Low)\n\n * A flaw in ib_uverbs_poll_cq() could allow a local, unprivileged user to\n cause an information leak. (CVE-2011-1044, Low)\n\n * A missing validation check was found in the signals implementation. A\n local, unprivileged user could use this flaw to send signals via the\n sigqueueinfo system call, with the si_code set to SI_TKILL and with spoofed\n process and user IDs, to other processes. Note: This flaw does not allow\n existing permission check ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.18~238.19.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.18~238.19.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.18~238.19.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.18~238.19.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.18~238.19.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.18~238.19.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.18~238.19.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.18~238.19.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.18~238.19.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.18~238.19.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-27T10:55:06", "description": "Check for the Version of kernel", "cvss3": {}, "published": "2011-07-18T00:00:00", "type": "openvas", "title": "RedHat Update for kernel RHSA-2011:0927-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1746", "CVE-2011-0695", "CVE-2010-4649", "CVE-2011-1776", "CVE-2011-1576", "CVE-2011-1573", "CVE-2011-2492", "CVE-2011-0711", "CVE-2011-2022", "CVE-2011-1044", "CVE-2011-1593", "CVE-2011-1936", "CVE-2011-2213", "CVE-2011-1745", "CVE-2011-1182"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:870453", "href": "http://plugins.openvas.org/nasl.php?oid=870453", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for kernel RHSA-2011:0927-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n This update fixes the following security issues:\n \n * An integer overflow flaw in ib_uverbs_poll_cq() could allow a local,\n unprivileged user to cause a denial of service or escalate their\n privileges. (CVE-2010-4649, Important)\n \n * A race condition in the way new InfiniBand connections were set up could\n allow a remote user to cause a denial of service. (CVE-2011-0695,\n Important)\n \n * A flaw in the Stream Control Transmission Protocol (SCTP) implementation\n could allow a remote attacker to cause a denial of service if the sysctl\n "net.sctp.addip_enable" variable was turned on (it is off by default).\n (CVE-2011-1573, Important)\n \n * Flaws in the AGPGART driver implementation when handling certain IOCTL\n commands could allow a local, unprivileged user to cause a denial of\n service or escalate their privileges. (CVE-2011-1745, CVE-2011-2022,\n Important)\n \n * An integer overflow flaw in agp_allocate_memory() could allow a local,\n unprivileged user to cause a denial of service or escalate their\n privileges. (CVE-2011-1746, Important)\n \n * A flaw allowed napi_reuse_skb() to be called on VLAN (virtual LAN)\n packets. An attacker on the local network could trigger this flaw by\n sending specially-crafted packets to a target system, possibly causing a\n denial of service. (CVE-2011-1576, Moderate)\n \n * An integer signedness error in next_pidmap() could allow a local,\n unprivileged user to cause a denial of service. (CVE-2011-1593, Moderate)\n \n * A flaw in the way the Xen hypervisor implementation handled CPUID\n instruction emulation during virtual machine exits could allow an\n unprivileged guest user to crash a guest. This only affects systems that\n have an Intel x86 processor with the Intel VT-x extension enabled.\n (CVE-2011-1936, Moderate)\n \n * A flaw in inet_diag_bc_audit() could allow a local, unprivileged user to\n cause a denial of service (infinite loop). (CVE-2011-2213, Moderate)\n \n * A missing initialization flaw in the XFS file system implementation\n could lead to an information leak. (CVE-2011-0711, Low)\n \n * A flaw in ib_uverbs_poll_cq() could allow a local, unprivileged user to\n cause an information leak. (CVE-2011-1044, Low)\n \n * A missing validation check was found in the signals implementation. A\n local, unprivileged user could use this flaw to send signals via the\n sigqueueinfo system call, with the si_code set to SI_TKILL and with spoofed\n process and user IDs, to other processes. Note: This flaw does not al ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"kernel on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2011-July/msg00007.html\");\n script_id(870453);\n script_version(\"$Revision: 6685 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:44:46 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-07-18 15:23:56 +0200 (Mon, 18 Jul 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2011:0927-01\");\n script_cve_id(\"CVE-2010-4649\", \"CVE-2011-0695\", \"CVE-2011-0711\", \"CVE-2011-1044\", \"CVE-2011-1182\", \"CVE-2011-1573\", \"CVE-2011-1576\", \"CVE-2011-1593\", \"CVE-2011-1745\", \"CVE-2011-1746\", \"CVE-2011-1776\", \"CVE-2011-1936\", \"CVE-2011-2022\", \"CVE-2011-2213\", \"CVE-2011-2492\");\n script_name(\"RedHat Update for kernel RHSA-2011:0927-01\");\n\n script_summary(\"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.18~238.19.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.18~238.19.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE-debuginfo\", rpm:\"kernel-PAE-debuginfo~2.6.18~238.19.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.18~238.19.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.18~238.19.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.18~238.19.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.18~238.19.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.18~238.19.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common\", rpm:\"kernel-debuginfo-common~2.6.18~238.19.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.18~238.19.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.18~238.19.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.18~238.19.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-debuginfo\", rpm:\"kernel-xen-debuginfo~2.6.18~238.19.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.18~238.19.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.18~238.19.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:52", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-07-18T00:00:00", "type": "openvas", "title": "RedHat Update for kernel RHSA-2011:0927-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1746", "CVE-2011-0695", "CVE-2010-4649", "CVE-2011-1776", "CVE-2011-1576", "CVE-2011-1573", "CVE-2011-2492", "CVE-2011-0711", "CVE-2011-2022", "CVE-2011-1044", "CVE-2011-1593", "CVE-2011-1936", "CVE-2011-2213", "CVE-2011-1745", "CVE-2011-1182"], "modified": "2019-03-12T00:00:00", "id": "OPENVAS:1361412562310870453", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870453", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for kernel RHSA-2011:0927-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2011-July/msg00007.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870453\");\n script_version(\"$Revision: 14114 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-12 12:48:52 +0100 (Tue, 12 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-07-18 15:23:56 +0200 (Mon, 18 Jul 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"RHSA\", value:\"2011:0927-01\");\n script_cve_id(\"CVE-2010-4649\", \"CVE-2011-0695\", \"CVE-2011-0711\", \"CVE-2011-1044\", \"CVE-2011-1182\", \"CVE-2011-1573\", \"CVE-2011-1576\", \"CVE-2011-1593\", \"CVE-2011-1745\", \"CVE-2011-1746\", \"CVE-2011-1776\", \"CVE-2011-1936\", \"CVE-2011-2022\", \"CVE-2011-2213\", \"CVE-2011-2492\");\n script_name(\"RedHat Update for kernel RHSA-2011:0927-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_5\");\n script_tag(name:\"affected\", value:\"kernel on Red Hat Enterprise Linux (v. 5 server)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n This update fixes the following security issues:\n\n * An integer overflow flaw in ib_uverbs_poll_cq() could allow a local,\n unprivileged user to cause a denial of service or escalate their\n privileges. (CVE-2010-4649, Important)\n\n * A race condition in the way new InfiniBand connections were set up could\n allow a remote user to cause a denial of service. (CVE-2011-0695,\n Important)\n\n * A flaw in the Stream Control Transmission Protocol (SCTP) implementation\n could allow a remote attacker to cause a denial of service if the sysctl\n 'net.sctp.addip_enable' variable was turned on (it is off by default).\n (CVE-2011-1573, Important)\n\n * Flaws in the AGPGART driver implementation when handling certain IOCTL\n commands could allow a local, unprivileged user to cause a denial of\n service or escalate their privileges. (CVE-2011-1745, CVE-2011-2022,\n Important)\n\n * An integer overflow flaw in agp_allocate_memory() could allow a local,\n unprivileged user to cause a denial of service or escalate their\n privileges. (CVE-2011-1746, Important)\n\n * A flaw allowed napi_reuse_skb() to be called on VLAN (virtual LAN)\n packets. An attacker on the local network could trigger this flaw by\n sending specially-crafted packets to a target system, possibly causing a\n denial of service. (CVE-2011-1576, Moderate)\n\n * An integer signedness error in next_pidmap() could allow a local,\n unprivileged user to cause a denial of service. (CVE-2011-1593, Moderate)\n\n * A flaw in the way the Xen hypervisor implementation handled CPUID\n instruction emulation during virtual machine exits could allow an\n unprivileged guest user to crash a guest. This only affects systems that\n have an Intel x86 processor with the Intel VT-x extension enabled.\n (CVE-2011-1936, Moderate)\n\n * A flaw in inet_diag_bc_audit() could allow a local, unprivileged user to\n cause a denial of service (infinite loop). (CVE-2011-2213, Moderate)\n\n * A missing initialization flaw in the XFS file system implementation\n could lead to an information leak. (CVE-2011-0711, Low)\n\n * A flaw in ib_uverbs_poll_cq() could allow a local, unprivileged user to\n cause an information leak. (CVE-2011-1044, Low)\n\n * A missing validation check was found in the signals implementation. A\n local, unprivileged user could use this flaw to send signals via the\n sigqueueinfo system call, with the si_code set to SI_TKILL and with spoofed\n process and user IDs, to other processes. Note: This flaw does not al ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.18~238.19.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.18~238.19.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE-debuginfo\", rpm:\"kernel-PAE-debuginfo~2.6.18~238.19.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.18~238.19.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.18~238.19.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.18~238.19.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.18~238.19.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.18~238.19.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common\", rpm:\"kernel-debuginfo-common~2.6.18~238.19.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.18~238.19.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.18~238.19.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.18~238.19.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-debuginfo\", rpm:\"kernel-xen-debuginfo~2.6.18~238.19.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.18~238.19.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.18~238.19.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-25T10:55:57", "description": "Check for the Version of kernel", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for kernel CESA-2011:0927 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1746", "CVE-2011-0695", "CVE-2010-4649", "CVE-2011-1776", "CVE-2011-1576", "CVE-2011-1573", "CVE-2011-2492", "CVE-2011-0711", "CVE-2011-2022", "CVE-2011-1044", "CVE-2011-1593", "CVE-2011-1936", "CVE-2011-2213", "CVE-2011-1745", "CVE-2011-1182"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880545", "href": "http://plugins.openvas.org/nasl.php?oid=880545", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kernel CESA-2011:0927 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n This update fixes the following security issues:\n \n * An integer overflow flaw in ib_uverbs_poll_cq() could allow a local,\n unprivileged user to cause a denial of service or escalate their\n privileges. (CVE-2010-4649, Important)\n \n * A race condition in the way new InfiniBand connections were set up could\n allow a remote user to cause a denial of service. (CVE-2011-0695,\n Important)\n \n * A flaw in the Stream Control Transmission Protocol (SCTP) implementation\n could allow a remote attacker to cause a denial of service if the sysctl\n "net.sctp.addip_enable" variable was turned on (it is off by default).\n (CVE-2011-1573, Important)\n \n * Flaws in the AGPGART driver implementation when handling certain IOCTL\n commands could allow a local, unprivileged user to cause a denial of\n service or escalate their privileges. (CVE-2011-1745, CVE-2011-2022,\n Important)\n \n * An integer overflow flaw in agp_allocate_memory() could allow a local,\n unprivileged user to cause a denial of service or escalate their\n privileges. (CVE-2011-1746, Important)\n \n * A flaw allowed napi_reuse_skb() to be called on VLAN (virtual LAN)\n packets. An attacker on the local network could trigger this flaw by\n sending specially-crafted packets to a target system, possibly causing a\n denial of service. (CVE-2011-1576, Moderate)\n \n * An integer signedness error in next_pidmap() could allow a local,\n unprivileged user to cause a denial of service. (CVE-2011-1593, Moderate)\n \n * A flaw in the way the Xen hypervisor implementation handled CPUID\n instruction emulation during virtual machine exits could allow an\n unprivileged guest user to crash a guest. This only affects systems that\n have an Intel x86 processor with the Intel VT-x extension enabled.\n (CVE-2011-1936, Moderate)\n \n * A flaw in inet_diag_bc_audit() could allow a local, unprivileged user to\n cause a denial of service (infinite loop). (CVE-2011-2213, Moderate)\n \n * A missing initialization flaw in the XFS file system implementation\n could lead to an information leak. (CVE-2011-0711, Low)\n \n * A flaw in ib_uverbs_poll_cq() could allow a local, unprivileged user to\n cause an information leak. (CVE-2011-1044, Low)\n \n * A missing validation check was found in the signals implementation. A\n local, unprivileged user could use this flaw to send signals via the\n sigqueueinfo system call, with the si_code set to SI_TKILL and with spoofed\n process and user IDs, to other processes. Note: This flaw does not allow\n existing permission chec ... \n\n Description truncated, for more information please check the Reference URL\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"kernel on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-July/017646.html\");\n script_id(880545);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2011:0927\");\n script_cve_id(\"CVE-2010-4649\", \"CVE-2011-0695\", \"CVE-2011-0711\", \"CVE-2011-1044\",\n \"CVE-2011-1182\", \"CVE-2011-1573\", \"CVE-2011-1576\", \"CVE-2011-1593\",\n \"CVE-2011-1745\", \"CVE-2011-1746\", \"CVE-2011-1776\", \"CVE-2011-1936\",\n \"CVE-2011-2022\", \"CVE-2011-2213\", \"CVE-2011-2492\");\n script_name(\"CentOS Update for kernel CESA-2011:0927 centos5 i386\");\n\n script_summary(\"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.18~238.19.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.18~238.19.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.18~238.19.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.18~238.19.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.18~238.19.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.18~238.19.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.18~238.19.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.18~238.19.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.18~238.19.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.18~238.19.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-06T13:07:44", "description": "Check for the Version of kernel", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for kernel CESA-2011:0927 centos5 x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1746", "CVE-2011-0695", "CVE-2010-4649", "CVE-2011-1776", "CVE-2011-1576", "CVE-2011-1573", "CVE-2011-2492", "CVE-2011-0711", "CVE-2011-2022", "CVE-2011-1044", "CVE-2011-1593", "CVE-2011-1936", "CVE-2011-2213", "CVE-2011-1745", "CVE-2011-1182"], "modified": "2018-01-05T00:00:00", "id": "OPENVAS:881342", "href": "http://plugins.openvas.org/nasl.php?oid=881342", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kernel CESA-2011:0927 centos5 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n This update fixes the following security issues:\n \n * An integer overflow flaw in ib_uverbs_poll_cq() could allow a local,\n unprivileged user to cause a denial of service or escalate their\n privileges. (CVE-2010-4649, Important)\n \n * A race condition in the way new InfiniBand connections were set up could\n allow a remote user to cause a denial of service. (CVE-2011-0695,\n Important)\n \n * A flaw in the Stream Control Transmission Protocol (SCTP) implementation\n could allow a remote attacker to cause a denial of service if the sysctl\n "net.sctp.addip_enable" variable was turned on (it is off by default).\n (CVE-2011-1573, Important)\n \n * Flaws in the AGPGART driver implementation when handling certain IOCTL\n commands could allow a local, unprivileged user to cause a denial of\n service or escalate their privileges. (CVE-2011-1745, CVE-2011-2022,\n Important)\n \n * An integer overflow flaw in agp_allocate_memory() could allow a local,\n unprivileged user to cause a denial of service or escalate their\n privileges. (CVE-2011-1746, Important)\n \n * A flaw allowed napi_reuse_skb() to be called on VLAN (virtual LAN)\n packets. An attacker on the local network could trigger this flaw by\n sending specially-crafted packets to a target system, possibly causing a\n denial of service. (CVE-2011-1576, Moderate)\n \n * An integer signedness error in next_pidmap() could allow a local,\n unprivileged user to cause a denial of service. (CVE-2011-1593, Moderate)\n \n * A flaw in the way the Xen hypervisor implementation handled CPUID\n instruction emulation during virtual machine exits could allow an\n unprivileged guest user to crash a guest. This only affects systems that\n have an Intel x86 processor with the Intel VT-x extension enabled.\n (CVE-2011-1936, Moderate)\n \n * A flaw in inet_diag_bc_audit() could allow a local, unprivileged user to\n cause a denial of service (infinite loop). (CVE-2011-2213, Moderate)\n \n * A missing initialization flaw in the XFS file system implementation\n could lead to an information leak. (CVE-2011-0711, Low)\n \n * A flaw in ib_uverbs_poll_cq() could allow a local, unprivileged user to\n cause an information leak. (CVE-2011-1044, Low)\n \n * A missing validation check was found in the signals implementation. A\n local, unprivileged user could use this flaw to send signals via the\n sigqueueinfo system call, with the si_code set to SI_TKILL and with spoofed\n process and user IDs, to other processes. Note: This flaw does not allow\n existing permission chec ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"kernel on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-July/017647.html\");\n script_id(881342);\n script_version(\"$Revision: 8295 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-05 07:29:18 +0100 (Fri, 05 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:27:32 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2010-4649\", \"CVE-2011-0695\", \"CVE-2011-0711\", \"CVE-2011-1044\",\n \"CVE-2011-1182\", \"CVE-2011-1573\", \"CVE-2011-1576\", \"CVE-2011-1593\",\n \"CVE-2011-1745\", \"CVE-2011-1746\", \"CVE-2011-1776\", \"CVE-2011-1936\",\n \"CVE-2011-2022\", \"CVE-2011-2213\", \"CVE-2011-2492\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2011:0927\");\n script_name(\"CentOS Update for kernel CESA-2011:0927 centos5 x86_64\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.18~238.19.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.18~238.19.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.18~238.19.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.18~238.19.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.18~238.19.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.18~238.19.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.18~238.19.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.18~238.19.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:36:45", "description": "Oracle Linux Local Security Checks ELSA-2011-0927", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2011-0927", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1746", "CVE-2011-0695", "CVE-2010-4649", "CVE-2011-1776", "CVE-2011-1576", "CVE-2011-1573", "CVE-2011-2492", "CVE-2011-0711", "CVE-2011-2022", "CVE-2011-1044", "CVE-2011-1593", "CVE-2011-1936", "CVE-2011-2213", "CVE-2011-1745", "CVE-2011-1182"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122132", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122132", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2011-0927.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122132\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:13:35 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2011-0927\");\n script_tag(name:\"insight\", value:\"ELSA-2011-0927 - kernel security and bug fix update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2011-0927\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2011-0927.html\");\n script_cve_id(\"CVE-2010-4649\", \"CVE-2011-0695\", \"CVE-2011-0711\", \"CVE-2011-1044\", \"CVE-2011-1182\", \"CVE-2011-1573\", \"CVE-2011-1576\", \"CVE-2011-1593\", \"CVE-2011-1745\", \"CVE-2011-1746\", \"CVE-2011-1776\", \"CVE-2011-1936\", \"CVE-2011-2022\", \"CVE-2011-2213\", \"CVE-2011-2492\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.18~238.19.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.18~238.19.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.18~238.19.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.18~238.19.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.18~238.19.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.18~238.19.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.18~238.19.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.18~238.19.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.18~238.19.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.18~238.19.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ocfs2\", rpm:\"ocfs2~2.6.18~238.19.1.0.1.el5~1.4.8~2.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ocfs2\", rpm:\"ocfs2~2.6.18~238.19.1.0.1.el5PAE~1.4.8~2.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ocfs2\", rpm:\"ocfs2~2.6.18~238.19.1.0.1.el5debug~1.4.8~2.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ocfs2\", rpm:\"ocfs2~2.6.18~238.19.1.0.1.el5xen~1.4.8~2.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"oracleasm\", rpm:\"oracleasm~2.6.18~238.19.1.0.1.el5~2.0.5~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"oracleasm\", rpm:\"oracleasm~2.6.18~238.19.1.0.1.el5PAE~2.0.5~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"oracleasm\", rpm:\"oracleasm~2.6.18~238.19.1.0.1.el5debug~2.0.5~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"oracleasm\", rpm:\"oracleasm~2.6.18~238.19.1.0.1.el5xen~2.0.5~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-11T17:47:52", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for kernel CESA-2011:0927 centos5 x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1746", "CVE-2011-0695", "CVE-2010-4649", "CVE-2011-1776", "CVE-2011-1576", "CVE-2011-1573", "CVE-2011-2492", "CVE-2011-0711", "CVE-2011-2022", "CVE-2011-1044", "CVE-2011-1593", "CVE-2011-1936", "CVE-2011-2213", "CVE-2011-1745", "CVE-2011-1182"], "modified": "2020-06-09T00:00:00", "id": "OPENVAS:1361412562310881342", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881342", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kernel CESA-2011:0927 centos5 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2011-July/017647.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881342\");\n script_version(\"2020-06-09T14:44:58+0000\");\n script_tag(name:\"last_modification\", value:\"2020-06-09 14:44:58 +0000 (Tue, 09 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:27:32 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2010-4649\", \"CVE-2011-0695\", \"CVE-2011-0711\", \"CVE-2011-1044\",\n \"CVE-2011-1182\", \"CVE-2011-1573\", \"CVE-2011-1576\", \"CVE-2011-1593\",\n \"CVE-2011-1745\", \"CVE-2011-1746\", \"CVE-2011-1776\", \"CVE-2011-1936\",\n \"CVE-2011-2022\", \"CVE-2011-2213\", \"CVE-2011-2492\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2011:0927\");\n script_name(\"CentOS Update for kernel CESA-2011:0927 centos5 x86_64\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"kernel on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n This update fixes the following security issues:\n\n * An integer overflow flaw in ib_uverbs_poll_cq() could allow a local,\n unprivileged user to cause a denial of service or escalate their\n privileges. (CVE-2010-4649, Important)\n\n * A race condition in the way new InfiniBand connections were set up could\n allow a remote user to cause a denial of service. (CVE-2011-0695,\n Important)\n\n * A flaw in the Stream Control Transmission Protocol (SCTP) implementation\n could allow a remote attacker to cause a denial of service if the sysctl\n 'net.sctp.addip_enable' variable was turned on (it is off by default).\n (CVE-2011-1573, Important)\n\n * Flaws in the AGPGART driver implementation when handling certain IOCTL\n commands could allow a local, unprivileged user to cause a denial of\n service or escalate their privileges. (CVE-2011-1745, CVE-2011-2022,\n Important)\n\n * An integer overflow flaw in agp_allocate_memory() could allow a local,\n unprivileged user to cause a denial of service or escalate their\n privileges. (CVE-2011-1746, Important)\n\n * A flaw allowed napi_reuse_skb() to be called on VLAN (virtual LAN)\n packets. An attacker on the local network could trigger this flaw by\n sending specially-crafted packets to a target system, possibly causing a\n denial of service. (CVE-2011-1576, Moderate)\n\n * An integer signedness error in next_pidmap() could allow a local,\n unprivileged user to cause a denial of service. (CVE-2011-1593, Moderate)\n\n * A flaw in the way the Xen hypervisor implementation handled CPUID\n instruction emulation during virtual machine exits could allow an\n unprivileged guest user to crash a guest. This only affects systems that\n have an Intel x86 processor with the Intel VT-x extension enabled.\n (CVE-2011-1936, Moderate)\n\n * A flaw in inet_diag_bc_audit() could allow a local, unprivileged user to\n cause a denial of service (infinite loop). (CVE-2011-2213, Moderate)\n\n * A missing initialization flaw in the XFS file system implementation\n could lead to an information leak. (CVE-2011-0711, Low)\n\n * A flaw in ib_uverbs_poll_cq() could allow a local, unprivileged user to\n cause an information leak. (CVE-2011-1044, Low)\n\n * A missing validation check was found in the signals implementation. A\n local, unprivileged user could use this flaw to send signals via the\n sigqueueinfo system call, with the si_code set to SI_TKILL and with spoofed\n process and user IDs, to other processes. Note: This flaw does not allow\n existing permission check ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.18~238.19.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.18~238.19.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.18~238.19.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.18~238.19.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.18~238.19.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.18~238.19.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.18~238.19.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.18~238.19.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-12-04T11:27:40", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1220-1", "cvss3": {}, "published": "2011-09-30T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-ti-omap4 USN-1220-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3188", "CVE-2011-2723", "CVE-2011-1776", "CVE-2011-1576", "CVE-2011-2928", "CVE-2011-2700", "CVE-2011-2213", "CVE-2011-2497", "CVE-2011-3191"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840758", "href": "http://plugins.openvas.org/nasl.php?oid=840758", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1220_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for linux-ti-omap4 USN-1220-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Ryan Sweat discovered that the kernel incorrectly handled certain VLAN\n packets. On some systems, a remote attacker could send specially crafted\n traffic to crash the system, leading to a denial of service.\n (CVE-2011-1576)\n\n Timo Warns discovered that the EFI GUID partition table was not correctly\n parsed. A physically local attacker that could insert mountable devices\n could exploit this to crash the system or possibly gain root privileges.\n (CVE-2011-1776)\n \n Dan Rosenberg discovered that the IPv4 diagnostic routines did not\n correctly validate certain requests. A local attacker could exploit this to\n consume CPU resources, leading to a denial of service. (CVE-2011-2213)\n \n Dan Rosenberg discovered that the Bluetooth stack incorrectly handled\n certain L2CAP requests. If a system was using Bluetooth, a remote attacker\n could send specially crafted traffic to crash the system or gain root\n privileges. (CVE-2011-2497)\n \n Mauro Carvalho Chehab discovered that the si4713 radio driver did not\n correctly check the length of memory copies. If this hardware was\n available, a local attacker could exploit this to crash the system or gain\n root privileges. (CVE-2011-2700)\n \n Herbert Xu discovered that certain fields were incorrectly handled when\n Generic Receive Offload (CVE-2011-2723)\n \n Time Warns discovered that long symlinks were incorrectly handled on Be\n filesystems. A local attacker could exploit this with a malformed Be\n filesystem and crash the system, leading to a denial of service.\n (CVE-2011-2928)\n \n Dan Kaminsky discovered that the kernel incorrectly handled random sequence\n number generation. An attacker could use this flaw to possibly predict\n sequence numbers and inject packets. (CVE-2011-3188)\n \n Darren Lavender discovered that the CIFS client incorrectly handled certain\n large values. A remote attacker with a malicious server could exploit this\n to crash the system or possibly execute arbitrary code as the root user.\n (CVE-2011-3191)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1220-1\";\ntag_affected = \"linux-ti-omap4 on Ubuntu 10.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1220-1/\");\n script_id(840758);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-30 16:02:57 +0200 (Fri, 30 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"1220-1\");\n script_cve_id(\"CVE-2011-1576\", \"CVE-2011-1776\", \"CVE-2011-2213\", \"CVE-2011-2497\", \"CVE-2011-2700\", \"CVE-2011-2723\", \"CVE-2011-2928\", \"CVE-2011-3188\", \"CVE-2011-3191\");\n script_name(\"Ubuntu Update for linux-ti-omap4 USN-1220-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-903-omap4\", ver:\"2.6.35-903.25\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-08-01T16:16:58", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1220-1", "cvss3": {}, "published": "2011-09-30T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-ti-omap4 USN-1220-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3188", "CVE-2011-2723", "CVE-2011-1776", "CVE-2011-1576", "CVE-2011-2928", "CVE-2011-2700", "CVE-2011-2213", "CVE-2011-2497", "CVE-2011-3191"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840758", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840758", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1220_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux-ti-omap4 USN-1220-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1220-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840758\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-30 16:02:57 +0200 (Fri, 30 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"USN\", value:\"1220-1\");\n script_cve_id(\"CVE-2011-1576\", \"CVE-2011-1776\", \"CVE-2011-2213\", \"CVE-2011-2497\", \"CVE-2011-2700\", \"CVE-2011-2723\", \"CVE-2011-2928\", \"CVE-2011-3188\", \"CVE-2011-3191\");\n script_name(\"Ubuntu Update for linux-ti-omap4 USN-1220-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU10\\.10\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1220-1\");\n script_tag(name:\"affected\", value:\"linux-ti-omap4 on Ubuntu 10.10\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Ryan Sweat discovered that the kernel incorrectly handled certain VLAN\n packets. On some systems, a remote attacker could send specially crafted\n traffic to crash the system, leading to a denial of service.\n (CVE-2011-1576)\n\n Timo Warns discovered that the EFI GUID partition table was not correctly\n parsed. A physically local attacker that could insert mountable devices\n could exploit this to crash the system or possibly gain root privileges.\n (CVE-2011-1776)\n\n Dan Rosenberg discovered that the IPv4 diagnostic routines did not\n correctly validate certain requests. A local attacker could exploit this to\n consume CPU resources, leading to a denial of service. (CVE-2011-2213)\n\n Dan Rosenberg discovered that the Bluetooth stack incorrectly handled\n certain L2CAP requests. If a system was using Bluetooth, a remote attacker\n could send specially crafted traffic to crash the system or gain root\n privileges. (CVE-2011-2497)\n\n Mauro Carvalho Chehab discovered that the si4713 radio driver did not\n correctly check the length of memory copies. If this hardware was\n available, a local attacker could exploit this to crash the system or gain\n root privileges. (CVE-2011-2700)\n\n Herbert Xu discovered that certain fields were incorrectly handled when\n Generic Receive Offload (CVE-2011-2723)\n\n Time Warns discovered that long symlinks were incorrectly handled on Be\n filesystems. A local attacker could exploit this with a malformed Be\n filesystem and crash the system, leading to a denial of service.\n (CVE-2011-2928)\n\n Dan Kaminsky discovered that the kernel incorrectly handled random sequence\n number generation. An attacker could use this flaw to possibly predict\n sequence numbers and inject packets. (CVE-2011-3188)\n\n Darren Lavender discovered that the CIFS client incorrectly handled certain\n large values. A remote attacker with a malicious server could exploit this\n to crash the system or possibly execute arbitrary code as the root user.\n (CVE-2011-3191)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-903-omap4\", ver:\"2.6.35-903.25\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:23", "description": "Oracle Linux Local Security Checks ELSA-2011-1212", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2011-1212", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2491", "CVE-2011-2517", "CVE-2011-2495", "CVE-2011-2901", "CVE-2011-2519", "CVE-2011-2482"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122091", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122091", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2011-1212.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122091\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:12:56 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2011-1212\");\n script_tag(name:\"insight\", value:\"ELSA-2011-1212 - kernel security and bug fix update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2011-1212\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2011-1212.html\");\n script_cve_id(\"CVE-2011-2482\", \"CVE-2011-2491\", \"CVE-2011-2495\", \"CVE-2011-2517\", \"CVE-2011-2519\", \"CVE-2011-2901\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.18~274.3.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.18~274.3.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.18~274.3.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.18~274.3.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.18~274.3.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.18~274.3.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.18~274.3.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.18~274.3.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.18~274.3.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.18~274.3.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ocfs2\", rpm:\"ocfs2~2.6.18~274.3.1.0.1.el5~1.4.8~2.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ocfs2\", rpm:\"ocfs2~2.6.18~274.3.1.0.1.el5PAE~1.4.8~2.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ocfs2\", rpm:\"ocfs2~2.6.18~274.3.1.0.1.el5debug~1.4.8~2.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ocfs2\", rpm:\"ocfs2~2.6.18~274.3.1.0.1.el5xen~1.4.8~2.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"oracleasm\", rpm:\"oracleasm~2.6.18~274.3.1.0.1.el5~2.0.5~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"oracleasm\", rpm:\"oracleasm~2.6.18~274.3.1.0.1.el5PAE~2.0.5~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"oracleasm\", rpm:\"oracleasm~2.6.18~274.3.1.0.1.el5debug~2.0.5~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"oracleasm\", rpm:\"oracleasm~2.6.18~274.3.1.0.1.el5xen~2.0.5~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2017-07-25T10:55:19", "description": "Check for the Version of kernel", "cvss3": {}, "published": "2011-09-23T00:00:00", "type": "openvas", "title": "CentOS Update for kernel CESA-2011:1212 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2491", "CVE-2011-2517", "CVE-2011-2495", "CVE-2011-2901", "CVE-2011-2519", "CVE-2011-2482"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880995", "href": "http://plugins.openvas.org/nasl.php?oid=880995", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kernel CESA-2011:1212 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n This update fixes the following security issues:\n \n * A NULL pointer dereference flaw was found in the Linux kernel's Stream\n Control Transmission Protocol (SCTP) implementation. A remote attacker\n could send a specially-crafted SCTP packet to a target system, resulting in\n a denial of service. (CVE-2011-2482, Important)\n \n * A flaw in the Linux kernel's client-side NFS Lock Manager (NLM)\n implementation could allow a local, unprivileged user to cause a denial of\n service. (CVE-2011-2491, Important)\n \n * Buffer overflow flaws in the Linux kernel's netlink-based wireless\n configuration interface implementation could allow a local user, who has\n the CAP_NET_ADMIN capability, to cause a denial of service or escalate\n their privileges on systems that have an active wireless interface.\n (CVE-2011-2517, Important)\n \n * A flaw was found in the way the Linux kernel's Xen hypervisor\n implementation emulated the SAHF instruction. When using a\n fully-virtualized guest on a host that does not use hardware assisted\n paging (HAP), such as those running CPUs that do not have support for (or\n those that have it disabled) Intel Extended Page Tables (EPT) or AMD\n Virtualization (AMD-V) Rapid Virtualization Indexing (RVI), a privileged\n guest user could trigger this flaw to cause the hypervisor to crash.\n (CVE-2011-2519, Moderate)\n \n * An off-by-one flaw was found in the __addr_ok() macro in the Linux\n kernel's Xen hypervisor implementation when running on 64-bit systems. A\n privileged guest user could trigger this flaw to cause the hypervisor to\n crash. (CVE-2011-2901, Moderate)\n \n * /proc/[PID]/io is world-readable by default. Previously, these files\n could be read without any further restrictions. A local, unprivileged user\n could read these files, belonging to other, possibly privileged processes\n to gather confidential information, such as the length of a password used\n in a process. (CVE-2011-2495, Low)\n \n Red Hat would like to thank Vasily Averin for reporting CVE-2011-2491, and\n Vasiliy Kulikov of Openwall for reporting CVE-2011-2495.\n \n This update also fixes several bugs. Documentation for these bug fixes will\n be available shortly from the Technical Notes document linked to in the\n References section.\n \n Users should upgrade to these updated packages, which contain backported\n patches to correct these issues, and fix the bugs noted in the Technical\n Notes. The system must be rebooted for this update to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"kernel on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-September/017862.html\");\n script_id(880995);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-23 16:39:49 +0200 (Fri, 23 Sep 2011)\");\n script_xref(name: \"CESA\", value: \"2011:1212\");\n script_cve_id(\"CVE-2011-2482\", \"CVE-2011-2491\", \"CVE-2011-2495\", \"CVE-2011-2517\",\n \"CVE-2011-2519\", \"CVE-2011-2901\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_name(\"CentOS Update for kernel CESA-2011:1212 centos5 i386\");\n\n script_summary(\"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.18~274.3.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.18~274.3.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.18~274.3.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.18~274.3.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.18~274.3.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.18~274.3.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.18~274.3.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.18~274.3.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.18~274.3.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.18~274.3.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:38", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for kernel CESA-2011:1212 centos5 x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2491", "CVE-2011-2517", "CVE-2011-2495", "CVE-2011-2901", "CVE-2011-2519", "CVE-2011-2482"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310881451", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881451", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kernel CESA-2011:1212 centos5 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2011-September/017863.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881451\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:54:11 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-2482\", \"CVE-2011-2491\", \"CVE-2011-2495\", \"CVE-2011-2517\",\n \"CVE-2011-2519\", \"CVE-2011-2901\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name:\"CESA\", value:\"2011:1212\");\n script_name(\"CentOS Update for kernel CESA-2011:1212 centos5 x86_64\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"kernel on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n This update fixes the following security issues:\n\n * A NULL pointer dereference flaw was found in the Linux kernel's Stream\n Control Transmission Protocol (SCTP) implementation. A remote attacker\n could send a specially-crafted SCTP packet to a target system, resulting in\n a denial of service. (CVE-2011-2482, Important)\n\n * A flaw in the Linux kernel's client-side NFS Lock Manager (NLM)\n implementation could allow a local, unprivileged user to cause a denial of\n service. (CVE-2011-2491, Important)\n\n * Buffer overflow flaws in the Linux kernel's netlink-based wireless\n configuration interface implementation could allow a local user, who has\n the CAP_NET_ADMIN capability, to cause a denial of service or escalate\n their privileges on systems that have an active wireless interface.\n (CVE-2011-2517, Important)\n\n * A flaw was found in the way the Linux kernel's Xen hypervisor\n implementation emulated the SAHF instruction. When using a\n fully-virtualized guest on a host that does not use hardware assisted\n paging (HAP), such as those running CPUs that do not have support for (or\n those that have it disabled) Intel Extended Page Tables (EPT) or AMD\n Virtualization (AMD-V) Rapid Virtualization Indexing (RVI), a privileged\n guest user could trigger this flaw to cause the hypervisor to crash.\n (CVE-2011-2519, Moderate)\n\n * An off-by-one flaw was found in the __addr_ok() macro in the Linux\n kernel's Xen hypervisor implementation when running on 64-bit systems. A\n privileged guest user could trigger this flaw to cause the hypervisor to\n crash. (CVE-2011-2901, Moderate)\n\n * /proc/[PID]/io is world-readable by default. Previously, these files\n could be read without any further restrictions. A local, unprivileged user\n could read these files, belonging to other, possibly privileged processes\n to gather confidential information, such as the length of a password used\n in a process. (CVE-2011-2495, Low)\n\n Red Hat would like to thank Vasily Averin for reporting CVE-2011-2491, and\n Vasiliy Kulikov of Openwall for reporting CVE-2011-2495.\n\n This update also fixes several bugs. Documentation for these bug fixes will\n be available shortly from the Technical Notes document linked to in the\n References section.\n\n Users should upgrade to these updated packages, which contain backported\n patches to correct these issues, and fix the bugs noted in the Technical\n Notes. The system must be rebooted for this update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.18~274.3.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.18~274.3.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.18~274.3.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.18~274.3.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.18~274.3.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.18~274.3.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.18~274.3.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.18~274.3.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2017-07-27T10:55:13", "description": "Check for the Version of kernel", "cvss3": {}, "published": "2011-09-12T00:00:00", "type": "openvas", "title": "RedHat Update for kernel RHSA-2011:1212-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2491", "CVE-2011-2517", "CVE-2011-2495", "CVE-2011-2901", "CVE-2011-2519", "CVE-2011-2482"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:870482", "href": "http://plugins.openvas.org/nasl.php?oid=870482", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for kernel RHSA-2011:1212-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n This update fixes the following security issues:\n \n * A NULL pointer dereference flaw was found in the Linux kernel's Stream\n Control Transmission Protocol (SCTP) implementation. A remote attacker\n could send a specially-crafted SCTP packet to a target system, resulting in\n a denial of service. (CVE-2011-2482, Important)\n \n * A flaw in the Linux kernel's client-side NFS Lock Manager (NLM)\n implementation could allow a local, unprivileged user to cause a denial of\n service. (CVE-2011-2491, Important)\n \n * Buffer overflow flaws in the Linux kernel's netlink-based wireless\n configuration interface implementation could allow a local user, who has\n the CAP_NET_ADMIN capability, to cause a denial of service or escalate\n their privileges on systems that have an active wireless interface.\n (CVE-2011-2517, Important)\n \n * A flaw was found in the way the Linux kernel's Xen hypervisor\n implementation emulated the SAHF instruction. When using a\n fully-virtualized guest on a host that does not use hardware assisted\n paging (HAP), such as those running CPUs that do not have support for (or\n those that have it disabled) Intel Extended Page Tables (EPT) or AMD\n Virtualization (AMD-V) Rapid Virtualization Indexing (RVI), a privileged\n guest user could trigger this flaw to cause the hypervisor to crash.\n (CVE-2011-2519, Moderate)\n \n * An off-by-one flaw was found in the __addr_ok() macro in the Linux\n kernel's Xen hypervisor implementation when running on 64-bit systems. A\n privileged guest user could trigger this flaw to cause the hypervisor to\n crash. (CVE-2011-2901, Moderate)\n \n * /proc/[PID]/io is world-readable by default. Previously, these files\n could be read without any further restrictions. A local, unprivileged user\n could read these files, belonging to other, possibly privileged processes\n to gather confidential information, such as the length of a password used\n in a process. (CVE-2011-2495, Low)\n \n Red Hat would like to thank Vasily Averin for reporting CVE-2011-2491, and\n Vasiliy Kulikov of Openwall for reporting CVE-2011-2495.\n \n This update also fixes several bugs. Documentation for these bug fixes will\n be available shortly from the Technical Notes document linked to in the\n References section.\n \n Users should upgrade to these updated packages, which contain backported\n patches to correct these issues, and fix the bugs noted in the Technical\n Notes. The system must be rebooted for this update to take effect.\";\n\ntag_affected = \"kernel on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2011-September/msg00003.html\");\n script_id(870482);\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_version(\"$Revision: 6685 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:44:46 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-12 16:29:49 +0200 (Mon, 12 Sep 2011)\");\n script_xref(name: \"RHSA\", value: \"2011:1212-01\");\n script_cve_id(\"CVE-2011-2482\", \"CVE-2011-2491\", \"CVE-2011-2495\", \"CVE-2011-2517\", \"CVE-2011-2519\", \"CVE-2011-2901\");\n script_name(\"RedHat Update for kernel RHSA-2011:1212-01\");\n\n script_summary(\"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.18~274.3.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.18~274.3.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE-debuginfo\", rpm:\"kernel-PAE-debuginfo~2.6.18~274.3.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.18~274.3.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.18~274.3.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.18~274.3.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.18~274.3.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.18~274.3.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common\", rpm:\"kernel-debuginfo-common~2.6.18~274.3.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.18~274.3.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.18~274.3.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.18~274.3.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-debuginfo\", rpm:\"kernel-xen-debuginfo~2.6.18~274.3.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.18~274.3.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.18~274.3.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-01-11T11:07:43", "description": "Check for the Version of kernel", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for kernel CESA-2011:1212 centos5 x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2491", "CVE-2011-2517", "CVE-2011-2495", "CVE-2011-2901", "CVE-2011-2519", "CVE-2011-2482"], "modified": "2018-01-09T00:00:00", "id": "OPENVAS:881451", "href": "http://plugins.openvas.org/nasl.php?oid=881451", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kernel CESA-2011:1212 centos5 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n This update fixes the following security issues:\n \n * A NULL pointer dereference flaw was found in the Linux kernel's Stream\n Control Transmission Protocol (SCTP) implementation. A remote attacker\n could send a specially-crafted SCTP packet to a target system, resulting in\n a denial of service. (CVE-2011-2482, Important)\n \n * A flaw in the Linux kernel's client-side NFS Lock Manager (NLM)\n implementation could allow a local, unprivileged user to cause a denial of\n service. (CVE-2011-2491, Important)\n \n * Buffer overflow flaws in the Linux kernel's netlink-based wireless\n configuration interface implementation could allow a local user, who has\n the CAP_NET_ADMIN capability, to cause a denial of service or escalate\n their privileges on systems that have an active wireless interface.\n (CVE-2011-2517, Important)\n \n * A flaw was found in the way the Linux kernel's Xen hypervisor\n implementation emulated the SAHF instruction. When using a\n fully-virtualized guest on a host that does not use hardware assisted\n paging (HAP), such as those running CPUs that do not have support for (or\n those that have it disabled) Intel Extended Page Tables (EPT) or AMD\n Virtualization (AMD-V) Rapid Virtualization Indexing (RVI), a privileged\n guest user could trigger this flaw to cause the hypervisor to crash.\n (CVE-2011-2519, Moderate)\n \n * An off-by-one flaw was found in the __addr_ok() macro in the Linux\n kernel's Xen hypervisor implementation when running on 64-bit systems. A\n privileged guest user could trigger this flaw to cause the hypervisor to\n crash. (CVE-2011-2901, Moderate)\n \n * /proc/[PID]/io is world-readable by default. Previously, these files\n could be read without any further restrictions. A local, unprivileged user\n could read these files, belonging to other, possibly privileged processes\n to gather confidential information, such as the length of a password used\n in a process. (CVE-2011-2495, Low)\n \n Red Hat would like to thank Vasily Averin for reporting CVE-2011-2491, and\n Vasiliy Kulikov of Openwall for reporting CVE-2011-2495.\n \n This update also fixes several bugs. Documentation for these bug fixes will\n be available shortly from the Technical Notes document linked to in the\n References section.\n \n Users should upgrade to these updated packages, which contain backported\n patches to correct these issues, and fix the bugs noted in the Technical\n Notes. The system must be rebooted for this update to take effect.\";\n\ntag_affected = \"kernel on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-September/017863.html\");\n script_id(881451);\n script_version(\"$Revision: 8336 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-09 08:01:48 +0100 (Tue, 09 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:54:11 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-2482\", \"CVE-2011-2491\", \"CVE-2011-2495\", \"CVE-2011-2517\",\n \"CVE-2011-2519\", \"CVE-2011-2901\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"CESA\", value: \"2011:1212\");\n script_name(\"CentOS Update for kernel CESA-2011:1212 centos5 x86_64\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.18~274.3.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.18~274.3.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.18~274.3.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.18~274.3.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.18~274.3.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.18~274.3.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.18~274.3.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.18~274.3.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:58", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-09-12T00:00:00", "type": "openvas", "title": "RedHat Update for kernel RHSA-2011:1212-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2491", "CVE-2011-2517", "CVE-2011-2495", "CVE-2011-2901", "CVE-2011-2519", "CVE-2011-2482"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310870482", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870482", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for kernel RHSA-2011:1212-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2011-September/msg00003.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870482\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-12 16:29:49 +0200 (Mon, 12 Sep 2011)\");\n script_xref(name:\"RHSA\", value:\"2011:1212-01\");\n script_cve_id(\"CVE-2011-2482\", \"CVE-2011-2491\", \"CVE-2011-2495\", \"CVE-2011-2517\", \"CVE-2011-2519\", \"CVE-2011-2901\");\n script_name(\"RedHat Update for kernel RHSA-2011:1212-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_5\");\n script_tag(name:\"affected\", value:\"kernel on Red Hat Enterprise Linux (v. 5 server)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n This update fixes the following security issues:\n\n * A NULL pointer dereference flaw was found in the Linux kernel's Stream\n Control Transmission Protocol (SCTP) implementation. A remote attacker\n could send a specially-crafted SCTP packet to a target system, resulting in\n a denial of service. (CVE-2011-2482, Important)\n\n * A flaw in the Linux kernel's client-side NFS Lock Manager (NLM)\n implementation could allow a local, unprivileged user to cause a denial of\n service. (CVE-2011-2491, Important)\n\n * Buffer overflow flaws in the Linux kernel's netlink-based wireless\n configuration interface implementation could allow a local user, who has\n the CAP_NET_ADMIN capability, to cause a denial of service or escalate\n their privileges on systems that have an active wireless interface.\n (CVE-2011-2517, Important)\n\n * A flaw was found in the way the Linux kernel's Xen hypervisor\n implementation emulated the SAHF instruction. When using a\n fully-virtualized guest on a host that does not use hardware assisted\n paging (HAP), such as those running CPUs that do not have support for (or\n those that have it disabled) Intel Extended Page Tables (EPT) or AMD\n Virtualization (AMD-V) Rapid Virtualization Indexing (RVI), a privileged\n guest user could trigger this flaw to cause the hypervisor to crash.\n (CVE-2011-2519, Moderate)\n\n * An off-by-one flaw was found in the __addr_ok() macro in the Linux\n kernel's Xen hypervisor implementation when running on 64-bit systems. A\n privileged guest user could trigger this flaw to cause the hypervisor to\n crash. (CVE-2011-2901, Moderate)\n\n * /proc/[PID]/io is world-readable by default. Previously, these files\n could be read without any further restrictions. A local, unprivileged user\n could read these files, belonging to other, possibly privileged processes\n to gather confidential information, such as the length of a password used\n in a process. (CVE-2011-2495, Low)\n\n Red Hat would like to thank Vasily Averin for reporting CVE-2011-2491, and\n Vasiliy Kulikov of Openwall for reporting CVE-2011-2495.\n\n This update also fixes several bugs. Documentation for these bug fixes will\n be available shortly from the Technical Notes document linked to in the\n References section.\n\n Users should upgrade to these updated packages, which contain backported\n patches to correct these issues, and fix the bugs noted in the Technical\n Notes. The system must be rebooted for this update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.18~274.3.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.18~274.3.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE-debuginfo\", rpm:\"kernel-PAE-debuginfo~2.6.18~274.3.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.18~274.3.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.18~274.3.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.18~274.3.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.18~274.3.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.18~274.3.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common\", rpm:\"kernel-debuginfo-common~2.6.18~274.3.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.18~274.3.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.18~274.3.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.18~274.3.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-debuginfo\", rpm:\"kernel-xen-debuginfo~2.6.18~274.3.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.18~274.3.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.18~274.3.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:39:32", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-09-23T00:00:00", "type": "openvas", "title": "CentOS Update for kernel CESA-2011:1212 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2491", "CVE-2011-2517", "CVE-2011-2495", "CVE-2011-2901", "CVE-2011-2519", "CVE-2011-2482"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310880995", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880995", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kernel CESA-2011:1212 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2011-September/017862.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880995\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-23 16:39:49 +0200 (Fri, 23 Sep 2011)\");\n script_xref(name:\"CESA\", value:\"2011:1212\");\n script_cve_id(\"CVE-2011-2482\", \"CVE-2011-2491\", \"CVE-2011-2495\", \"CVE-2011-2517\",\n \"CVE-2011-2519\", \"CVE-2011-2901\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_name(\"CentOS Update for kernel CESA-2011:1212 centos5 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"kernel on CentOS 5\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n This update fixes the following security issues:\n\n * A NULL pointer dereference flaw was found in the Linux kernel's Stream\n Control Transmission Protocol (SCTP) implementation. A remote attacker\n could send a specially-crafted SCTP packet to a target system, resulting in\n a denial of service. (CVE-2011-2482, Important)\n\n * A flaw in the Linux kernel's client-side NFS Lock Manager (NLM)\n implementation could allow a local, unprivileged user to cause a denial of\n service. (CVE-2011-2491, Important)\n\n * Buffer overflow flaws in the Linux kernel's netlink-based wireless\n configuration interface implementation could allow a local user, who has\n the CAP_NET_ADMIN capability, to cause a denial of service or escalate\n their privileges on systems that have an active wireless interface.\n (CVE-2011-2517, Important)\n\n * A flaw was found in the way the Linux kernel's Xen hypervisor\n implementation emulated the SAHF instruction. When using a\n fully-virtualized guest on a host that does not use hardware assisted\n paging (HAP), such as those running CPUs that do not have support for (or\n those that have it disabled) Intel Extended Page Tables (EPT) or AMD\n Virtualization (AMD-V) Rapid Virtualization Indexing (RVI), a privileged\n guest user could trigger this flaw to cause the hypervisor to crash.\n (CVE-2011-2519, Moderate)\n\n * An off-by-one flaw was found in the __addr_ok() macro in the Linux\n kernel's Xen hypervisor implementation when running on 64-bit systems. A\n privileged guest user could trigger this flaw to cause the hypervisor to\n crash. (CVE-2011-2901, Moderate)\n\n * /proc/[PID]/io is world-readable by default. Previously, these files\n could be read without any further restrictions. A local, unprivileged user\n could read these files, belonging to other, possibly privileged processes\n to gather confidential information, such as the length of a password used\n in a process. (CVE-2011-2495, Low)\n\n Red Hat would like to thank Vasily Averin for reporting CVE-2011-2491, and\n Vasiliy Kulikov of Openwall for reporting CVE-2011-2495.\n\n This update also fixes several bugs. Documentation for these bug fixes will\n be available shortly from the Technical Notes document linked to in the\n References section.\n\n Users should upgrade to these updated packages, which contain backported\n patches to correct these issues, and fix the bugs noted in the Technical\n Notes. The system must be rebooted for this update to take effect.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.18~274.3.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.18~274.3.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.18~274.3.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.18~274.3.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.18~274.3.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.18~274.3.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.18~274.3.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.18~274.3.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.18~274.3.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.18~274.3.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2017-12-04T11:27:07", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1225-1", "cvss3": {}, "published": "2011-10-10T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-1225-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1776", "CVE-2011-2928", "CVE-2011-2699", "CVE-2011-2213", "CVE-2011-2497", "CVE-2011-3191"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840764", "href": "http://plugins.openvas.org/nasl.php?oid=840764", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1225_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for linux USN-1225-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Timo Warns discovered that the EFI GUID partition table was not correctly\n parsed. A physically local attacker that could insert mountable devices\n could exploit this to crash the system or possibly gain root privileges.\n (CVE-2011-1776)\n\n Dan Rosenberg discovered that the IPv4 diagnostic routines did not\n correctly validate certain requests. A local attacker could exploit this to\n consume CPU resources, leading to a denial of service. (CVE-2011-2213)\n \n Dan Rosenberg discovered that the Bluetooth stack incorrectly handled\n certain L2CAP requests. If a system was using Bluetooth, a remote attacker\n could send specially crafted traffic to crash the system or gain root\n privileges. (CVE-2011-2497)\n \n Fernando Gont discovered that the IPv6 stack used predictable fragment\n identification numbers. A remote attacker could exploit this to exhaust\n network resources, leading to a denial of service. (CVE-2011-2699)\n \n Time Warns discovered that long symlinks were incorrectly handled on Be\n filesystems. A local attacker could exploit this with a malformed Be\n filesystem and crash the system, leading to a denial of service.\n (CVE-2011-2928)\n \n Darren Lavender discovered that the CIFS client incorrectly handled certain\n large values. A remote attacker with a malicious server could exploit this\n to crash the system or possibly execute arbitrary code as the root user.\n (CVE-2011-3191)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1225-1\";\ntag_affected = \"linux on Ubuntu 8.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1225-1/\");\n script_id(840764);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-10 16:05:48 +0200 (Mon, 10 Oct 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"1225-1\");\n script_cve_id(\"CVE-2011-1776\", \"CVE-2011-2213\", \"CVE-2011-2497\", \"CVE-2011-2699\", \"CVE-2011-2928\", \"CVE-2011-3191\");\n script_name(\"Ubuntu Update for linux USN-1225-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-386\", ver:\"2.6.24-29.94\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-generic\", ver:\"2.6.24-29.94\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-hppa32\", ver:\"2.6.24-29.94\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-hppa64\", ver:\"2.6.24-29.94\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-itanium\", ver:\"2.6.24-29.94\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-lpia\", ver:\"2.6.24-29.94\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-lpiacompat\", ver:\"2.6.24-29.94\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-mckinley\", ver:\"2.6.24-29.94\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-openvz\", ver:\"2.6.24-29.94\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-powerpc\", ver:\"2.6.24-29.94\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-powerpc-smp\", ver:\"2.6.24-29.94\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-powerpc64-smp\", ver:\"2.6.24-29.94\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-rt\", ver:\"2.6.24-29.94\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-server\", ver:\"2.6.24-29.94\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-sparc64\", ver:\"2.6.24-29.94\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-sparc64-smp\", ver:\"2.6.24-29.94\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-virtual\", ver:\"2.6.24-29.94\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-xen\", ver:\"2.6.24-29.94\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-08-01T16:18:13", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1225-1", "cvss3": {}, "published": "2011-10-10T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-1225-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1776", "CVE-2011-2928", "CVE-2011-2699", "CVE-2011-2213", "CVE-2011-2497", "CVE-2011-3191"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840764", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840764", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1225_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux USN-1225-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1225-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840764\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-10 16:05:48 +0200 (Mon, 10 Oct 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"USN\", value:\"1225-1\");\n script_cve_id(\"CVE-2011-1776\", \"CVE-2011-2213\", \"CVE-2011-2497\", \"CVE-2011-2699\", \"CVE-2011-2928\", \"CVE-2011-3191\");\n script_name(\"Ubuntu Update for linux USN-1225-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU8\\.04 LTS\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1225-1\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 8.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Timo Warns discovered that the EFI GUID partition table was not correctly\n parsed. A physically local attacker that could insert mountable devices\n could exploit this to crash the system or possibly gain root privileges.\n (CVE-2011-1776)\n\n Dan Rosenberg discovered that the IPv4 diagnostic routines did not\n correctly validate certain requests. A local attacker could exploit this to\n consume CPU resources, leading to a denial of service. (CVE-2011-2213)\n\n Dan Rosenberg discovered that the Bluetooth stack incorrectly handled\n certain L2CAP requests. If a system was using Bluetooth, a remote attacker\n could send specially crafted traffic to crash the system or gain root\n privileges. (CVE-2011-2497)\n\n Fernando Gont discovered that the IPv6 stack used predictable fragment\n identification numbers. A remote attacker could exploit this to exhaust\n network resources, leading to a denial of service. (CVE-2011-2699)\n\n Time Warns discovered that long symlinks were incorrectly handled on Be\n filesystems. A local attacker could exploit this with a malformed Be\n filesystem and crash the system, leading to a denial of service.\n (CVE-2011-2928)\n\n Darren Lavender discovered that the CIFS client incorrectly handled certain\n large values. A remote attacker with a malicious server could exploit this\n to crash the system or possibly execute arbitrary code as the root user.\n (CVE-2011-3191)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-386\", ver:\"2.6.24-29.94\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-generic\", ver:\"2.6.24-29.94\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-hppa32\", ver:\"2.6.24-29.94\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-hppa64\", ver:\"2.6.24-29.94\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-itanium\", ver:\"2.6.24-29.94\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-lpia\", ver:\"2.6.24-29.94\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-lpiacompat\", ver:\"2.6.24-29.94\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-mckinley\", ver:\"2.6.24-29.94\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-openvz\", ver:\"2.6.24-29.94\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-powerpc\", ver:\"2.6.24-29.94\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-powerpc-smp\", ver:\"2.6.24-29.94\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-powerpc64-smp\", ver:\"2.6.24-29.94\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-rt\", ver:\"2.6.24-29.94\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-server\", ver:\"2.6.24-29.94\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-sparc64\", ver:\"2.6.24-29.94\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-sparc64-smp\", ver:\"2.6.24-29.94\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-virtual\", ver:\"2.6.24-29.94\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-29-xen\", ver:\"2.6.24-29.94\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:54", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1281-1", "cvss3": {}, "published": "2011-11-25T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-ti-omap4 USN-1281-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2491", "CVE-2011-2517", "CVE-2011-2495", "CVE-2011-2909", "CVE-2011-2494", "CVE-2011-3363", "CVE-2011-2479", "CVE-2011-2905", "CVE-2011-2183", "CVE-2011-2496"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840818", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840818", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1281_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux-ti-omap4 USN-1281-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1281-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840818\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-25 12:03:12 +0530 (Fri, 25 Nov 2011)\");\n script_xref(name:\"USN\", value:\"1281-1\");\n script_cve_id(\"CVE-2011-2183\", \"CVE-2011-2479\", \"CVE-2011-2491\", \"CVE-2011-2494\",\n \"CVE-2011-2495\", \"CVE-2011-2496\", \"CVE-2011-2517\", \"CVE-2011-2905\",\n \"CVE-2011-2909\", \"CVE-2011-3363\");\n script_name(\"Ubuntu Update for linux-ti-omap4 USN-1281-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU11\\.04\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1281-1\");\n script_tag(name:\"affected\", value:\"linux-ti-omap4 on Ubuntu 11.04\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Andrea Righi discovered a race condition in the KSM memory merging support.\n If KSM was being used, a local attacker could exploit this to crash the\n system, leading to a denial of service. (CVE-2011-2183)\n\n It was discovered that an mmap() call with the MAP_PRIVATE flag on\n '/dev/zero' was incorrectly handled. A local attacker could exploit this to\n crash the system, leading to a denial of service. (CVE-2011-2479)\n\n Vasily Averin discovered that the NFS Lock Manager (NLM) incorrectly\n handled unlock requests. A local attacker could exploit this to cause a\n denial of service. (CVE-2011-2491)\n\n Vasiliy Kulikov discovered that taskstats did not enforce access\n restrictions. A local attacker could exploit this to read certain\n information, leading to a loss of privacy. (CVE-2011-2494)\n\n Vasiliy Kulikov discovered that /proc/PID/io did not enforce access\n restrictions. A local attacker could exploit this to read certain\n information, leading to a loss of privacy. (CVE-2011-2495)\n\n Robert Swiecki discovered that mapping extensions were incorrectly handled.\n A local attacker could exploit this to crash the system, leading to a\n denial of service. (CVE-2011-2496)\n\n It was discovered that the wireless stack incorrectly verified SSID\n lengths. A local attacker could exploit this to cause a denial of service\n or gain root privileges. (CVE-2011-2517)\n\n Christian Ohm discovered that the perf command looks for configuration\n files in the current directory. If a privileged user were tricked into\n running perf in a directory containing a malicious configuration file, an\n attacker could run arbitrary commands and possibly gain privileges.\n (CVE-2011-2905)\n\n Vasiliy Kulikov discovered that the Comedi driver did not correctly clear\n memory. A local attacker could exploit this to read kernel stack memory,\n leading to a loss of privacy. (CVE-2011-2909)\n\n Yogesh Sharma discovered that CIFS did not correctly handle UNCs that had\n no prefixpaths. A local attacker with access to a CIFS partition could\n exploit this to crash the system, leading to a denial of service.\n (CVE-2011-3363)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-1209-omap4\", ver:\"2.6.38-1209.17\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-12-04T11:26:35", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1281-1", "cvss3": {}, "published": "2011-11-25T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-ti-omap4 USN-1281-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2491", "CVE-2011-2517", "CVE-2011-2495", "CVE-2011-2909", "CVE-2011-2494", "CVE-2011-3363", "CVE-2011-2479", "CVE-2011-2905", "CVE-2011-2183", "CVE-2011-2496"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840818", "href": "http://plugins.openvas.org/nasl.php?oid=840818", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1281_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for linux-ti-omap4 USN-1281-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Andrea Righi discovered a race condition in the KSM memory merging support.\n If KSM was being used, a local attacker could exploit this to crash the\n system, leading to a denial of service. (CVE-2011-2183)\n\n It was discovered that an mmap() call with the MAP_PRIVATE flag on\n "/dev/zero" was incorrectly handled. A local attacker could exploit this to\n crash the system, leading to a denial of service. (CVE-2011-2479)\n\n Vasily Averin discovered that the NFS Lock Manager (NLM) incorrectly\n handled unlock requests. A local attacker could exploit this to cause a\n denial of service. (CVE-2011-2491)\n\n Vasiliy Kulikov discovered that taskstats did not enforce access\n restrictions. A local attacker could exploit this to read certain\n information, leading to a loss of privacy. (CVE-2011-2494)\n\n Vasiliy Kulikov discovered that /proc/PID/io did not enforce access\n restrictions. A local attacker could exploit this to read certain\n information, leading to a loss of privacy. (CVE-2011-2495)\n\n Robert Swiecki discovered that mapping extensions were incorrectly handled.\n A local attacker could exploit this to crash the system, leading to a\n denial of service. (CVE-2011-2496)\n\n It was discovered that the wireless stack incorrectly verified SSID\n lengths. A local attacker could exploit this to cause a denial of service\n or gain root privileges. (CVE-2011-2517)\n\n Christian Ohm discovered that the perf command looks for configuration\n files in the current directory. If a privileged user were tricked into\n running perf in a directory containing a malicious configuration file, an\n attacker could run arbitrary commands and possibly gain privileges.\n (CVE-2011-2905)\n\n Vasiliy Kulikov discovered that the Comedi driver did not correctly clear\n memory. A local attacker could exploit this to read kernel stack memory,\n leading to a loss of privacy. (CVE-2011-2909)\n\n Yogesh Sharma discovered that CIFS did not correctly handle UNCs that had\n no prefixpaths. A local attacker with access to a CIFS partition could\n exploit this to crash the system, leading to a denial of service.\n (CVE-2011-3363)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1281-1\";\ntag_affected = \"linux-ti-omap4 on Ubuntu 11.04\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1281-1/\");\n script_id(840818);\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-25 12:03:12 +0530 (Fri, 25 Nov 2011)\");\n script_xref(name: \"USN\", value: \"1281-1\");\n script_cve_id(\"CVE-2011-2183\", \"CVE-2011-2479\", \"CVE-2011-2491\", \"CVE-2011-2494\",\n \"CVE-2011-2495\", \"CVE-2011-2496\", \"CVE-2011-2517\", \"CVE-2011-2905\",\n \"CVE-2011-2909\", \"CVE-2011-3363\");\n script_name(\"Ubuntu Update for linux-ti-omap4 USN-1281-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-1209-omap4\", ver:\"2.6.38-1209.17\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:27:24", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1219-1", "cvss3": {}, "published": "2011-09-30T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-lts-backport-maverick USN-1219-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2918", "CVE-2011-2723", "CVE-2011-1776", "CVE-2011-1576", "CVE-2011-2928", "CVE-2011-2699", "CVE-2011-1833", "CVE-2011-2700", "CVE-2011-2213", "CVE-2011-2497", "CVE-2011-3191"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840762", "href": "http://plugins.openvas.org/nasl.php?oid=840762", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1219_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for linux-lts-backport-maverick USN-1219-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Ryan Sweat discovered that the kernel incorrectly handled certain VLAN\n packets. On some systems, a remote attacker could send specially crafted\n traffic to crash the system, leading to a denial of service.\n (CVE-2011-1576)\n\n Timo Warns discovered that the EFI GUID partition table was not correctly\n parsed. A physically local attacker that could insert mountable devices\n could exploit this to crash the system or possibly gain root privileges.\n (CVE-2011-1776)\n \n Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not\n correctly check the origin of mount points. A local attacker could exploit\n this to trick the system into unmounting arbitrary mount points, leading to\n a denial of service. (CVE-2011-1833)\n \n Dan Rosenberg discovered that the IPv4 diagnostic routines did not\n correctly validate certain requests. A local attacker could exploit this to\n consume CPU resources, leading to a denial of service. (CVE-2011-2213)\n \n Dan Rosenberg discovered that the Bluetooth stack incorrectly handled\n certain L2CAP requests. If a system was using Bluetooth, a remote attacker\n could send specially crafted traffic to crash the system or gain root\n privileges. (CVE-2011-2497)\n \n Fernando Gont discovered that the IPv6 stack used predictable fragment\n identification numbers. A remote attacker could exploit this to exhaust\n network resources, leading to a denial of service. (CVE-2011-2699)\n \n Mauro Carvalho Chehab discovered that the si4713 radio driver did not\n correctly check the length of memory copies. If this hardware was\n available, a local attacker could exploit this to crash the system or gain\n root privileges. (CVE-2011-2700)\n \n Herbert Xu discovered that certain fields were incorrectly handled when\n Generic Receive Offload (CVE-2011-2723)\n \n The performance counter subsystem did not correctly handle certain\n counters. A local attacker could exploit this to crash the system, leading\n to a denial of service. (CVE-2011-2918)\n \n Time Warns discovered that long symlinks were incorrectly handled on Be\n filesystems. A local attacker could exploit this with a malformed Be\n filesystem and crash the system, leading to a denial of service.\n (CVE-2011-2928)\n \n Darren Lavender discovered that the CIFS client incorrectly handled certain\n large values. A remote attacker with a malicious server could exploit this\n to crash the system or possibly execute arbitrary code as the root user.\n (CVE-2011-3191)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1219-1\";\ntag_affected = \"linux-lts-backport-maverick on Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1219-1/\");\n script_id(840762);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-30 16:02:57 +0200 (Fri, 30 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"1219-1\");\n script_cve_id(\"CVE-2011-1576\", \"CVE-2011-1776\", \"CVE-2011-1833\", \"CVE-2011-2213\", \"CVE-2011-2497\", \"CVE-2011-2699\", \"CVE-2011-2700\", \"CVE-2011-2723\", \"CVE-2011-2918\", \"CVE-2011-2928\", \"CVE-2011-3191\");\n script_name(\"Ubuntu Update for linux-lts-backport-maverick USN-1219-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-30-generic\", ver:\"2.6.35-30.60~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-30-generic-pae\", ver:\"2.6.35-30.60~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-30-server\", ver:\"2.6.35-30.60~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-30-virtual\", ver:\"2.6.35-30.60~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-08-01T16:16:24", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1227-1", "cvss3": {}, "published": "2011-10-14T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-1227-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2918", "CVE-2011-2723", "CVE-2011-1776", "CVE-2011-1576", "CVE-2011-2928", "CVE-2011-2699", "CVE-2011-1833", "CVE-2011-2700", "CVE-2011-2213", "CVE-2011-2497", "CVE-2011-3191"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840773", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840773", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1227_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux USN-1227-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1227-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840773\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-14 14:22:41 +0200 (Fri, 14 Oct 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"USN\", value:\"1227-1\");\n script_cve_id(\"CVE-2011-1576\", \"CVE-2011-1776\", \"CVE-2011-1833\", \"CVE-2011-2213\", \"CVE-2011-2497\", \"CVE-2011-2699\", \"CVE-2011-2700\", \"CVE-2011-2723\", \"CVE-2011-2918\", \"CVE-2011-2928\", \"CVE-2011-3191\");\n script_name(\"Ubuntu Update for linux USN-1227-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU10\\.10\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1227-1\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 10.10\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Ryan Sweat discovered that the kernel incorrectly handled certain VLAN\n packets. On some systems, a remote attacker could send specially crafted\n traffic to crash the system, leading to a denial of service.\n (CVE-2011-1576)\n\n Timo Warns discovered that the EFI GUID partition table was not correctly\n parsed. A physically local attacker that could insert mountable devices\n could exploit this to crash the system or possibly gain root privileges.\n (CVE-2011-1776)\n\n Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not\n correctly check the origin of mount points. A local attacker could exploit\n this to trick the system into unmounting arbitrary mount points, leading to\n a denial of service. (CVE-2011-1833)\n\n Dan Rosenberg discovered that the IPv4 diagnostic routines did not\n correctly validate certain requests. A local attacker could exploit this to\n consume CPU resources, leading to a denial of service. (CVE-2011-2213)\n\n Dan Rosenberg discovered that the Bluetooth stack incorrectly handled\n certain L2CAP requests. If a system was using Bluetooth, a remote attacker\n could send specially crafted traffic to crash the system or gain root\n privileges. (CVE-2011-2497)\n\n Fernando Gont discovered that the IPv6 stack used predictable fragment\n identification numbers. A remote attacker could exploit this to exhaust\n network resources, leading to a denial of service. (CVE-2011-2699)\n\n Mauro Carvalho Chehab discovered that the si4713 radio driver did not\n correctly check the length of memory copies. If this hardware was\n available, a local attacker could exploit this to crash the system or gain\n root privileges. (CVE-2011-2700)\n\n Herbert Xu discovered that certain fields were incorrectly handled when\n Generic Receive Offload (CVE-2011-2723)\n\n The performance counter subsystem did not correctly handle certain\n counters. A local attacker could exploit this to crash the system, leading\n to a denial of service. (CVE-2011-2918)\n\n Time Warns discovered that long symlinks were incorrectly handled on Be\n filesystems. A local attacker could exploit this with a malformed Be\n filesystem and crash the system, leading to a denial of service.\n (CVE-2011-2928)\n\n Darren Lavender discovered that the CIFS client incorrectly handled certain\n large values. A remote attacker with a malicious server could exploit this\n to crash the system or possibly execute arbitrary code as the root user.\n (CVE-2011-3191)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-30-generic\", ver:\"2.6.35-30.60\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-30-generic-pae\", ver:\"2.6.35-30.60\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-30-omap\", ver:\"2.6.35-30.60\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-30-powerpc\", ver:\"2.6.35-30.60\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-30-powerpc-smp\", ver:\"2.6.35-30.60\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-30-powerpc64-smp\", ver:\"2.6.35-30.60\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-30-server\", ver:\"2.6.35-30.60\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-30-versatile\", ver:\"2.6.35-30.60\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-30-virtual\", ver:\"2.6.35-30.60\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-01T16:18:32", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1219-1", "cvss3": {}, "published": "2011-09-30T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-lts-backport-maverick USN-1219-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2918", "CVE-2011-2723", "CVE-2011-1776", "CVE-2011-1576", "CVE-2011-2928", "CVE-2011-2699", "CVE-2011-1833", "CVE-2011-2700", "CVE-2011-2213", "CVE-2011-2497", "CVE-2011-3191"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840762", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840762", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1219_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux-lts-backport-maverick USN-1219-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1219-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840762\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-30 16:02:57 +0200 (Fri, 30 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"USN\", value:\"1219-1\");\n script_cve_id(\"CVE-2011-1576\", \"CVE-2011-1776\", \"CVE-2011-1833\", \"CVE-2011-2213\", \"CVE-2011-2497\", \"CVE-2011-2699\", \"CVE-2011-2700\", \"CVE-2011-2723\", \"CVE-2011-2918\", \"CVE-2011-2928\", \"CVE-2011-3191\");\n script_name(\"Ubuntu Update for linux-lts-backport-maverick USN-1219-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU10\\.04 LTS\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1219-1\");\n script_tag(name:\"affected\", value:\"linux-lts-backport-maverick on Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Ryan Sweat discovered that the kernel incorrectly handled certain VLAN\n packets. On some systems, a remote attacker could send specially crafted\n traffic to crash the system, leading to a denial of service.\n (CVE-2011-1576)\n\n Timo Warns discovered that the EFI GUID partition table was not correctly\n parsed. A physically local attacker that could insert mountable devices\n could exploit this to crash the system or possibly gain root privileges.\n (CVE-2011-1776)\n\n Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not\n correctly check the origin of mount points. A local attacker could exploit\n this to trick the system into unmounting arbitrary mount points, leading to\n a denial of service. (CVE-2011-1833)\n\n Dan Rosenberg discovered that the IPv4 diagnostic routines did not\n correctly validate certain requests. A local attacker could exploit this to\n consume CPU resources, leading to a denial of service. (CVE-2011-2213)\n\n Dan Rosenberg discovered that the Bluetooth stack incorrectly handled\n certain L2CAP requests. If a system was using Bluetooth, a remote attacker\n could send specially crafted traffic to crash the system or gain root\n privileges. (CVE-2011-2497)\n\n Fernando Gont discovered that the IPv6 stack used predictable fragment\n identification numbers. A remote attacker could exploit this to exhaust\n network resources, leading to a denial of service. (CVE-2011-2699)\n\n Mauro Carvalho Chehab discovered that the si4713 radio driver did not\n correctly check the length of memory copies. If this hardware was\n available, a local attacker could exploit this to crash the system or gain\n root privileges. (CVE-2011-2700)\n\n Herbert Xu discovered that certain fields were incorrectly handled when\n Generic Receive Offload (CVE-2011-2723)\n\n The performance counter subsystem did not correctly handle certain\n counters. A local attacker could exploit this to crash the system, leading\n to a denial of service. (CVE-2011-2918)\n\n Time Warns discovered that long symlinks were incorrectly handled on Be\n filesystems. A local attacker could exploit this with a malformed Be\n filesystem and crash the system, leading to a denial of service.\n (CVE-2011-2928)\n\n Darren Lavender discovered that the CIFS client incorrectly handled certain\n large values. A remote attacker with a malicious server could exploit this\n to crash the system or possibly execute arbitrary code as the root user.\n (CVE-2011-3191)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-30-generic\", ver:\"2.6.35-30.60~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-30-generic-pae\", ver:\"2.6.35-30.60~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-30-server\", ver:\"2.6.35-30.60~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-30-virtual\", ver:\"2.6.35-30.60~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-12-04T11:27:22", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1227-1", "cvss3": {}, "published": "2011-10-14T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-1227-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2918", "CVE-2011-2723", "CVE-2011-1776", "CVE-2011-1576", "CVE-2011-2928", "CVE-2011-2699", "CVE-2011-1833", "CVE-2011-2700", "CVE-2011-2213", "CVE-2011-2497", "CVE-2011-3191"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840773", "href": "http://plugins.openvas.org/nasl.php?oid=840773", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1227_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for linux USN-1227-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Ryan Sweat discovered that the kernel incorrectly handled certain VLAN\n packets. On some systems, a remote attacker could send specially crafted\n traffic to crash the system, leading to a denial of service.\n (CVE-2011-1576)\n\n Timo Warns discovered that the EFI GUID partition table was not correctly\n parsed. A physically local attacker that could insert mountable devices\n could exploit this to crash the system or possibly gain root privileges.\n (CVE-2011-1776)\n \n Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not\n correctly check the origin of mount points. A local attacker could exploit\n this to trick the system into unmounting arbitrary mount points, leading to\n a denial of service. (CVE-2011-1833)\n \n Dan Rosenberg discovered that the IPv4 diagnostic routines did not\n correctly validate certain requests. A local attacker could exploit this to\n consume CPU resources, leading to a denial of service. (CVE-2011-2213)\n \n Dan Rosenberg discovered that the Bluetooth stack incorrectly handled\n certain L2CAP requests. If a system was using Bluetooth, a remote attacker\n could send specially crafted traffic to crash the system or gain root\n privileges. (CVE-2011-2497)\n \n Fernando Gont discovered that the IPv6 stack used predictable fragment\n identification numbers. A remote attacker could exploit this to exhaust\n network resources, leading to a denial of service. (CVE-2011-2699)\n \n Mauro Carvalho Chehab discovered that the si4713 radio driver did not\n correctly check the length of memory copies. If this hardware was\n available, a local attacker could exploit this to crash the system or gain\n root privileges. (CVE-2011-2700)\n \n Herbert Xu discovered that certain fields were incorrectly handled when\n Generic Receive Offload (CVE-2011-2723)\n \n The performance counter subsystem did not correctly handle certain\n counters. A local attacker could exploit this to crash the system, leading\n to a denial of service. (CVE-2011-2918)\n \n Time Warns discovered that long symlinks were incorrectly handled on Be\n filesystems. A local attacker could exploit this with a malformed Be\n filesystem and crash the system, leading to a denial of service.\n (CVE-2011-2928)\n \n Darren Lavender discovered that the CIFS client incorrectly handled certain\n large values. A remote attacker with a malicious server could exploit this\n to crash the system or possibly execute arbitrary code as the root user.\n (CVE-2011-3191)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1227-1\";\ntag_affected = \"linux on Ubuntu 10.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1227-1/\");\n script_id(840773);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-14 14:22:41 +0200 (Fri, 14 Oct 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"1227-1\");\n script_cve_id(\"CVE-2011-1576\", \"CVE-2011-1776\", \"CVE-2011-1833\", \"CVE-2011-2213\", \"CVE-2011-2497\", \"CVE-2011-2699\", \"CVE-2011-2700\", \"CVE-2011-2723\", \"CVE-2011-2918\", \"CVE-2011-2928\", \"CVE-2011-3191\");\n script_name(\"Ubuntu Update for linux USN-1227-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-30-generic\", ver:\"2.6.35-30.60\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-30-generic-pae\", ver:\"2.6.35-30.60\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-30-omap\", ver:\"2.6.35-30.60\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-30-powerpc\", ver:\"2.6.35-30.60\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-30-powerpc-smp\", ver:\"2.6.35-30.60\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-30-powerpc64-smp\", ver:\"2.6.35-30.60\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-30-server\", ver:\"2.6.35-30.60\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-30-versatile\", ver:\"2.6.35-30.60\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-30-virtual\", ver:\"2.6.35-30.60\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-08-01T16:15:44", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1239-1", "cvss3": {}, "published": "2011-10-31T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-ec2 USN-1239-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3188", "CVE-2011-1576", "CVE-2011-2928", "CVE-2011-2699", "CVE-2011-2495", "CVE-2011-2494", "CVE-2011-1833", "CVE-2011-2905", "CVE-2011-2497", "CVE-2011-2695", "CVE-2011-3191"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840796", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840796", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1239_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux-ec2 USN-1239-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1239-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840796\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-31 13:45:00 +0100 (Mon, 31 Oct 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"USN\", value:\"1239-1\");\n script_cve_id(\"CVE-2011-1576\", \"CVE-2011-1833\", \"CVE-2011-2494\", \"CVE-2011-2495\",\n \"CVE-2011-2497\", \"CVE-2011-2695\", \"CVE-2011-2699\", \"CVE-2011-2905\",\n \"CVE-2011-2928\", \"CVE-2011-3188\", \"CVE-2011-3191\");\n script_name(\"Ubuntu Update for linux-ec2 USN-1239-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU10\\.04 LTS\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1239-1\");\n script_tag(name:\"affected\", value:\"linux-ec2 on Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Ryan Sweat discovered that the kernel incorrectly handled certain VLAN\n packets. On some systems, a remote attacker could send specially crafted\n traffic to crash the system, leading to a denial of service.\n (CVE-2011-1576)\n\n Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not\n correctly check the origin of mount points. A local attacker could exploit\n this to trick the system into unmounting arbitrary mount points, leading to\n a denial of service. (CVE-2011-1833)\n\n Vasiliy Kulikov discovered that taskstats did not enforce access\n restrictions. A local attacker could exploit this to read certain\n information, leading to a loss of privacy. (CVE-2011-2494)\n\n Vasiliy Kulikov discovered that /proc/PID/io did not enforce access\n restrictions. A local attacker could exploit this to read certain\n information, leading to a loss of privacy. (CVE-2011-2495)\n\n Dan Rosenberg discovered that the Bluetooth stack incorrectly handled\n certain L2CAP requests. If a system was using Bluetooth, a remote attacker\n could send specially crafted traffic to crash the system or gain root\n privileges. (CVE-2011-2497)\n\n It was discovered that the EXT4 filesystem contained multiple off-by-one\n flaws. A local attacker could exploit this to crash the system, leading to\n a denial of service. (CVE-2011-2695)\n\n Fernando Gont discovered that the IPv6 stack used predictable fragment\n identification numbers. A remote attacker could exploit this to exhaust\n network resources, leading to a denial of service. (CVE-2011-2699)\n\n Christian Ohm discovered that the perf command looks for configuration\n files in the current directory. If a privileged user were tricked into\n running perf in a directory containing a malicious configuration file, an\n attacker could run arbitrary commands and possibly gain privileges.\n (CVE-2011-2905)\n\n Time Warns discovered that long symlinks were incorrectly handled on Be\n filesystems. A local attacker could exploit this with a malformed Be\n filesystem and crash the system, leading to a denial of service.\n (CVE-2011-2928)\n\n Dan Kaminsky discovered that the kernel incorrectly handled random sequence\n number generation. An attacker could use this flaw to possibly predict\n sequence numbers and inject packets. (CVE-2011-3188)\n\n Darren Lavender discovered that the CIFS client incorrectly handled certain\n large values. A remote attacker with a malicious server could exploit this\n to crash the system or possibly execute arbitrary code as the root user.\n (CVE-2011-3191)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-319-ec2\", ver:\"2.6.32-319.39\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-01T16:15:45", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1245-1", "cvss3": {}, "published": "2011-10-31T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-mvl-dove USN-1245-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3188", "CVE-2011-1576", "CVE-2011-2928", "CVE-2011-2699", "CVE-2011-2495", "CVE-2011-2494", "CVE-2011-1833", "CVE-2011-2905", "CVE-2011-2497", "CVE-2011-2695", "CVE-2011-3191"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840786", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840786", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1245_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux-mvl-dove USN-1245-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1245-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840786\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-31 13:45:00 +0100 (Mon, 31 Oct 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"USN\", value:\"1245-1\");\n script_cve_id(\"CVE-2011-1576\", \"CVE-2011-1833\", \"CVE-2011-2494\", \"CVE-2011-2495\",\n \"CVE-2011-2497\", \"CVE-2011-2695\", \"CVE-2011-2699\", \"CVE-2011-2905\",\n \"CVE-2011-2928\", \"CVE-2011-3188\", \"CVE-2011-3191\");\n script_name(\"Ubuntu Update for linux-mvl-dove USN-1245-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU10\\.10\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1245-1\");\n script_tag(name:\"affected\", value:\"linux-mvl-dove on Ubuntu 10.10\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Ryan Sweat discovered that the kernel incorrectly handled certain VLAN\n packets. On some systems, a remote attacker could send specially crafted\n traffic to crash the system, leading to a denial of service.\n (CVE-2011-1576)\n\n Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not\n correctly check the origin of mount points. A local attacker could exploit\n this to trick the system into unmounting arbitrary mount points, leading to\n a denial of service. (CVE-2011-1833)\n\n Vasiliy Kulikov discovered that taskstats did not enforce access\n restrictions. A local attacker could exploit this to read certain\n information, leading to a loss of privacy. (CVE-2011-2494)\n\n Vasiliy Kulikov discovered that /proc/PID/io did not enforce access\n restrictions. A local attacker could exploit this to read certain\n information, leading to a loss of privacy. (CVE-2011-2495)\n\n Dan Rosenberg discovered that the Bluetooth stack incorrectly handled\n certain L2CAP requests. If a system was using Bluetooth, a remote attacker\n could send specially crafted traffic to crash the system or gain root\n privileges. (CVE-2011-2497)\n\n It was discovered that the EXT4 filesystem contained multiple off-by-one\n flaws. A local attacker could exploit this to crash the system, leading to\n a denial of service. (CVE-2011-2695)\n\n Fernando Gont discovered that the IPv6 stack used predictable fragment\n identification numbers. A remote attacker could exploit this to exhaust\n network resources, leading to a denial of service. (CVE-2011-2699)\n\n Christian Ohm discovered that the perf command looks for configuration\n files in the current directory. If a privileged user were tricked into\n running perf in a directory containing a malicious configuration file, an\n attacker could run arbitrary commands and possibly gain privileges.\n (CVE-2011-2905)\n\n Time Warns discovered that long symlinks were incorrectly handled on Be\n filesystems. A local attacker could exploit this with a malformed Be\n filesystem and crash the system, leading to a denial of service.\n (CVE-2011-2928)\n\n Dan Kaminsky discovered that the kernel incorrectly handled random sequence\n number generation. An attacker could use this flaw to possibly predict\n sequence numbers and inject packets. (CVE-2011-3188)\n\n Darren Lavender discovered that the CIFS client incorrectly handled certain\n large values. A remote attacker with a malicious server could exploit this\n to crash the system or possibly execute arbitrary code as the root user.\n (CVE-2011-3191)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-419-dove\", ver:\"2.6.32-419.37\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-01T16:15:34", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1253-1", "cvss3": {}, "published": "2011-11-11T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-1253-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3188", "CVE-2011-1576", "CVE-2011-2928", "CVE-2011-2699", "CVE-2011-2495", "CVE-2011-2494", "CVE-2011-1833", "CVE-2011-2905", "CVE-2011-2497", "CVE-2011-2695", "CVE-2011-3191"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840804", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840804", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1253_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux USN-1253-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1253-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840804\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-11 09:59:23 +0530 (Fri, 11 Nov 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"USN\", value:\"1253-1\");\n script_cve_id(\"CVE-2011-1576\", \"CVE-2011-1833\", \"CVE-2011-2494\", \"CVE-2011-2495\",\n \"CVE-2011-2497\", \"CVE-2011-2695\", \"CVE-2011-2699\", \"CVE-2011-2905\",\n \"CVE-2011-2928\", \"CVE-2011-3188\", \"CVE-2011-3191\");\n script_name(\"Ubuntu Update for linux USN-1253-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU10\\.04 LTS\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1253-1\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Ryan Sweat discovered that the kernel incorrectly handled certain VLAN\n packets. On some systems, a remote attacker could send specially crafted\n traffic to crash the system, leading to a denial of service.\n (CVE-2011-1576)\n\n Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not\n correctly check the origin of mount points. A local attacker could exploit\n this to trick the system into unmounting arbitrary mount points, leading to\n a denial of service. (CVE-2011-1833)\n\n Vasiliy Kulikov discovered that taskstats did not enforce access\n restrictions. A local attacker could exploit this to read certain\n information, leading to a loss of privacy. (CVE-2011-2494)\n\n Vasiliy Kulikov discovered that /proc/PID/io did not enforce access\n restrictions. A local attacker could exploit this to read certain\n information, leading to a loss of privacy. (CVE-2011-2495)\n\n Dan Rosenberg discovered that the Bluetooth stack incorrectly handled\n certain L2CAP requests. If a system was using Bluetooth, a remote attacker\n could send specially crafted traffic to crash the system or gain root\n privileges. (CVE-2011-2497)\n\n It was discovered that the EXT4 filesystem contained multiple off-by-one\n flaws. A local attacker could exploit this to crash the system, leading to\n a denial of service. (CVE-2011-2695)\n\n Fernando Gont discovered that the IPv6 stack used predictable fragment\n identification numbers. A remote attacker could exploit this to exhaust\n network resources, leading to a denial of service. (CVE-2011-2699)\n\n Christian Ohm discovered that the perf command looks for configuration\n files in the current directory. If a privileged user were tricked into\n running perf in a directory containing a malicious configuration file, an\n attacker could run arbitrary commands and possibly gain privileges.\n (CVE-2011-2905)\n\n Time Warns discovered that long symlinks were incorrectly handled on Be\n filesystems. A local attacker could exploit this with a malformed Be\n filesystem and crash the system, leading to a denial of service.\n (CVE-2011-2928)\n\n Dan Kaminsky discovered that the kernel incorrectly handled random sequence\n number generation. An attacker could use this flaw to possibly predict\n sequence numbers and inject packets. (CVE-2011-3188)\n\n Darren Lavender discovered that the CIFS client incorrectly handled certain\n large values. A remote attacker with a malicious server could exploit this\n to crash the system or possibly execute arbitrary code as the root user.\n (CVE-2011-3191)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-35-386\", ver:\"2.6.32-35.78\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-35-generic\", ver:\"2.6.32-35.78\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-35-generic-pae\", ver:\"2.6.32-35.78\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-35-ia64\", ver:\"2.6.32-35.78\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-35-lpia\", ver:\"2.6.32-35.78\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-35-powerpc\", ver:\"2.6.32-35.78\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-35-powerpc-smp\", ver:\"2.6.32-35.78\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-35-powerpc64-smp\", ver:\"2.6.32-35.78\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-35-preempt\", ver:\"2.6.32-35.78\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-35-server\", ver:\"2.6.32-35.78\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-35-sparc64\", ver:\"2.6.32-35.78\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-35-sparc64-smp\", ver:\"2.6.32-35.78\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-35-versatile\", ver:\"2.6.32-35.78\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-35-virtual\", ver:\"2.6.32-35.78\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-12-04T11:27:14", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1239-1", "cvss3": {}, "published": "2011-10-31T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-ec2 USN-1239-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3188", "CVE-2011-1576", "CVE-2011-2928", "CVE-2011-2699", "CVE-2011-2495", "CVE-2011-2494", "CVE-2011-1833", "CVE-2011-2905", "CVE-2011-2497", "CVE-2011-2695", "CVE-2011-3191"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840796", "href": "http://plugins.openvas.org/nasl.php?oid=840796", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1239_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for linux-ec2 USN-1239-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Ryan Sweat discovered that the kernel incorrectly handled certain VLAN\n packets. On some systems, a remote attacker could send specially crafted\n traffic to crash the system, leading to a denial of service.\n (CVE-2011-1576)\n\n Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not\n correctly check the origin of mount points. A local attacker could exploit\n this to trick the system into unmounting arbitrary mount points, leading to\n a denial of service. (CVE-2011-1833)\n \n Vasiliy Kulikov discovered that taskstats did not enforce access\n restrictions. A local attacker could exploit this to read certain\n information, leading to a loss of privacy. (CVE-2011-2494)\n \n Vasiliy Kulikov discovered that /proc/PID/io did not enforce access\n restrictions. A local attacker could exploit this to read certain\n information, leading to a loss of privacy. (CVE-2011-2495)\n \n Dan Rosenberg discovered that the Bluetooth stack incorrectly handled\n certain L2CAP requests. If a system was using Bluetooth, a remote attacker\n could send specially crafted traffic to crash the system or gain root\n privileges. (CVE-2011-2497)\n \n It was discovered that the EXT4 filesystem contained multiple off-by-one\n flaws. A local attacker could exploit this to crash the system, leading to\n a denial of service. (CVE-2011-2695)\n \n Fernando Gont discovered that the IPv6 stack used predictable fragment\n identification numbers. A remote attacker could exploit this to exhaust\n network resources, leading to a denial of service. (CVE-2011-2699)\n \n Christian Ohm discovered that the perf command looks for configuration\n files in the current directory. If a privileged user were tricked into\n running perf in a directory containing a malicious configuration file, an\n attacker could run arbitrary commands and possibly gain privileges.\n (CVE-2011-2905)\n \n Time Warns discovered that long symlinks were incorrectly handled on Be\n filesystems. A local attacker could exploit this with a malformed Be\n filesystem and crash the system, leading to a denial of service.\n (CVE-2011-2928)\n \n Dan Kaminsky discovered that the kernel incorrectly handled random sequence\n number generation. An attacker could use this flaw to possibly predict\n sequence numbers and inject packets. (CVE-2011-3188)\n \n Darren Lavender discovered that the CIFS client incorrectly handled certain\n large values. A remote attacker with a malicious server could exploit this\n to crash the system or possibly execute arbitrary code as the root user.\n (CVE-2011-3191)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1239-1\";\ntag_affected = \"linux-ec2 on Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1239-1/\");\n script_id(840796);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-31 13:45:00 +0100 (Mon, 31 Oct 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"1239-1\");\n script_cve_id(\"CVE-2011-1576\", \"CVE-2011-1833\", \"CVE-2011-2494\", \"CVE-2011-2495\",\n \"CVE-2011-2497\", \"CVE-2011-2695\", \"CVE-2011-2699\", \"CVE-2011-2905\",\n \"CVE-2011-2928\", \"CVE-2011-3188\", \"CVE-2011-3191\");\n script_name(\"Ubuntu Update for linux-ec2 USN-1239-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-319-ec2\", ver:\"2.6.32-319.39\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:27:04", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1245-1", "cvss3": {}, "published": "2011-10-31T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-mvl-dove USN-1245-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3188", "CVE-2011-1576", "CVE-2011-2928", "CVE-2011-2699", "CVE-2011-2495", "CVE-2011-2494", "CVE-2011-1833", "CVE-2011-2905", "CVE-2011-2497", "CVE-2011-2695", "CVE-2011-3191"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840786", "href": "http://plugins.openvas.org/nasl.php?oid=840786", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1245_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for linux-mvl-dove USN-1245-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Ryan Sweat discovered that the kernel incorrectly handled certain VLAN\n packets. On some systems, a remote attacker could send specially crafted\n traffic to crash the system, leading to a denial of service.\n (CVE-2011-1576)\n\n Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not\n correctly check the origin of mount points. A local attacker could exploit\n this to trick the system into unmounting arbitrary mount points, leading to\n a denial of service. (CVE-2011-1833)\n \n Vasiliy Kulikov discovered that taskstats did not enforce access\n restrictions. A local attacker could exploit this to read certain\n information, leading to a loss of privacy. (CVE-2011-2494)\n \n Vasiliy Kulikov discovered that /proc/PID/io did not enforce access\n restrictions. A local attacker could exploit this to read certain\n information, leading to a loss of privacy. (CVE-2011-2495)\n \n Dan Rosenberg discovered that the Bluetooth stack incorrectly handled\n certain L2CAP requests. If a system was using Bluetooth, a remote attacker\n could send specially crafted traffic to crash the system or gain root\n privileges. (CVE-2011-2497)\n \n It was discovered that the EXT4 filesystem contained multiple off-by-one\n flaws. A local attacker could exploit this to crash the system, leading to\n a denial of service. (CVE-2011-2695)\n \n Fernando Gont discovered that the IPv6 stack used predictable fragment\n identification numbers. A remote attacker could exploit this to exhaust\n network resources, leading to a denial of service. (CVE-2011-2699)\n \n Christian Ohm discovered that the perf command looks for configuration\n files in the current directory. If a privileged user were tricked into\n running perf in a directory containing a malicious configuration file, an\n attacker could run arbitrary commands and possibly gain privileges.\n (CVE-2011-2905)\n \n Time Warns discovered that long symlinks were incorrectly handled on Be\n filesystems. A local attacker could exploit this with a malformed Be\n filesystem and crash the system, leading to a denial of service.\n (CVE-2011-2928)\n \n Dan Kaminsky discovered that the kernel incorrectly handled random sequence\n number generation. An attacker could use this flaw to possibly predict\n sequence numbers and inject packets. (CVE-2011-3188)\n \n Darren Lavender discovered that the CIFS client incorrectly handled certain\n large values. A remote attacker with a malicious server could exploit this\n to crash the system or possibly execute arbitrary code as the root user.\n (CVE-2011-3191)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1245-1\";\ntag_affected = \"linux-mvl-dove on Ubuntu 10.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1245-1/\");\n script_id(840786);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-31 13:45:00 +0100 (Mon, 31 Oct 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"1245-1\");\n script_cve_id(\"CVE-2011-1576\", \"CVE-2011-1833\", \"CVE-2011-2494\", \"CVE-2011-2495\",\n \"CVE-2011-2497\", \"CVE-2011-2695\", \"CVE-2011-2699\", \"CVE-2011-2905\",\n \"CVE-2011-2928\", \"CVE-2011-3188\", \"CVE-2011-3191\");\n script_name(\"Ubuntu Update for linux-mvl-dove USN-1245-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-419-dove\", ver:\"2.6.32-419.37\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:27:40", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1240-1", "cvss3": {}, "published": "2011-10-31T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-mvl-dove USN-1240-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3188", "CVE-2011-1576", "CVE-2011-2928", "CVE-2011-2699", "CVE-2011-2495", "CVE-2011-2494", "CVE-2011-1833", "CVE-2011-2905", "CVE-2011-2497", "CVE-2011-2695", "CVE-2011-3191"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840788", "href": "http://plugins.openvas.org/nasl.php?oid=840788", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1240_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for linux-mvl-dove USN-1240-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Ryan Sweat discovered that the kernel incorrectly handled certain VLAN\n packets. On some systems, a remote attacker could send specially crafted\n traffic to crash the system, leading to a denial of service.\n (CVE-2011-1576)\n\n Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not\n correctly check the origin of mount points. A local attacker could exploit\n this to trick the system into unmounting arbitrary mount points, leading to\n a denial of service. (CVE-2011-1833)\n \n Vasiliy Kulikov discovered that taskstats did not enforce access\n restrictions. A local attacker could exploit this to read certain\n information, leading to a loss of privacy. (CVE-2011-2494)\n \n Vasiliy Kulikov discovered that /proc/PID/io did not enforce access\n restrictions. A local attacker could exploit this to read certain\n information, leading to a loss of privacy. (CVE-2011-2495)\n \n Dan Rosenberg discovered that the Bluetooth stack incorrectly handled\n certain L2CAP requests. If a system was using Bluetooth, a remote attacker\n could send specially crafted traffic to crash the system or gain root\n privileges. (CVE-2011-2497)\n \n It was discovered that the EXT4 filesystem contained multiple off-by-one\n flaws. A local attacker could exploit this to crash the system, leading to\n a denial of service. (CVE-2011-2695)\n \n Fernando Gont discovered that the IPv6 stack used predictable fragment\n identification numbers. A remote attacker could exploit this to exhaust\n network resources, leading to a denial of service. (CVE-2011-2699)\n \n Christian Ohm discovered that the perf command looks for configuration\n files in the current directory. If a privileged user were tricked into\n running perf in a directory containing a malicious configuration file, an\n attacker could run arbitrary commands and possibly gain privileges.\n (CVE-2011-2905)\n \n Time Warns discovered that long symlinks were incorrectly handled on Be\n filesystems. A local attacker could exploit this with a malformed Be\n filesystem and crash the system, leading to a denial of service.\n (CVE-2011-2928)\n \n Dan Kaminsky discovered that the kernel incorrectly handled random sequence\n number generation. An attacker could use this flaw to possibly predict\n sequence numbers and inject packets. (CVE-2011-3188)\n \n Darren Lavender discovered that the CIFS client incorrectly handled certain\n large values. A remote attacker with a malicious server could exploit this\n to crash the system or possibly execute arbitrary code as the root user.\n (CVE-2011-3191)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1240-1\";\ntag_affected = \"linux-mvl-dove on Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1240-1/\");\n script_id(840788);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-31 13:45:00 +0100 (Mon, 31 Oct 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"1240-1\");\n script_cve_id(\"CVE-2011-1576\", \"CVE-2011-1833\", \"CVE-2011-2494\", \"CVE-2011-2495\",\n \"CVE-2011-2497\", \"CVE-2011-2695\", \"CVE-2011-2699\", \"CVE-2011-2905\",\n \"CVE-2011-2928\", \"CVE-2011-3188\", \"CVE-2011-3191\");\n script_name(\"Ubuntu Update for linux-mvl-dove USN-1240-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-219-dove\", ver:\"2.6.32-219.37\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:27:35", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1253-1", "cvss3": {}, "published": "2011-11-11T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-1253-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3188", "CVE-2011-1576", "CVE-2011-2928", "CVE-2011-2699", "CVE-2011-2495", "CVE-2011-2494", "CVE-2011-1833", "CVE-2011-2905", "CVE-2011-2497", "CVE-2011-2695", "CVE-2011-3191"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840804", "href": "http://plugins.openvas.org/nasl.php?oid=840804", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1253_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for linux USN-1253-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Ryan Sweat discovered that the kernel incorrectly handled certain VLAN\n packets. On some systems, a remote attacker could send specially crafted\n traffic to crash the system, leading to a denial of service.\n (CVE-2011-1576)\n\n Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not\n correctly check the origin of mount points. A local attacker could exploit\n this to trick the system into unmounting arbitrary mount points, leading to\n a denial of service. (CVE-2011-1833)\n\n Vasiliy Kulikov discovered that taskstats did not enforce access\n restrictions. A local attacker could exploit this to read certain\n information, leading to a loss of privacy. (CVE-2011-2494)\n\n Vasiliy Kulikov discovered that /proc/PID/io did not enforce access\n restrictions. A local attacker could exploit this to read certain\n information, leading to a loss of privacy. (CVE-2011-2495)\n\n Dan Rosenberg discovered that the Bluetooth stack incorrectly handled\n certain L2CAP requests. If a system was using Bluetooth, a remote attacker\n could send specially crafted traffic to crash the system or gain root\n privileges. (CVE-2011-2497)\n\n It was discovered that the EXT4 filesystem contained multiple off-by-one\n flaws. A local attacker could exploit this to crash the system, leading to\n a denial of service. (CVE-2011-2695)\n\n Fernando Gont discovered that the IPv6 stack used predictable fragment\n identification numbers. A remote attacker could exploit this to exhaust\n network resources, leading to a denial of service. (CVE-2011-2699)\n\n Christian Ohm discovered that the perf command looks for configuration\n files in the current directory. If a privileged user were tricked into\n running perf in a directory containing a malicious configuration file, an\n attacker could run arbitrary commands and possibly gain privileges.\n (CVE-2011-2905)\n\n Time Warns discovered that long symlinks were incorrectly handled on Be\n filesystems. A local attacker could exploit this with a malformed Be\n filesystem and crash the system, leading to a denial of service.\n (CVE-2011-2928)\n\n Dan Kaminsky discovered that the kernel incorrectly handled random sequence\n number generation. An attacker could use this flaw to possibly predict\n sequence numbers and inject packets. (CVE-2011-3188)\n\n Darren Lavender discovered that the CIFS client incorrectly handled certain\n large values. A remote attacker with a malicious server could exploit this\n to crash the system or possibly execute arbitrary code as the root user.\n (CVE-2011-3191)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1253-1\";\ntag_affected = \"linux on Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1253-1/\");\n script_id(840804);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-11 09:59:23 +0530 (Fri, 11 Nov 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"1253-1\");\n script_cve_id(\"CVE-2011-1576\", \"CVE-2011-1833\", \"CVE-2011-2494\", \"CVE-2011-2495\",\n \"CVE-2011-2497\", \"CVE-2011-2695\", \"CVE-2011-2699\", \"CVE-2011-2905\",\n \"CVE-2011-2928\", \"CVE-2011-3188\", \"CVE-2011-3191\");\n script_name(\"Ubuntu Update for linux USN-1253-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-35-386\", ver:\"2.6.32-35.78\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-35-generic\", ver:\"2.6.32-35.78\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-35-generic-pae\", ver:\"2.6.32-35.78\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-35-ia64\", ver:\"2.6.32-35.78\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-35-lpia\", ver:\"2.6.32-35.78\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-35-powerpc\", ver:\"2.6.32-35.78\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-35-powerpc-smp\", ver:\"2.6.32-35.78\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-35-powerpc64-smp\", ver:\"2.6.32-35.78\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-35-preempt\", ver:\"2.6.32-35.78\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-35-server\", ver:\"2.6.32-35.78\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-35-sparc64\", ver:\"2.6.32-35.78\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-35-sparc64-smp\", ver:\"2.6.32-35.78\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-35-versatile\", ver:\"2.6.32-35.78\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-35-virtual\", ver:\"2.6.32-35.78\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-08-01T16:16:02", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1240-1", "cvss3": {}, "published": "2011-10-31T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-mvl-dove USN-1240-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3188", "CVE-2011-1576", "CVE-2011-2928", "CVE-2011-2699", "CVE-2011-2495", "CVE-2011-2494", "CVE-2011-1833", "CVE-2011-2905", "CVE-2011-2497", "CVE-2011-2695", "CVE-2011-3191"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840788", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840788", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1240_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux-mvl-dove USN-1240-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1240-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840788\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-31 13:45:00 +0100 (Mon, 31 Oct 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"USN\", value:\"1240-1\");\n script_cve_id(\"CVE-2011-1576\", \"CVE-2011-1833\", \"CVE-2011-2494\", \"CVE-2011-2495\",\n \"CVE-2011-2497\", \"CVE-2011-2695\", \"CVE-2011-2699\", \"CVE-2011-2905\",\n \"CVE-2011-2928\", \"CVE-2011-3188\", \"CVE-2011-3191\");\n script_name(\"Ubuntu Update for linux-mvl-dove USN-1240-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU10\\.04 LTS\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1240-1\");\n script_tag(name:\"affected\", value:\"linux-mvl-dove on Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Ryan Sweat discovered that the kernel incorrectly handled certain VLAN\n packets. On some systems, a remote attacker could send specially crafted\n traffic to crash the system, leading to a denial of service.\n (CVE-2011-1576)\n\n Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not\n correctly check the origin of mount points. A local attacker could exploit\n this to trick the system into unmounting arbitrary mount points, leading to\n a denial of service. (CVE-2011-1833)\n\n Vasiliy Kulikov discovered that taskstats did not enforce access\n restrictions. A local attacker could exploit this to read certain\n information, leading to a loss of privacy. (CVE-2011-2494)\n\n Vasiliy Kulikov discovered that /proc/PID/io did not enforce access\n restrictions. A local attacker could exploit this to read certain\n information, leading to a loss of privacy. (CVE-2011-2495)\n\n Dan Rosenberg discovered that the Bluetooth stack incorrectly handled\n certain L2CAP requests. If a system was using Bluetooth, a remote attacker\n could send specially crafted traffic to crash the system or gain root\n privileges. (CVE-2011-2497)\n\n It was discovered that the EXT4 filesystem contained multiple off-by-one\n flaws. A local attacker could exploit this to crash the system, leading to\n a denial of service. (CVE-2011-2695)\n\n Fernando Gont discovered that the IPv6 stack used predictable fragment\n identification numbers. A remote attacker could exploit this to exhaust\n network resources, leading to a denial of service. (CVE-2011-2699)\n\n Christian Ohm discovered that the perf command looks for configuration\n files in the current directory. If a privileged user were tricked into\n running perf in a directory containing a malicious configuration file, an\n attacker could run arbitrary commands and possibly gain privileges.\n (CVE-2011-2905)\n\n Time Warns discovered that long symlinks were incorrectly handled on Be\n filesystems. A local attacker could exploit this with a malformed Be\n filesystem and crash the system, leading to a denial of service.\n (CVE-2011-2928)\n\n Dan Kaminsky discovered that the kernel incorrectly handled random sequence\n number generation. An attacker could use this flaw to possibly predict\n sequence numbers and inject packets. (CVE-2011-3188)\n\n Darren Lavender discovered that the CIFS client incorrectly handled certain\n large values. A remote attacker with a malicious server could exploit this\n to crash the system or possibly execute arbitrary code as the root user.\n (CVE-2011-3191)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-219-dove\", ver:\"2.6.32-219.37\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-12-04T11:27:37", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1274-1", "cvss3": {}, "published": "2011-11-25T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-mvl-dove USN-1274-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2491", "CVE-2011-2517", "CVE-2011-2525", "CVE-2011-2496"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840816", "href": "http://plugins.openvas.org/nasl.php?oid=840816", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1274_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for linux-mvl-dove USN-1274-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Vasily Averin discovered that the NFS Lock Manager (NLM) incorrectly\n handled unlock requests. A local attacker could exploit this to cause a\n denial of service. (CVE-2011-2491)\n\n Robert Swiecki discovered that mapping extensions were incorrectly handled.\n A local attacker could exploit this to crash the system, leading to a\n denial of service. (CVE-2011-2496)\n\n It was discovered that the wireless stack incorrectly verified SSID\n lengths. A local attacker could exploit this to cause a denial of service\n or gain root privileges. (CVE-2011-2517)\n\n Ben Pfaff discovered that Classless Queuing Disciplines (qdiscs) were being\n incorrectly handled. A local attacker could exploit this to crash the\n system, leading to a denial of service. (CVE-2011-2525)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1274-1\";\ntag_affected = \"linux-mvl-dove on Ubuntu 10.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1274-1/\");\n script_id(840816);\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-25 12:01:58 +0530 (Fri, 25 Nov 2011)\");\n script_xref(name: \"USN\", value: \"1274-1\");\n script_cve_id(\"CVE-2011-2491\", \"CVE-2011-2496\", \"CVE-2011-2517\", \"CVE-2011-2525\");\n script_name(\"Ubuntu Update for linux-mvl-dove USN-1274-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-420-dove\", ver:\"2.6.32-420.38\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:26:51", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1269-1", "cvss3": {}, "published": "2011-11-25T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-ec2 USN-1269-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2491", "CVE-2011-2517", "CVE-2011-2525", "CVE-2011-2496"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840823", "href": "http://plugins.openvas.org/nasl.php?oid=840823", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1269_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for linux-ec2 USN-1269-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Vasily Averin discovered that the NFS Lock Manager (NLM) incorrectly\n handled unlock requests. A local attacker could exploit this to cause a\n denial of service. (CVE-2011-2491)\n\n Robert Swiecki discovered that mapping extensions were incorrectly handled.\n A local attacker could exploit this to crash the system, leading to a\n denial of service. (CVE-2011-2496)\n\n It was discovered that the wireless stack incorrectly verified SSID\n lengths. A local attacker could exploit this to cause a denial of service\n or gain root privileges. (CVE-2011-2517)\n\n Ben Pfaff discovered that Classless Queuing Disciplines (qdiscs) were being\n incorrectly handled. A local attacker could exploit this to crash the\n system, leading to a denial of service. (CVE-2011-2525)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1269-1\";\ntag_affected = \"linux-ec2 on Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1269-1/\");\n script_id(840823);\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-25 12:03:55 +0530 (Fri, 25 Nov 2011)\");\n script_xref(name: \"USN\", value: \"1269-1\");\n script_cve_id(\"CVE-2011-2491\", \"CVE-2011-2496\", \"CVE-2011-2517\", \"CVE-2011-2525\");\n script_name(\"Ubuntu Update for linux-ec2 USN-1269-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-340-ec2\", ver:\"2.6.32-340.40\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:51", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1274-1", "cvss3": {}, "published": "2011-11-25T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-mvl-dove USN-1274-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2491", "CVE-2011-2517", "CVE-2011-2525", "CVE-2011-2496"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840816", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840816", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1274_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux-mvl-dove USN-1274-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1274-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840816\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-25 12:01:58 +0530 (Fri, 25 Nov 2011)\");\n script_xref(name:\"USN\", value:\"1274-1\");\n script_cve_id(\"CVE-2011-2491\", \"CVE-2011-2496\", \"CVE-2011-2517\", \"CVE-2011-2525\");\n script_name(\"Ubuntu Update for linux-mvl-dove USN-1274-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU10\\.10\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1274-1\");\n script_tag(name:\"affected\", value:\"linux-mvl-dove on Ubuntu 10.10\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Vasily Averin discovered that the NFS Lock Manager (NLM) incorrectly\n handled unlock requests. A local attacker could exploit this to cause a\n denial of service. (CVE-2011-2491)\n\n Robert Swiecki discovered that mapping extensions were incorrectly handled.\n A local attacker could exploit this to crash the system, leading to a\n denial of service. (CVE-2011-2496)\n\n It was discovered that the wireless stack incorrectly verified SSID\n lengths. A local attacker could exploit this to cause a denial of service\n or gain root privileges. (CVE-2011-2517)\n\n Ben Pfaff discovered that Classless Queuing Disciplines (qdiscs) were being\n incorrectly handled. A local attacker could exploit this to crash the\n system, leading to a denial of service. (CVE-2011-2525)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-420-dove\", ver:\"2.6.32-420.38\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:32", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1269-1", "cvss3": {}, "published": "2011-11-25T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-ec2 USN-1269-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2491", "CVE-2011-2517", "CVE-2011-2525", "CVE-2011-2496"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840823", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840823", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1269_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux-ec2 USN-1269-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1269-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840823\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-25 12:03:55 +0530 (Fri, 25 Nov 2011)\");\n script_xref(name:\"USN\", value:\"1269-1\");\n script_cve_id(\"CVE-2011-2491\", \"CVE-2011-2496\", \"CVE-2011-2517\", \"CVE-2011-2525\");\n script_name(\"Ubuntu Update for linux-ec2 USN-1269-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU10\\.04 LTS\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1269-1\");\n script_tag(name:\"affected\", value:\"linux-ec2 on Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Vasily Averin discovered that the NFS Lock Manager (NLM) incorrectly\n handled unlock requests. A local attacker could exploit this to cause a\n denial of service. (CVE-2011-2491)\n\n Robert Swiecki discovered that mapping extensions were incorrectly handled.\n A local attacker could exploit this to crash the system, leading to a\n denial of service. (CVE-2011-2496)\n\n It was discovered that the wireless stack incorrectly verified SSID\n lengths. A local attacker could exploit this to cause a denial of service\n or gain root privileges. (CVE-2011-2517)\n\n Ben Pfaff discovered that Classless Queuing Disciplines (qdiscs) were being\n incorrectly handled. A local attacker could exploit this to crash the\n system, leading to a denial of service. (CVE-2011-2525)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-340-ec2\", ver:\"2.6.32-340.40\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-01T16:16:28", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1246-1", "cvss3": {}, "published": "2011-10-31T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-1246-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3188", "CVE-2011-2723", "CVE-2011-2928", "CVE-2011-2700", "CVE-2011-2213", "CVE-2011-2497", "CVE-2011-2695", "CVE-2011-3191"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840793", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840793", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1246_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux USN-1246-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1246-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840793\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-31 13:45:00 +0100 (Mon, 31 Oct 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"USN\", value:\"1246-1\");\n script_cve_id(\"CVE-2011-2213\", \"CVE-2011-2497\", \"CVE-2011-2695\", \"CVE-2011-2700\",\n \"CVE-2011-2723\", \"CVE-2011-2928\", \"CVE-2011-3188\", \"CVE-2011-3191\");\n script_name(\"Ubuntu Update for linux USN-1246-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU11\\.04\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1246-1\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 11.04\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Dan Rosenberg discovered that the IPv4 diagnostic routines did not\n correctly validate certain requests. A local attacker could exploit this to\n consume CPU resources, leading to a denial of service. (CVE-2011-2213)\n\n Dan Rosenberg discovered that the Bluetooth stack incorrectly handled\n certain L2CAP requests. If a system was using Bluetooth, a remote attacker\n could send specially crafted traffic to crash the system or gain root\n privileges. (CVE-2011-2497)\n\n It was discovered that the EXT4 filesystem contained multiple off-by-one\n flaws. A local attacker could exploit this to crash the system, leading to\n a denial of service. (CVE-2011-2695)\n\n Mauro Carvalho Chehab discovered that the si4713 radio driver did not\n correctly check the length of memory copies. If this hardware was\n available, a local attacker could exploit this to crash the system or gain\n root privileges. (CVE-2011-2700)\n\n Herbert Xu discovered that certain fields were incorrectly handled when\n Generic Receive Offload (CVE-2011-2723)\n\n Time Warns discovered that long symlinks were incorrectly handled on Be\n filesystems. A local attacker could exploit this with a malformed Be\n filesystem and crash the system, leading to a denial of service.\n (CVE-2011-2928)\n\n Dan Kaminsky discovered that the kernel incorrectly handled random sequence\n number generation. An attacker could use this flaw to possibly predict\n sequence numbers and inject packets. (CVE-2011-3188)\n\n Darren Lavender discovered that the CIFS client incorrectly handled certain\n large values. A remote attacker with a malicious server could exploit this\n to crash the system or possibly execute arbitrary code as the root user.\n (CVE-2011-3191)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-12-generic\", ver:\"2.6.38-12.51\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-12-generic-pae\", ver:\"2.6.38-12.51\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-12-omap\", ver:\"2.6.38-12.51\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-12-powerpc\", ver:\"2.6.38-12.51\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-12-powerpc-smp\", ver:\"2.6.38-12.51\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-12-powerpc64-smp\", ver:\"2.6.38-12.51\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-12-server\", ver:\"2.6.38-12.51\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-12-versatile\", ver:\"2.6.38-12.51\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-12-virtual\", ver:\"2.6.38-12.51\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-12-04T11:27:41", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1246-1", "cvss3": {}, "published": "2011-10-31T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-1246-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3188", "CVE-2011-2723", "CVE-2011-2928", "CVE-2011-2700", "CVE-2011-2213", "CVE-2011-2497", "CVE-2011-2695", "CVE-2011-3191"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840793", "href": "http://plugins.openvas.org/nasl.php?oid=840793", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1246_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for linux USN-1246-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Dan Rosenberg discovered that the IPv4 diagnostic routines did not\n correctly validate certain requests. A local attacker could exploit this to\n consume CPU resources, leading to a denial of service. (CVE-2011-2213)\n\n Dan Rosenberg discovered that the Bluetooth stack incorrectly handled\n certain L2CAP requests. If a system was using Bluetooth, a remote attacker\n could send specially crafted traffic to crash the system or gain root\n privileges. (CVE-2011-2497)\n \n It was discovered that the EXT4 filesystem contained multiple off-by-one\n flaws. A local attacker could exploit this to crash the system, leading to\n a denial of service. (CVE-2011-2695)\n \n Mauro Carvalho Chehab discovered that the si4713 radio driver did not\n correctly check the length of memory copies. If this hardware was\n available, a local attacker could exploit this to crash the system or gain\n root privileges. (CVE-2011-2700)\n \n Herbert Xu discovered that certain fields were incorrectly handled when\n Generic Receive Offload (CVE-2011-2723)\n \n Time Warns discovered that long symlinks were incorrectly handled on Be\n filesystems. A local attacker could exploit this with a malformed Be\n filesystem and crash the system, leading to a denial of service.\n (CVE-2011-2928)\n \n Dan Kaminsky discovered that the kernel incorrectly handled random sequence\n number generation. An attacker could use this flaw to possibly predict\n sequence numbers and inject packets. (CVE-2011-3188)\n \n Darren Lavender discovered that the CIFS client incorrectly handled certain\n large values. A remote attacker with a malicious server could exploit this\n to crash the system or possibly execute arbitrary code as the root user.\n (CVE-2011-3191)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1246-1\";\ntag_affected = \"linux on Ubuntu 11.04\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1246-1/\");\n script_id(840793);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-31 13:45:00 +0100 (Mon, 31 Oct 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"1246-1\");\n script_cve_id(\"CVE-2011-2213\", \"CVE-2011-2497\", \"CVE-2011-2695\", \"CVE-2011-2700\",\n \"CVE-2011-2723\", \"CVE-2011-2928\", \"CVE-2011-3188\", \"CVE-2011-3191\");\n script_name(\"Ubuntu Update for linux USN-1246-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-12-generic\", ver:\"2.6.38-12.51\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-12-generic-pae\", ver:\"2.6.38-12.51\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-12-omap\", ver:\"2.6.38-12.51\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-12-powerpc\", ver:\"2.6.38-12.51\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-12-powerpc-smp\", ver:\"2.6.38-12.51\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-12-powerpc64-smp\", ver:\"2.6.38-12.51\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-12-server\", ver:\"2.6.38-12.51\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-12-versatile\", ver:\"2.6.38-12.51\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-12-virtual\", ver:\"2.6.38-12.51\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-08-01T16:16:35", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1256-1", "cvss3": {}, "published": "2011-11-11T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-lts-backport-natty USN-1256-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1768", "CVE-2011-2918", "CVE-2011-2942", "CVE-2011-3188", "CVE-2011-2723", "CVE-2011-1160", "CVE-2011-1078", "CVE-2011-2493", "CVE-2011-2491", "CVE-2011-1478", "CVE-2011-1776", "CVE-2011-1767", "CVE-2011-2517", "CVE-2011-1771", "CVE-2011-1576", "CVE-2011-1573", "CVE-2011-2492", "CVE-2011-2928", "CVE-2011-2699", "CVE-2011-2495", "CVE-2011-2484", "CVE-2011-2909", "CVE-2011-3209", "CVE-2011-1180", "CVE-2011-1079", "CVE-2011-1581", "CVE-2011-2494", "CVE-2011-3363", "CVE-2011-1833", "CVE-2011-2700", "CVE-2010-4250", "CVE-2011-1093", "CVE-2011-1020", "CVE-2011-2479", "CVE-2011-2905", "CVE-2011-2213", "CVE-2011-2497", "CVE-2011-1493", "CVE-2011-2689", "CVE-2011-2695", "CVE-2011-1479", "CVE-2011-2183", "CVE-2011-2525", "CVE-2011-3191", "CVE-2011-1080", "CVE-2011-1585", "CVE-2011-1577", "CVE-2011-2496"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840802", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840802", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1256_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux-lts-backport-natty USN-1256-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1256-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840802\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-11 09:55:49 +0530 (Fri, 11 Nov 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"USN\", value:\"1256-1\");\n script_cve_id(\"CVE-2011-1020\", \"CVE-2011-1078\", \"CVE-2011-1079\", \"CVE-2011-1080\",\n \"CVE-2011-1093\", \"CVE-2011-1160\", \"CVE-2011-1180\", \"CVE-2011-1478\",\n \"CVE-2010-4250\", \"CVE-2011-1479\", \"CVE-2011-1493\", \"CVE-2011-1573\",\n \"CVE-2011-1576\", \"CVE-2011-1577\", \"CVE-2011-1581\", \"CVE-2011-1585\",\n \"CVE-2011-1767\", \"CVE-2011-1768\", \"CVE-2011-1771\", \"CVE-2011-1776\",\n \"CVE-2011-1833\", \"CVE-2011-2183\", \"CVE-2011-2213\", \"CVE-2011-2479\",\n \"CVE-2011-2484\", \"CVE-2011-2491\", \"CVE-2011-2492\", \"CVE-2011-2493\",\n \"CVE-2011-2494\", \"CVE-2011-2495\", \"CVE-2011-2496\", \"CVE-2011-2497\",\n \"CVE-2011-2517\", \"CVE-2011-2525\", \"CVE-2011-2689\", \"CVE-2011-2695\",\n \"CVE-2011-2699\", \"CVE-2011-2700\", \"CVE-2011-2723\", \"CVE-2011-2905\",\n \"CVE-2011-2909\", \"CVE-2011-2918\", \"CVE-2011-2928\", \"CVE-2011-2942\",\n \"CVE-2011-3188\", \"CVE-2011-3191\", \"CVE-2011-3209\", \"CVE-2011-3363\");\n script_name(\"Ubuntu Update for linux-lts-backport-natty USN-1256-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU10\\.04 LTS\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1256-1\");\n script_tag(name:\"affected\", value:\"linux-lts-backport-natty on Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"It was discovered that the /proc filesystem did not correctly handle\n permission changes when programs executed. A local attacker could hold open\n files to examine details about programs running with higher privileges,\n potentially increasing the chances of exploiting additional\n vulnerabilities. (CVE-2011-1020)\n\n Vasiliy Kulikov discovered that the Bluetooth stack did not correctly clear\n memory. A local attacker could exploit this to read kernel stack memory,\n leading to a loss of privacy. (CVE-2011-1078)\n\n Vasiliy Kulikov discovered that the Bluetooth stack did not correctly check\n that device name strings were NULL terminated. A local attacker could\n exploit this to crash the system, leading to a denial of service, or leak\n contents of kernel stack memory, leading to a loss of privacy.\n (CVE-2011-1079)\n\n Vasiliy Kulikov discovered that bridge network filtering did not check that\n name fields were NULL terminated. A local attacker could exploit this to\n leak contents of kernel stack memory, leading to a loss of privacy.\n (CVE-2011-1080)\n\n Johan Hovold discovered that the DCCP network stack did not correctly\n handle certain packet combinations. A remote attacker could send specially\n crafted network traffic that would crash the system, leading to a denial of\n service. (CVE-2011-1093)\n\n Peter Huewe discovered that the TPM device did not correctly initialize\n memory. A local attacker could exploit this to read kernel heap memory\n contents, leading to a loss of privacy. (CVE-2011-1160)\n\n Dan Rosenberg discovered that the IRDA subsystem did not correctly check\n certain field sizes. If a system was using IRDA, a remote attacker could\n send specially crafted traffic to crash the system or gain root privileges.\n (CVE-2011-1180)\n\n Ryan Sweat discovered that the GRO code did not correctly validate memory.\n In some configurations on systems using VLANs, a remote attacker could send\n specially crafted traffic to crash the system, leading to a denial of\n service. (CVE-2011-1478)\n\n It was discovered that the security fix for CVE-2010-4250 introduced a\n regression. A remote attacker could exploit this to crash the system,\n leading to a denial of service. (CVE-2011-1479)\n\n Dan Rosenberg discovered that the X.25 Rose network stack did not correctly\n handle certain fields. If a system was running with Rose enabled, a remote\n attacker could send specially crafted traffic to gain root privileges.\n (CVE-2011-1493)\n\n It was discovered that the Stream Control Transmission Protocol (SCTP)\n implementation incorrectly calculated length ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-12-generic\", ver:\"2.6.38-12.51~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-12-generic-pae\", ver:\"2.6.38-12.51~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-12-server\", ver:\"2.6.38-12.51~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-12-virtual\", ver:\"2.6.38-12.51~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2017-12-04T11:27:24", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1256-1", "cvss3": {}, "published": "2011-11-11T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-lts-backport-natty USN-1256-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1768", "CVE-2011-2918", "CVE-2011-2942", "CVE-2011-3188", "CVE-2011-2723", "CVE-2011-1160", "CVE-2011-1078", "CVE-2011-2493", "CVE-2011-2491", "CVE-2011-1478", "CVE-2011-1776", "CVE-2011-1767", "CVE-2011-2517", "CVE-2011-1771", "CVE-2011-1576", "CVE-2011-1573", "CVE-2011-2492", "CVE-2011-2928", "CVE-2011-2699", "CVE-2011-2495", "CVE-2011-2484", "CVE-2011-2909", "CVE-2011-3209", "CVE-2011-1180", "CVE-2011-1079", "CVE-2011-1581", "CVE-2011-2494", "CVE-2011-3363", "CVE-2011-1833", "CVE-2011-2700", "CVE-2010-4250", "CVE-2011-1093", "CVE-2011-1020", "CVE-2011-2479", "CVE-2011-2905", "CVE-2011-2213", "CVE-2011-2497", "CVE-2011-1493", "CVE-2011-2689", "CVE-2011-2695", "CVE-2011-1479", "CVE-2011-2183", "CVE-2011-2525", "CVE-2011-3191", "CVE-2011-1080", "CVE-2011-1585", "CVE-2011-1577", "CVE-2011-2496"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840802", "href": "http://plugins.openvas.org/nasl.php?oid=840802", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1256_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for linux-lts-backport-natty USN-1256-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that the /proc filesystem did not correctly handle\n permission changes when programs executed. A local attacker could hold open\n files to examine details about programs running with higher privileges,\n potentially increasing the chances of exploiting additional\n vulnerabilities. (CVE-2011-1020)\n\n Vasiliy Kulikov discovered that the Bluetooth stack did not correctly clear\n memory. A local attacker could exploit this to read kernel stack memory,\n leading to a loss of privacy. (CVE-2011-1078)\n\n Vasiliy Kulikov discovered that the Bluetooth stack did not correctly check\n that device name strings were NULL terminated. A local attacker could\n exploit this to crash the system, leading to a denial of service, or leak\n contents of kernel stack memory, leading to a loss of privacy.\n (CVE-2011-1079)\n\n Vasiliy Kulikov discovered that bridge network filtering did not check that\n name fields were NULL terminated. A local attacker could exploit this to\n leak contents of kernel stack memory, leading to a loss of privacy.\n (CVE-2011-1080)\n\n Johan Hovold discovered that the DCCP network stack did not correctly\n handle certain packet combinations. A remote attacker could send specially\n crafted network traffic that would crash the system, leading to a denial of\n service. (CVE-2011-1093)\n\n Peter Huewe discovered that the TPM device did not correctly initialize\n memory. A local attacker could exploit this to read kernel heap memory\n contents, leading to a loss of privacy. (CVE-2011-1160)\n\n Dan Rosenberg discovered that the IRDA subsystem did not correctly check\n certain field sizes. If a system was using IRDA, a remote attacker could\n send specially crafted traffic to crash the system or gain root privileges.\n (CVE-2011-1180)\n\n Ryan Sweat discovered that the GRO code did not correctly validate memory.\n In some configurations on systems using VLANs, a remote attacker could send\n specially crafted traffic to crash the system, leading to a denial of\n service. (CVE-2011-1478)\n\n It was discovered that the security fix for CVE-2010-4250 introduced a\n regression. A remote attacker could exploit this to crash the system,\n leading to a denial of service. (CVE-2011-1479)\n\n Dan Rosenberg discovered that the X.25 Rose network stack did not correctly\n handle certain fields. If a system was running with Rose enabled, a remote\n attacker could send specially crafted traffic to gain root privileges.\n (CVE-2011-1493)\n\n It was discovered that the Stream Control Transmission Protocol (SCTP)\n implementation incorrectly calculated length ...\n\n Description truncated, for more information please check the Reference URL\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1256-1\";\ntag_affected = \"linux-lts-backport-natty on Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1256-1/\");\n script_id(840802);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-11 09:55:49 +0530 (Fri, 11 Nov 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"1256-1\");\n script_cve_id(\"CVE-2011-1020\", \"CVE-2011-1078\", \"CVE-2011-1079\", \"CVE-2011-1080\",\n \"CVE-2011-1093\", \"CVE-2011-1160\", \"CVE-2011-1180\", \"CVE-2011-1478\",\n \"CVE-2010-4250\", \"CVE-2011-1479\", \"CVE-2011-1493\", \"CVE-2011-1573\",\n \"CVE-2011-1576\", \"CVE-2011-1577\", \"CVE-2011-1581\", \"CVE-2011-1585\",\n \"CVE-2011-1767\", \"CVE-2011-1768\", \"CVE-2011-1771\", \"CVE-2011-1776\",\n \"CVE-2011-1833\", \"CVE-2011-2183\", \"CVE-2011-2213\", \"CVE-2011-2479\",\n \"CVE-2011-2484\", \"CVE-2011-2491\", \"CVE-2011-2492\", \"CVE-2011-2493\",\n \"CVE-2011-2494\", \"CVE-2011-2495\", \"CVE-2011-2496\", \"CVE-2011-2497\",\n \"CVE-2011-2517\", \"CVE-2011-2525\", \"CVE-2011-2689\", \"CVE-2011-2695\",\n \"CVE-2011-2699\", \"CVE-2011-2700\", \"CVE-2011-2723\", \"CVE-2011-2905\",\n \"CVE-2011-2909\", \"CVE-2011-2918\", \"CVE-2011-2928\", \"CVE-2011-2942\",\n \"CVE-2011-3188\", \"CVE-2011-3191\", \"CVE-2011-3209\", \"CVE-2011-3363\");\n script_name(\"Ubuntu Update for linux-lts-backport-natty USN-1256-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-12-generic\", ver:\"2.6.38-12.51~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-12-generic-pae\", ver:\"2.6.38-12.51~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-12-server\", ver:\"2.6.38-12.51~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-12-virtual\", ver:\"2.6.38-12.51~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:26:28", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1211-1", "cvss3": {}, "published": "2011-09-23T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-1211-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2918", "CVE-2011-2492", "CVE-2011-2699", "CVE-2011-1833", "CVE-2011-1020", "CVE-2011-1493", "CVE-2011-2689"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840749", "href": "http://plugins.openvas.org/nasl.php?oid=840749", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1211_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for linux USN-1211-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that the /proc filesystem did not correctly handle\n permission changes when programs executed. A local attacker could hold open\n files to examine details about programs running with higher privileges,\n potentially increasing the chances of exploiting additional\n vulnerabilities. (CVE-2011-1020)\n\n Dan Rosenberg discovered that the X.25 Rose network stack did not correctly\n handle certain fields. If a system was running with Rose enabled, a remote\n attacker could send specially crafted traffic to gain root privileges.\n (CVE-2011-1493)\n \n Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not\n correctly check the origin of mount points. A local attacker could exploit\n this to trick the system into unmounting arbitrary mount points, leading to\n a denial of service. (CVE-2011-1833)\n \n It was discovered that Bluetooth l2cap and rfcomm did not correctly\n initialize structures. A local attacker could exploit this to read portions\n of the kernel stack, leading to a loss of privacy. (CVE-2011-2492)\n \n It was discovered that GFS2 did not correctly check block sizes. A local\n attacker could exploit this to crash the system, leading to a denial of\n service. (CVE-2011-2689)\n \n Fernando Gont discovered that the IPv6 stack used predictable fragment\n identification numbers. A remote attacker could exploit this to exhaust\n network resources, leading to a denial of service. (CVE-2011-2699)\n \n The performance counter subsystem did not correctly handle certain\n counters. A local attacker could exploit this to crash the system, leading\n to a denial of service. (CVE-2011-2918)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1211-1\";\ntag_affected = \"linux on Ubuntu 11.04\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1211-1/\");\n script_id(840749);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-23 16:39:49 +0200 (Fri, 23 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"USN\", value: \"1211-1\");\n script_cve_id(\"CVE-2011-1020\", \"CVE-2011-1493\", \"CVE-2011-1833\", \"CVE-2011-2492\", \"CVE-2011-2689\", \"CVE-2011-2699\", \"CVE-2011-2918\");\n script_name(\"Ubuntu Update for linux USN-1211-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-11-generic\", ver:\"2.6.38-11.50\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-11-generic-pae\", ver:\"2.6.38-11.50\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-11-omap\", ver:\"2.6.38-11.50\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-11-powerpc\", ver:\"2.6.38-11.50\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-11-powerpc-smp\", ver:\"2.6.38-11.50\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-11-powerpc64-smp\", ver:\"2.6.38-11.50\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-11-server\", ver:\"2.6.38-11.50\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-11-versatile\", ver:\"2.6.38-11.50\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-11-virtual\", ver:\"2.6.38-11.50\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:31", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1211-1", "cvss3": {}, "published": "2011-09-23T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-1211-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2918", "CVE-2011-2492", "CVE-2011-2699", "CVE-2011-1833", "CVE-2011-1020", "CVE-2011-1493", "CVE-2011-2689"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840749", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840749", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1211_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux USN-1211-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1211-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840749\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-23 16:39:49 +0200 (Fri, 23 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name:\"USN\", value:\"1211-1\");\n script_cve_id(\"CVE-2011-1020\", \"CVE-2011-1493\", \"CVE-2011-1833\", \"CVE-2011-2492\", \"CVE-2011-2689\", \"CVE-2011-2699\", \"CVE-2011-2918\");\n script_name(\"Ubuntu Update for linux USN-1211-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU11\\.04\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1211-1\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 11.04\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"It was discovered that the /proc filesystem did not correctly handle\n permission changes when programs executed. A local attacker could hold open\n files to examine details about programs running with higher privileges,\n potentially increasing the chances of exploiting additional\n vulnerabilities. (CVE-2011-1020)\n\n Dan Rosenberg discovered that the X.25 Rose network stack did not correctly\n handle certain fields. If a system was running with Rose enabled, a remote\n attacker could send specially crafted traffic to gain root privileges.\n (CVE-2011-1493)\n\n Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not\n correctly check the origin of mount points. A local attacker could exploit\n this to trick the system into unmounting arbitrary mount points, leading to\n a denial of service. (CVE-2011-1833)\n\n It was discovered that Bluetooth l2cap and rfcomm did not correctly\n initialize structures. A local attacker could exploit this to read portions\n of the kernel stack, leading to a loss of privacy. (CVE-2011-2492)\n\n It was discovered that GFS2 did not correctly check block sizes. A local\n attacker could exploit this to crash the system, leading to a denial of\n service. (CVE-2011-2689)\n\n Fernando Gont discovered that the IPv6 stack used predictable fragment\n identification numbers. A remote attacker could exploit this to exhaust\n network resources, leading to a denial of service. (CVE-2011-2699)\n\n The performance counter subsystem did not correctly handle certain\n counters. A local attacker could exploit this to crash the system, leading\n to a denial of service. (CVE-2011-2918)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-11-generic\", ver:\"2.6.38-11.50\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-11-generic-pae\", ver:\"2.6.38-11.50\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-11-omap\", ver:\"2.6.38-11.50\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-11-powerpc\", ver:\"2.6.38-11.50\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-11-powerpc-smp\", ver:\"2.6.38-11.50\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-11-powerpc64-smp\", ver:\"2.6.38-11.50\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-11-server\", ver:\"2.6.38-11.50\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-11-versatile\", ver:\"2.6.38-11.50\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-11-virtual\", ver:\"2.6.38-11.50\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2017-07-25T10:55:57", "description": "Check for the Version of kernel", "cvss3": {}, "published": "2011-08-27T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2011-11103", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-3904", "CVE-2010-4073", "CVE-2010-4668", "CVE-2010-4072", "CVE-2011-1746", "CVE-2011-1494", "CVE-2011-2517", "CVE-2011-1598", "CVE-2010-2963", "CVE-2011-2699", "CVE-2011-2484", "CVE-2010-3698", "CVE-2011-1770", "CVE-2011-1495", "CVE-2010-3880", "CVE-2011-2905", "CVE-2011-1748", "CVE-2011-2213", "CVE-2011-2497", "CVE-2011-2695", "CVE-2010-2962", "CVE-2011-1745", "CVE-2011-2183"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:863447", "href": "http://plugins.openvas.org/nasl.php?oid=863447", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2011-11103\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"kernel on Fedora 14\";\ntag_insight = \"The kernel package contains the Linux kernel (vmlinuz), the core of any\n Linux operating system. The kernel handles the basic functions\n of the operating system: memory allocation, process allocation, device\n input and output, etc.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064393.html\");\n script_id(863447);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-27 16:37:49 +0200 (Sat, 27 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"8.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2011-11103\");\n script_cve_id(\"CVE-2011-2905\", \"CVE-2011-2695\", \"CVE-2011-2497\", \"CVE-2011-2517\", \"CVE-2011-2699\", \"CVE-2011-1770\", \"CVE-2011-1494\", \"CVE-2011-1495\", \"CVE-2011-1745\", \"CVE-2011-1746\", \"CVE-2010-4668\", \"CVE-2010-4073\", \"CVE-2010-4072\", \"CVE-2010-3880\", \"CVE-2010-2962\", \"CVE-2010-3698\", \"CVE-2010-2963\", \"CVE-2010-3904\", \"CVE-2011-1598\", \"CVE-2011-1748\", \"CVE-2011-2213\", \"CVE-2011-2484\", \"CVE-2011-2183\");\n script_name(\"Fedora Update for kernel FEDORA-2011-11103\");\n\n script_summary(\"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.35.14~95.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 8.3, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:32", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-08-27T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2011-11103", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-3904", "CVE-2010-4073", "CVE-2010-4668", "CVE-2010-4072", "CVE-2011-1746", "CVE-2011-1494", "CVE-2011-2517", "CVE-2011-1598", "CVE-2010-2963", "CVE-2011-2699", "CVE-2011-2484", "CVE-2010-3698", "CVE-2011-1770", "CVE-2011-1495", "CVE-2010-3880", "CVE-2011-2905", "CVE-2011-1748", "CVE-2011-2213", "CVE-2011-2497", "CVE-2011-2695", "CVE-2010-2962", "CVE-2011-1745", "CVE-2011-2183"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310863447", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863447", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2011-11103\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064393.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863447\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-27 16:37:49 +0200 (Sat, 27 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"8.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"FEDORA\", value:\"2011-11103\");\n script_cve_id(\"CVE-2011-2905\", \"CVE-2011-2695\", \"CVE-2011-2497\", \"CVE-2011-2517\", \"CVE-2011-2699\", \"CVE-2011-1770\", \"CVE-2011-1494\", \"CVE-2011-1495\", \"CVE-2011-1745\", \"CVE-2011-1746\", \"CVE-2010-4668\", \"CVE-2010-4073\", \"CVE-2010-4072\", \"CVE-2010-3880\", \"CVE-2010-2962\", \"CVE-2010-3698\", \"CVE-2010-2963\", \"CVE-2010-3904\", \"CVE-2011-1598\", \"CVE-2011-1748\", \"CVE-2011-2213\", \"CVE-2011-2484\", \"CVE-2011-2183\");\n script_name(\"Fedora Update for kernel FEDORA-2011-11103\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC14\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 14\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.35.14~95.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:37", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-07-08T00:00:00", "type": "openvas", "title": "Fedora Update for xen FEDORA-2011-8403", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1583", "CVE-2011-1898"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310863313", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863313", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for xen FEDORA-2011-8403\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062139.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863313\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-07-08 16:31:28 +0200 (Fri, 08 Jul 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:S/C:C/I:C/A:C\");\n script_xref(name:\"FEDORA\", value:\"2011-8403\");\n script_cve_id(\"CVE-2011-1898\", \"CVE-2011-1583\");\n script_name(\"Fedora Update for xen FEDORA-2011-8403\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC14\");\n script_tag(name:\"affected\", value:\"xen on Fedora 14\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.0.2~1.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-01-11T14:34:52", "description": "Updated kernel packages that fix several security issues, various bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nSecurity issues :\n\n* Using PCI passthrough without interrupt remapping support allowed KVM guests to generate MSI interrupts and thus potentially inject traps. A privileged guest user could use this flaw to crash the host or possibly escalate their privileges on the host. The fix for this issue can prevent PCI passthrough working and guests starting. Refer to Red Hat Bugzilla bug 715555 for details. (CVE-2011-1898, Important)\n\n* Flaw in the client-side NLM implementation could allow a local, unprivileged user to cause a denial of service. (CVE-2011-2491, Important)\n\n* Integer underflow in the Bluetooth implementation could allow a remote attacker to cause a denial of service or escalate their privileges by sending a specially crafted request to a target system via Bluetooth. (CVE-2011-2497, Important)\n\n* Buffer overflows in the netlink-based wireless configuration interface implementation could allow a local user, who has the CAP_NET_ADMIN capability, to cause a denial of service or escalate their privileges on systems that have an active wireless interface.\n(CVE-2011-2517, Important)\n\n* Flaw in the way the maximum file offset was handled for ext4 file systems could allow a local, unprivileged user to cause a denial of service. (CVE-2011-2695, Important)\n\n* Flaw allowed napi_reuse_skb() to be called on VLAN packets. An attacker on the local network could use this flaw to send crafted packets to a target, possibly causing a denial of service.\n(CVE-2011-1576, Moderate)\n\n* Integer signedness error in next_pidmap() could allow a local, unprivileged user to cause a denial of service. (CVE-2011-1593, Moderate)\n\n* Race condition in the memory merging support (KSM) could allow a local, unprivileged user to cause a denial of service. KSM is off by default, but on systems running VDSM, or on KVM hosts, it is likely turned on by the ksm/ksmtuned services. (CVE-2011-2183, Moderate)\n\n* Flaw in inet_diag_bc_audit() could allow a local, unprivileged user to cause a denial of service. (CVE-2011-2213, Moderate)\n\n* Flaw in the way space was allocated in the Global File System 2 (GFS2) implementation. If the file system was almost full, and a local, unprivileged user made an fallocate() request, it could result in a denial of service. Setting quotas to prevent users from using all available disk space would prevent exploitation of this flaw.\n(CVE-2011-2689, Moderate)\n\n* Local, unprivileged users could send signals via the sigqueueinfo system call, with si_code set to SI_TKILL and with spoofed process and user IDs, to other processes. This flaw does not allow existing permission checks to be bypassed; signals can only be sent if your privileges allow you to already do so. (CVE-2011-1182, Low)\n\n* Heap overflow in the EFI GUID Partition Table (GPT) implementation could allow a local attacker to cause a denial of service by mounting a disk containing crafted partition tables. (CVE-2011-1776, Low)\n\n* Structure padding in two structures in the Bluetooth implementation was not initialized properly before being copied to user-space, possibly allowing local, unprivileged users to leak kernel stack memory to user-space. (CVE-2011-2492, Low)\n\n* /proc/[PID]/io is world-readable by default. Previously, these files could be read without any further restrictions. A local, unprivileged user could read these files, belonging to other, possibly privileged processes to gather confidential information, such as the length of a password used in a process. (CVE-2011-2495, Low)\n\nRed Hat would like to thank Vasily Averin for reporting CVE-2011-2491;\nDan Rosenberg for reporting CVE-2011-2497 and CVE-2011-2213; Ryan Sweat for reporting CVE-2011-1576; Robert Swiecki for reporting CVE-2011-1593; Andrea Righi for reporting CVE-2011-2183; Julien Tinnes of the Google Security Team for reporting CVE-2011-1182; Timo Warns for reporting CVE-2011-1776; Marek Kroemeke and Filip Palian for reporting CVE-2011-2492; and Vasiliy Kulikov of Openwall for reporting CVE-2011-2495.", "cvss3": {"exploitabilityScore": 0.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2011-08-24T00:00:00", "type": "nessus", "title": "RHEL 6 : kernel (RHSA-2011:1189)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1182", "CVE-2011-1576", "CVE-2011-1593", "CVE-2011-1776", "CVE-2011-1898", "CVE-2011-2183", "CVE-2011-2213", "CVE-2011-2491", "CVE-2011-2492", "CVE-2011-2495", "CVE-2011-2497", "CVE-2011-2517", "CVE-2011-2689", "CVE-2011-2695"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-i686", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-firmware", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:perf-debuginfo", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.1"], "id": "REDHAT-RHSA-2011-1189.NASL", "href": "https://www.tenable.com/plugins/nessus/55964", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1189. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55964);\n script_version(\"1.26\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-1182\", \"CVE-2011-1576\", \"CVE-2011-1593\", \"CVE-2011-1776\", \"CVE-2011-1898\", \"CVE-2011-2183\", \"CVE-2011-2213\", \"CVE-2011-2491\", \"CVE-2011-2492\", \"CVE-2011-2495\", \"CVE-2011-2497\", \"CVE-2011-2517\", \"CVE-2011-2689\", \"CVE-2011-2695\");\n script_bugtraq_id(47003, 47497, 47796, 48333, 48441, 48472, 48515, 48538, 48677, 48697, 48907, 49141);\n script_xref(name:\"RHSA\", value:\"2011:1189\");\n\n script_name(english:\"RHEL 6 : kernel (RHSA-2011:1189)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix several security issues, various\nbugs, and add two enhancements are now available for Red Hat\nEnterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nSecurity issues :\n\n* Using PCI passthrough without interrupt remapping support allowed\nKVM guests to generate MSI interrupts and thus potentially inject\ntraps. A privileged guest user could use this flaw to crash the host\nor possibly escalate their privileges on the host. The fix for this\nissue can prevent PCI passthrough working and guests starting. Refer\nto Red Hat Bugzilla bug 715555 for details. (CVE-2011-1898, Important)\n\n* Flaw in the client-side NLM implementation could allow a local,\nunprivileged user to cause a denial of service. (CVE-2011-2491,\nImportant)\n\n* Integer underflow in the Bluetooth implementation could allow a\nremote attacker to cause a denial of service or escalate their\nprivileges by sending a specially crafted request to a target system\nvia Bluetooth. (CVE-2011-2497, Important)\n\n* Buffer overflows in the netlink-based wireless configuration\ninterface implementation could allow a local user, who has the\nCAP_NET_ADMIN capability, to cause a denial of service or escalate\ntheir privileges on systems that have an active wireless interface.\n(CVE-2011-2517, Important)\n\n* Flaw in the way the maximum file offset was handled for ext4 file\nsystems could allow a local, unprivileged user to cause a denial of\nservice. (CVE-2011-2695, Important)\n\n* Flaw allowed napi_reuse_skb() to be called on VLAN packets. An\nattacker on the local network could use this flaw to send crafted\npackets to a target, possibly causing a denial of service.\n(CVE-2011-1576, Moderate)\n\n* Integer signedness error in next_pidmap() could allow a local,\nunprivileged user to cause a denial of service. (CVE-2011-1593,\nModerate)\n\n* Race condition in the memory merging support (KSM) could allow a\nlocal, unprivileged user to cause a denial of service. KSM is off by\ndefault, but on systems running VDSM, or on KVM hosts, it is likely\nturned on by the ksm/ksmtuned services. (CVE-2011-2183, Moderate)\n\n* Flaw in inet_diag_bc_audit() could allow a local, unprivileged user\nto cause a denial of service. (CVE-2011-2213, Moderate)\n\n* Flaw in the way space was allocated in the Global File System 2\n(GFS2) implementation. If the file system was almost full, and a\nlocal, unprivileged user made an fallocate() request, it could result\nin a denial of service. Setting quotas to prevent users from using all\navailable disk space would prevent exploitation of this flaw.\n(CVE-2011-2689, Moderate)\n\n* Local, unprivileged users could send signals via the sigqueueinfo\nsystem call, with si_code set to SI_TKILL and with spoofed process and\nuser IDs, to other processes. This flaw does not allow existing\npermission checks to be bypassed; signals can only be sent if your\nprivileges allow you to already do so. (CVE-2011-1182, Low)\n\n* Heap overflow in the EFI GUID Partition Table (GPT) implementation\ncould allow a local attacker to cause a denial of service by mounting\na disk containing crafted partition tables. (CVE-2011-1776, Low)\n\n* Structure padding in two structures in the Bluetooth implementation\nwas not initialized properly before being copied to user-space,\npossibly allowing local, unprivileged users to leak kernel stack\nmemory to user-space. (CVE-2011-2492, Low)\n\n* /proc/[PID]/io is world-readable by default. Previously, these files\ncould be read without any further restrictions. A local, unprivileged\nuser could read these files, belonging to other, possibly privileged\nprocesses to gather confidential information, such as the length of a\npassword used in a process. (CVE-2011-2495, Low)\n\nRed Hat would like to thank Vasily Averin for reporting CVE-2011-2491;\nDan Rosenberg for reporting CVE-2011-2497 and CVE-2011-2213; Ryan\nSweat for reporting CVE-2011-1576; Robert Swiecki for reporting\nCVE-2011-1593; Andrea Righi for reporting CVE-2011-2183; Julien Tinnes\nof the Google Security Team for reporting CVE-2011-1182; Timo Warns\nfor reporting CVE-2011-1776; Marek Kroemeke and Filip Palian for\nreporting CVE-2011-2492; and Vasiliy Kulikov of Openwall for reporting\nCVE-2011-2495.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1182\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1576\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1593\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1776\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1898\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2183\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2213\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2491\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2492\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2495\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2497\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2517\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2689\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2695\"\n );\n # https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?056c0c27\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=715555\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:1189\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/05/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2011-1182\", \"CVE-2011-1576\", \"CVE-2011-1593\", \"CVE-2011-1776\", \"CVE-2011-1898\", \"CVE-2011-2183\", \"CVE-2011-2213\", \"CVE-2011-2491\", \"CVE-2011-2492\", \"CVE-2011-2495\", \"CVE-2011-2497\", \"CVE-2011-2517\", \"CVE-2011-2689\", \"CVE-2011-2695\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2011:1189\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:1189\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-debuginfo-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-debuginfo-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-devel-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-devel-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debuginfo-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debuginfo-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debuginfo-common-i686-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debuginfo-common-s390x-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-devel-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-devel-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-doc-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-firmware-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-headers-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-headers-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-debuginfo-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-devel-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perf-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perf-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perf-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perf-debuginfo-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perf-debuginfo-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perf-debuginfo-2.6.32-131.12.1.el6\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debug / kernel-debug-debuginfo / kernel-debug-devel / etc\");\n }\n}\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:26:51", "description": "Security issues :\n\n - Using PCI passthrough without interrupt remapping support allowed KVM guests to generate MSI interrupts and thus potentially inject traps. A privileged guest user could use this flaw to crash the host or possibly escalate their privileges on the host. The fix for this issue can prevent PCI passthrough working and guests starting. (CVE-2011-1898, Important)\n\n - Flaw in the client-side NLM implementation could allow a local, unprivileged user to cause a denial of service.\n (CVE-2011-2491, Important)\n\n - Integer underflow in the Bluetooth implementation could allow a remote attacker to cause a denial of service or escalate their privileges by sending a specially crafted request to a target system via Bluetooth.\n (CVE-2011-2497, Important)\n\n - Buffer overflows in the netlink-based wireless configuration interface implementation could allow a local user, who has the CAP_NET_ADMIN capability, to cause a denial of service or escalate their privileges on systems that have an active wireless interface.\n (CVE-2011-2517, Important)\n\n - Flaw in the way the maximum file offset was handled for ext4 file systems could allow a local, unprivileged user to cause a denial of service. (CVE-2011-2695, Important)\n\n - Flaw allowed napi_reuse_skb() to be called on VLAN packets. An attacker on the local network could use this flaw to send crafted packets to a target, possibly causing a denial of service. (CVE-2011-1576, Moderate)\n\n - Integer signedness error in next_pidmap() could allow a local, unprivileged user to cause a denial of service.\n (CVE-2011-1593, Moderate)\n\n - Race condition in the memory merging support (KSM) could allow a local, unprivileged user to cause a denial of service. KSM is off by default, but on systems running VDSM, or on KVM hosts, it is likely turned on by the ksm/ksmtuned services. (CVE-2011-2183, Moderate)\n\n - Flaw in inet_diag_bc_audit() could allow a local, unprivileged user to cause a denial of service.\n (CVE-2011-2213, Moderate)\n\n - Flaw in the way space was allocated in the Global File System 2 (GFS2) implementation. If the file system was almost full, and a local, unprivileged user made an fallocate() request, it could result in a denial of service. Setting quotas to prevent users from using all available disk space would prevent exploitation of this flaw. (CVE-2011-2689, Moderate)\n\n - Local, unprivileged users could send signals via the sigqueueinfo system call, with si_code set to SI_TKILL and with spoofed process and user IDs, to other processes. This flaw does not allow existing permission checks to be bypassed; signals can only be sent if your privileges allow you to already do so. (CVE-2011-1182, Low)\n\n - Heap overflow in the EFI GUID Partition Table (GPT) implementation could allow a local attacker to cause a denial of service by mounting a disk containing crafted partition tables. (CVE-2011-1776, Low)\n\n - Structure padding in two structures in the Bluetooth implementation was not initialized properly before being copied to user-space, possibly allowing local, unprivileged users to leak kernel stack memory to user-space. (CVE-2011-2492, Low)\n\n - /proc/[PID]/io is world-readable by default. Previously, these files could be read without any further restrictions. A local, unprivileged user could read these files, belonging to other, possibly privileged processes to gather confidential information, such as the length of a password used in a process.\n (CVE-2011-2495, Low)", "cvss3": {"exploitabilityScore": 0.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : kernel on SL6.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1182", "CVE-2011-1576", "CVE-2011-1593", "CVE-2011-1776", "CVE-2011-1898", "CVE-2011-2183", "CVE-2011-2213", "CVE-2011-2491", "CVE-2011-2492", "CVE-2011-2495", "CVE-2011-2497", "CVE-2011-2517", "CVE-2011-2689", "CVE-2011-2695"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20110823_KERNEL_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61118", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61118);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-1182\", \"CVE-2011-1576\", \"CVE-2011-1593\", \"CVE-2011-1776\", \"CVE-2011-1898\", \"CVE-2011-2183\", \"CVE-2011-2213\", \"CVE-2011-2491\", \"CVE-2011-2492\", \"CVE-2011-2495\", \"CVE-2011-2497\", \"CVE-2011-2517\", \"CVE-2011-2689\", \"CVE-2011-2695\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security issues :\n\n - Using PCI passthrough without interrupt remapping\n support allowed KVM guests to generate MSI interrupts\n and thus potentially inject traps. A privileged guest\n user could use this flaw to crash the host or possibly\n escalate their privileges on the host. The fix for this\n issue can prevent PCI passthrough working and guests\n starting. (CVE-2011-1898, Important)\n\n - Flaw in the client-side NLM implementation could allow a\n local, unprivileged user to cause a denial of service.\n (CVE-2011-2491, Important)\n\n - Integer underflow in the Bluetooth implementation could\n allow a remote attacker to cause a denial of service or\n escalate their privileges by sending a specially crafted\n request to a target system via Bluetooth.\n (CVE-2011-2497, Important)\n\n - Buffer overflows in the netlink-based wireless\n configuration interface implementation could allow a\n local user, who has the CAP_NET_ADMIN capability, to\n cause a denial of service or escalate their privileges\n on systems that have an active wireless interface.\n (CVE-2011-2517, Important)\n\n - Flaw in the way the maximum file offset was handled for\n ext4 file systems could allow a local, unprivileged user\n to cause a denial of service. (CVE-2011-2695, Important)\n\n - Flaw allowed napi_reuse_skb() to be called on VLAN\n packets. An attacker on the local network could use this\n flaw to send crafted packets to a target, possibly\n causing a denial of service. (CVE-2011-1576, Moderate)\n\n - Integer signedness error in next_pidmap() could allow a\n local, unprivileged user to cause a denial of service.\n (CVE-2011-1593, Moderate)\n\n - Race condition in the memory merging support (KSM) could\n allow a local, unprivileged user to cause a denial of\n service. KSM is off by default, but on systems running\n VDSM, or on KVM hosts, it is likely turned on by the\n ksm/ksmtuned services. (CVE-2011-2183, Moderate)\n\n - Flaw in inet_diag_bc_audit() could allow a local,\n unprivileged user to cause a denial of service.\n (CVE-2011-2213, Moderate)\n\n - Flaw in the way space was allocated in the Global File\n System 2 (GFS2) implementation. If the file system was\n almost full, and a local, unprivileged user made an\n fallocate() request, it could result in a denial of\n service. Setting quotas to prevent users from using all\n available disk space would prevent exploitation of this\n flaw. (CVE-2011-2689, Moderate)\n\n - Local, unprivileged users could send signals via the\n sigqueueinfo system call, with si_code set to SI_TKILL\n and with spoofed process and user IDs, to other\n processes. This flaw does not allow existing permission\n checks to be bypassed; signals can only be sent if your\n privileges allow you to already do so. (CVE-2011-1182,\n Low)\n\n - Heap overflow in the EFI GUID Partition Table (GPT)\n implementation could allow a local attacker to cause a\n denial of service by mounting a disk containing crafted\n partition tables. (CVE-2011-1776, Low)\n\n - Structure padding in two structures in the Bluetooth\n implementation was not initialized properly before being\n copied to user-space, possibly allowing local,\n unprivileged users to leak kernel stack memory to\n user-space. (CVE-2011-2492, Low)\n\n - /proc/[PID]/io is world-readable by default. Previously,\n these files could be read without any further\n restrictions. A local, unprivileged user could read\n these files, belonging to other, possibly privileged\n processes to gather confidential information, such as\n the length of a password used in a process.\n (CVE-2011-2495, Low)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1108&L=scientific-linux-errata&T=0&P=3053\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b0e0261b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/05/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"kernel-2.6.32-131.12.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-2.6.32-131.12.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-devel-2.6.32-131.12.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-devel-2.6.32-131.12.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-doc-2.6.32-131.12.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-firmware-2.6.32-131.12.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-headers-2.6.32-131.12.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perf-2.6.32-131.12.1.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:49:55", "description": "The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2011-1189 advisory.\n\n - kernel/signal.c in the Linux kernel before 2.6.39 allows local users to spoof the uid and pid of a signal sender via a sigqueueinfo system call. (CVE-2011-1182)\n\n - The Generic Receive Offload (GRO) implementation in the Linux kernel 2.6.18 on Red Hat Enterprise Linux 5 and 2.6.32 on Red Hat Enterprise Linux 6, as used in Red Hat Enterprise Virtualization (RHEV) Hypervisor and other products, allows remote attackers to cause a denial of service via crafted VLAN packets that are processed by the napi_reuse_skb function, leading to (1) a memory leak or (2) memory corruption, a different vulnerability than CVE-2011-1478. (CVE-2011-1576)\n\n - Multiple integer overflows in the next_pidmap function in kernel/pid.c in the Linux kernel before 2.6.38.4 allow local users to cause a denial of service (system crash) via a crafted (1) getdents or (2) readdir system call. (CVE-2011-1593)\n\n - The is_gpt_valid function in fs/partitions/efi.c in the Linux kernel before 2.6.39 does not check the size of an Extensible Firmware Interface (EFI) GUID Partition Table (GPT) entry, which allows physically proximate attackers to cause a denial of service (heap-based buffer overflow and OOPS) or obtain sensitive information from kernel heap memory by connecting a crafted GPT storage device, a different vulnerability than CVE-2011-1577. (CVE-2011-1776)\n\n - Xen 4.1 before 4.1.1 and 4.0 before 4.0.2, when using PCI passthrough on Intel VT-d chipsets that do not have interrupt remapping, allows guest OS users to gain host OS privileges by using DMA to generate MSI interrupts by writing to the interrupt injection registers. (CVE-2011-1898)\n\n - Race condition in the scan_get_next_rmap_item function in mm/ksm.c in the Linux kernel before 2.6.39.3, when Kernel SamePage Merging (KSM) is enabled, allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted application. (CVE-2011-2183)\n\n - The inet_diag_bc_audit function in net/ipv4/inet_diag.c in the Linux kernel before 2.6.39.3 does not properly audit INET_DIAG bytecode, which allows local users to cause a denial of service (kernel infinite loop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink message, as demonstrated by an INET_DIAG_BC_JMP instruction with a zero yes value, a different vulnerability than CVE-2010-3880.\n (CVE-2011-2213)\n\n - The Network Lock Manager (NLM) protocol implementation in the NFS client functionality in the Linux kernel before 3.0 allows local users to cause a denial of service (system hang) via a LOCK_UN flock system call.\n (CVE-2011-2491)\n\n - The bluetooth subsystem in the Linux kernel before 3.0-rc4 does not properly initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel memory via a crafted getsockopt system call, related to (1) the l2cap_sock_getsockopt_old function in net/bluetooth/l2cap_sock.c and (2) the rfcomm_sock_getsockopt_old function in net/bluetooth/rfcomm/sock.c.\n (CVE-2011-2492)\n\n - fs/proc/base.c in the Linux kernel before 2.6.39.4 does not properly restrict access to /proc/#####/io files, which allows local users to obtain sensitive I/O statistics by polling a file, as demonstrated by discovering the length of another user's password. (CVE-2011-2495)\n\n - Integer underflow in the l2cap_config_req function in net/bluetooth/l2cap_core.c in the Linux kernel before 3.0 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a small command-size value within the command header of a Logical Link Control and Adaptation Protocol (L2CAP) configuration request, leading to a buffer overflow.\n (CVE-2011-2497)\n\n - Multiple buffer overflows in net/wireless/nl80211.c in the Linux kernel before 2.6.39.2 allow local users to gain privileges by leveraging the CAP_NET_ADMIN capability during scan operations with a long SSID value. (CVE-2011-2517)\n\n - The gfs2_fallocate function in fs/gfs2/file.c in the Linux kernel before 3.0-rc1 does not ensure that the size of a chunk allocation is a multiple of the block size, which allows local users to cause a denial of service (BUG and system crash) by arranging for all resource groups to have too little free space.\n (CVE-2011-2689)\n\n - Multiple off-by-one errors in the ext4 subsystem in the Linux kernel before 3.0-rc5 allow local users to cause a denial of service (BUG_ON and system crash) by accessing a sparse file in extent format with a write operation involving a block number corresponding to the largest possible 32-bit unsigned integer.\n (CVE-2011-2695)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 0.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : kernel (ELSA-2011-1189)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-3880", "CVE-2011-1182", "CVE-2011-1478", "CVE-2011-1576", "CVE-2011-1577", "CVE-2011-1593", "CVE-2011-1776", "CVE-2011-1898", "CVE-2011-2183", "CVE-2011-2213", "CVE-2011-2491", "CVE-2011-2492", "CVE-2011-2495", "CVE-2011-2497", "CVE-2011-2517", "CVE-2011-2689", "CVE-2011-2695"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-firmware", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:perf"], "id": "ORACLELINUX_ELSA-2011-1189.NASL", "href": "https://www.tenable.com/plugins/nessus/68331", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2011-1189.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68331);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2011-1182\",\n \"CVE-2011-1576\",\n \"CVE-2011-1593\",\n \"CVE-2011-1776\",\n \"CVE-2011-1898\",\n \"CVE-2011-2183\",\n \"CVE-2011-2213\",\n \"CVE-2011-2491\",\n \"CVE-2011-2492\",\n \"CVE-2011-2495\",\n \"CVE-2011-2497\",\n \"CVE-2011-2517\",\n \"CVE-2011-2689\",\n \"CVE-2011-2695\"\n );\n script_bugtraq_id(\n 47003,\n 47497,\n 47796,\n 48333,\n 48441,\n 48472,\n 48515,\n 48538,\n 48677,\n 48697,\n 48907,\n 49141\n );\n script_xref(name:\"RHSA\", value:\"2011:1189\");\n\n script_name(english:\"Oracle Linux 6 : kernel (ELSA-2011-1189)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2011-1189 advisory.\n\n - kernel/signal.c in the Linux kernel before 2.6.39 allows local users to spoof the uid and pid of a signal\n sender via a sigqueueinfo system call. (CVE-2011-1182)\n\n - The Generic Receive Offload (GRO) implementation in the Linux kernel 2.6.18 on Red Hat Enterprise Linux 5\n and 2.6.32 on Red Hat Enterprise Linux 6, as used in Red Hat Enterprise Virtualization (RHEV) Hypervisor\n and other products, allows remote attackers to cause a denial of service via crafted VLAN packets that are\n processed by the napi_reuse_skb function, leading to (1) a memory leak or (2) memory corruption, a\n different vulnerability than CVE-2011-1478. (CVE-2011-1576)\n\n - Multiple integer overflows in the next_pidmap function in kernel/pid.c in the Linux kernel before 2.6.38.4\n allow local users to cause a denial of service (system crash) via a crafted (1) getdents or (2) readdir\n system call. (CVE-2011-1593)\n\n - The is_gpt_valid function in fs/partitions/efi.c in the Linux kernel before 2.6.39 does not check the size\n of an Extensible Firmware Interface (EFI) GUID Partition Table (GPT) entry, which allows physically\n proximate attackers to cause a denial of service (heap-based buffer overflow and OOPS) or obtain sensitive\n information from kernel heap memory by connecting a crafted GPT storage device, a different vulnerability\n than CVE-2011-1577. (CVE-2011-1776)\n\n - Xen 4.1 before 4.1.1 and 4.0 before 4.0.2, when using PCI passthrough on Intel VT-d chipsets that do not\n have interrupt remapping, allows guest OS users to gain host OS privileges by using DMA to generate MSI\n interrupts by writing to the interrupt injection registers. (CVE-2011-1898)\n\n - Race condition in the scan_get_next_rmap_item function in mm/ksm.c in the Linux kernel before 2.6.39.3,\n when Kernel SamePage Merging (KSM) is enabled, allows local users to cause a denial of service (NULL\n pointer dereference) or possibly have unspecified other impact via a crafted application. (CVE-2011-2183)\n\n - The inet_diag_bc_audit function in net/ipv4/inet_diag.c in the Linux kernel before 2.6.39.3 does not\n properly audit INET_DIAG bytecode, which allows local users to cause a denial of service (kernel infinite\n loop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink message, as demonstrated by an\n INET_DIAG_BC_JMP instruction with a zero yes value, a different vulnerability than CVE-2010-3880.\n (CVE-2011-2213)\n\n - The Network Lock Manager (NLM) protocol implementation in the NFS client functionality in the Linux kernel\n before 3.0 allows local users to cause a denial of service (system hang) via a LOCK_UN flock system call.\n (CVE-2011-2491)\n\n - The bluetooth subsystem in the Linux kernel before 3.0-rc4 does not properly initialize certain data\n structures, which allows local users to obtain potentially sensitive information from kernel memory via a\n crafted getsockopt system call, related to (1) the l2cap_sock_getsockopt_old function in\n net/bluetooth/l2cap_sock.c and (2) the rfcomm_sock_getsockopt_old function in net/bluetooth/rfcomm/sock.c.\n (CVE-2011-2492)\n\n - fs/proc/base.c in the Linux kernel before 2.6.39.4 does not properly restrict access to /proc/#####/io\n files, which allows local users to obtain sensitive I/O statistics by polling a file, as demonstrated by\n discovering the length of another user's password. (CVE-2011-2495)\n\n - Integer underflow in the l2cap_config_req function in net/bluetooth/l2cap_core.c in the Linux kernel\n before 3.0 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have\n unspecified other impact via a small command-size value within the command header of a Logical Link\n Control and Adaptation Protocol (L2CAP) configuration request, leading to a buffer overflow.\n (CVE-2011-2497)\n\n - Multiple buffer overflows in net/wireless/nl80211.c in the Linux kernel before 2.6.39.2 allow local users\n to gain privileges by leveraging the CAP_NET_ADMIN capability during scan operations with a long SSID\n value. (CVE-2011-2517)\n\n - The gfs2_fallocate function in fs/gfs2/file.c in the Linux kernel before 3.0-rc1 does not ensure that the\n size of a chunk allocation is a multiple of the block size, which allows local users to cause a denial of\n service (BUG and system crash) by arranging for all resource groups to have too little free space.\n (CVE-2011-2689)\n\n - Multiple off-by-one errors in the ext4 subsystem in the Linux kernel before 3.0-rc5 allow local users to\n cause a denial of service (BUG_ON and system crash) by accessing a sparse file in extent format with a\n write operation involving a block number corresponding to the largest possible 32-bit unsigned integer.\n (CVE-2011-2695)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2011-1189.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2011-2497\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/03/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['2.6.32-131.12.1.el6'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2011-1189');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '2.6';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-2.6.32-131.12.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-2.6.32'},\n {'reference':'kernel-2.6.32-131.12.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-2.6.32'},\n {'reference':'kernel-debug-2.6.32-131.12.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-2.6.32'},\n {'reference':'kernel-debug-2.6.32-131.12.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-2.6.32'},\n {'reference':'kernel-debug-devel-2.6.32-131.12.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-2.6.32'},\n {'reference':'kernel-debug-devel-2.6.32-131.12.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-2.6.32'},\n {'reference':'kernel-devel-2.6.32-131.12.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-2.6.32'},\n {'reference':'kernel-devel-2.6.32-131.12.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-2.6.32'},\n {'reference':'kernel-firmware-2.6.32-131.12.1.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-firmware-2.6.32'},\n {'reference':'kernel-headers-2.6.32-131.12.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-2.6.32'},\n {'reference':'kernel-headers-2.6.32-131.12.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-2.6.32'},\n {'reference':'perf-2.6.32-131.12.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-2.6.32-131.12.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel / kernel-debug / kernel-debug-devel / etc');\n}\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:49:38", "description": "The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2011-2025 advisory.\n\n - The Generic Receive Offload (GRO) implementation in the Linux kernel 2.6.18 on Red Hat Enterprise Linux 5 and 2.6.32 on Red Hat Enterprise Linux 6, as used in Red Hat Enterprise Virtualization (RHEV) Hypervisor and other products, allows remote attackers to cause a denial of service via crafted VLAN packets that are processed by the napi_reuse_skb function, leading to (1) a memory leak or (2) memory corruption, a different vulnerability than CVE-2011-1478. (CVE-2011-1576)\n\n - Xen 4.1 before 4.1.1 and 4.0 before 4.0.2, when using PCI passthrough on Intel VT-d chipsets that do not have interrupt remapping, allows guest OS users to gain host OS privileges by using DMA to generate MSI interrupts by writing to the interrupt injection registers. (CVE-2011-1898)\n\n - Race condition in the scan_get_next_rmap_item function in mm/ksm.c in the Linux kernel before 2.6.39.3, when Kernel SamePage Merging (KSM) is enabled, allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted application. (CVE-2011-2183)\n\n - The Network Lock Manager (NLM) protocol implementation in the NFS client functionality in the Linux kernel before 3.0 allows local users to cause a denial of service (system hang) via a LOCK_UN flock system call.\n (CVE-2011-2491)\n\n - The bluetooth subsystem in the Linux kernel before 3.0-rc4 does not properly initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel memory via a crafted getsockopt system call, related to (1) the l2cap_sock_getsockopt_old function in net/bluetooth/l2cap_sock.c and (2) the rfcomm_sock_getsockopt_old function in net/bluetooth/rfcomm/sock.c.\n (CVE-2011-2492)\n\n - fs/proc/base.c in the Linux kernel before 2.6.39.4 does not properly restrict access to /proc/#####/io files, which allows local users to obtain sensitive I/O statistics by polling a file, as demonstrated by discovering the length of another user's password. (CVE-2011-2495)\n\n - Integer underflow in the l2cap_config_req function in net/bluetooth/l2cap_core.c in the Linux kernel before 3.0 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a small command-size value within the command header of a Logical Link Control and Adaptation Protocol (L2CAP) configuration request, leading to a buffer overflow.\n (CVE-2011-2497)\n\n - Multiple buffer overflows in net/wireless/nl80211.c in the Linux kernel before 2.6.39.2 allow local users to gain privileges by leveraging the CAP_NET_ADMIN capability during scan operations with a long SSID value. (CVE-2011-2517)\n\n - Multiple off-by-one errors in the ext4 subsystem in the Linux kernel before 3.0-rc5 allow local users to cause a denial of service (BUG_ON and system crash) by accessing a sparse file in extent format with a write operation involving a block number corresponding to the largest possible 32-bit unsigned integer.\n (CVE-2011-2695)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2011-2025)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1478", "CVE-2011-1576", "CVE-2011-1898", "CVE-2011-2183", "CVE-2011-2491", "CVE-2011-2492", "CVE-2011-2495", "CVE-2011-2497", "CVE-2011-2517", "CVE-2011-2695"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware", "p-cpe:/a:oracle:linux:kernel-uek-headers", "p-cpe:/a:oracle:linux:ofa-2.6.32-200.19.1.el5uek", "p-cpe:/a:oracle:linux:ofa-2.6.32-200.19.1.el5uekdebug", "p-cpe:/a:oracle:linux:ofa-2.6.32-200.19.1.el6uek", "p-cpe:/a:oracle:linux:ofa-2.6.32-200.19.1.el6uekdebug"], "id": "ORACLELINUX_ELSA-2011-2025.NASL", "href": "https://www.tenable.com/plugins/nessus/68421", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2011-2025.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68421);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2011-1576\",\n \"CVE-2011-1898\",\n \"CVE-2011-2183\",\n \"CVE-2011-2491\",\n \"CVE-2011-2492\",\n \"CVE-2011-2495\",\n \"CVE-2011-2497\",\n \"CVE-2011-2517\",\n \"CVE-2011-2695\"\n );\n\n script_name(english:\"Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2011-2025)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2011-2025 advisory.\n\n - The Generic Receive Offload (GRO) implementation in the Linux kernel 2.6.18 on Red Hat Enterprise Linux 5\n and 2.6.32 on Red Hat Enterprise Linux 6, as used in Red Hat Enterprise Virtualization (RHEV) Hypervisor\n and other products, allows remote attackers to cause a denial of service via crafted VLAN packets that are\n processed by the napi_reuse_skb function, leading to (1) a memory leak or (2) memory corruption, a\n different vulnerability than CVE-2011-1478. (CVE-2011-1576)\n\n - Xen 4.1 before 4.1.1 and 4.0 before 4.0.2, when using PCI passthrough on Intel VT-d chipsets that do not\n have interrupt remapping, allows guest OS users to gain host OS privileges by using DMA to generate MSI\n interrupts by writing to the interrupt injection registers. (CVE-2011-1898)\n\n - Race condition in the scan_get_next_rmap_item function in mm/ksm.c in the Linux kernel before 2.6.39.3,\n when Kernel SamePage Merging (KSM) is enabled, allows local users to cause a denial of service (NULL\n pointer dereference) or possibly have unspecified other impact via a crafted application. (CVE-2011-2183)\n\n - The Network Lock Manager (NLM) protocol implementation in the NFS client functionality in the Linux kernel\n before 3.0 allows local users to cause a denial of service (system hang) via a LOCK_UN flock system call.\n (CVE-2011-2491)\n\n - The bluetooth subsystem in the Linux kernel before 3.0-rc4 does not properly initialize certain data\n structures, which allows local users to obtain potentially sensitive information from kernel memory via a\n crafted getsockopt system call, related to (1) the l2cap_sock_getsockopt_old function in\n net/bluetooth/l2cap_sock.c and (2) the rfcomm_sock_getsockopt_old function in net/bluetooth/rfcomm/sock.c.\n (CVE-2011-2492)\n\n - fs/proc/base.c in the Linux kernel before 2.6.39.4 does not properly restrict access to /proc/#####/io\n files, which allows local users to obtain sensitive I/O statistics by polling a file, as demonstrated by\n discovering the length of another user's password. (CVE-2011-2495)\n\n - Integer underflow in the l2cap_config_req function in net/bluetooth/l2cap_core.c in the Linux kernel\n before 3.0 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have\n unspecified other impact via a small command-size value within the command header of a Logical Link\n Control and Adaptation Protocol (L2CAP) configuration request, leading to a buffer overflow.\n (CVE-2011-2497)\n\n - Multiple buffer overflows in net/wireless/nl80211.c in the Linux kernel before 2.6.39.2 allow local users\n to gain privileges by leveraging the CAP_NET_ADMIN capability during scan operations with a long SSID\n value. (CVE-2011-2517)\n\n - Multiple off-by-one errors in the ext4 subsystem in the Linux kernel before 3.0-rc5 allow local users to\n cause a denial of service (BUG_ON and system crash) by accessing a sparse file in extent format with a\n write operation involving a block number corresponding to the largest possible 32-bit unsigned integer.\n (CVE-2011-2695)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2011-2025.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2011-2497\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/06/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ofa-2.6.32-200.19.1.el5uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ofa-2.6.32-200.19.1.el5uekdebug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ofa-2.6.32-200.19.1.el6uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ofa-2.6.32-200.19.1.el6uekdebug\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 5 / 6', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['2.6.32-200.19.1.el5uek', '2.6.32-200.19.1.el6uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2011-2025');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '2.6';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-2.6.32-200.19.1.el5uek', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.32'},\n {'reference':'kernel-uek-2.6.32-200.19.1.el5uek', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.32'},\n {'reference':'kernel-uek-debug-2.6.32-200.19.1.el5uek', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.32'},\n {'reference':'kernel-uek-debug-2.6.32-200.19.1.el5uek', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.32'},\n {'reference':'kernel-uek-debug-devel-2.6.32-200.19.1.el5uek', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.32'},\n {'reference':'kernel-uek-debug-devel-2.6.32-200.19.1.el5uek', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.32'},\n {'reference':'kernel-uek-devel-2.6.32-200.19.1.el5uek', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.32'},\n {'reference':'kernel-uek-devel-2.6.32-200.19.1.el5uek', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.32'},\n {'reference':'kernel-uek-doc-2.6.32-200.19.1.el5uek', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-2.6.32'},\n {'reference':'kernel-uek-firmware-2.6.32-200.19.1.el5uek', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-2.6.32'},\n {'reference':'kernel-uek-headers-2.6.32-200.19.1.el5uek', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-headers-2.6.32'},\n {'reference':'kernel-uek-headers-2.6.32-200.19.1.el5uek', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-headers-2.6.32'},\n {'reference':'ofa-2.6.32-200.19.1.el5uek-1.5.1-4.0.28', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ofa-2.6.32-200.19.1.el5uek-1.5.1-4.0.28', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ofa-2.6.32-200.19.1.el5uekdebug-1.5.1-4.0.28', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ofa-2.6.32-200.19.1.el5uekdebug-1.5.1-4.0.28', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-2.6.32-200.19.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.32'},\n {'reference':'kernel-uek-2.6.32-200.19.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.32'},\n {'reference':'kernel-uek-debug-2.6.32-200.19.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.32'},\n {'reference':'kernel-uek-debug-2.6.32-200.19.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.32'},\n {'reference':'kernel-uek-debug-devel-2.6.32-200.19.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.32'},\n {'reference':'kernel-uek-debug-devel-2.6.32-200.19.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.32'},\n {'reference':'kernel-uek-devel-2.6.32-200.19.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.32'},\n {'reference':'kernel-uek-devel-2.6.32-200.19.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.32'},\n {'reference':'kernel-uek-doc-2.6.32-200.19.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-2.6.32'},\n {'reference':'kernel-uek-firmware-2.6.32-200.19.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-2.6.32'},\n {'reference':'kernel-uek-headers-2.6.32-200.19.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-headers-2.6.32'},\n {'reference':'kernel-uek-headers-2.6.32-200.19.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-headers-2.6.32'},\n {'reference':'ofa-2.6.32-200.19.1.el6uek-1.5.1-4.0.47', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ofa-2.6.32-200.19.1.el6uek-1.5.1-4.0.47', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ofa-2.6.32-200.19.1.el6uekdebug-1.5.1-4.0.47', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ofa-2.6.32-200.19.1.el6uekdebug-1.5.1-4.0.47', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:38:10", "description": "Andrea Righi discovered a race condition in the KSM memory merging support. If KSM was being used, a local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2183)\n\nVasily Averin discovered that the NFS Lock Manager (NLM) incorrectly handled unlock requests. A local attacker could exploit this to cause a denial of service. (CVE-2011-2491)\n\nVasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. (CVE-2011-2494)\n\nVasiliy Kulikov discovered that /proc/PID/io did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. (CVE-2011-2495)\n\nIt was discovered that the wireless stack incorrectly verified SSID lengths. A local attacker could exploit this to cause a denial of service or gain root privileges. (CVE-2011-2517)\n\nChristian Ohm discovered that the perf command looks for configuration files in the current directory. If a privileged user were tricked into running perf in a directory containing a malicious configuration file, an attacker could run arbitrary commands and possibly gain privileges.\n(CVE-2011-2905)\n\nVasiliy Kulikov discovered that the Comedi driver did not correctly clear memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2011-2909).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2011-11-26T00:00:00", "type": "nessus", "title": "Ubuntu 10.04 LTS : linux-lts-backport-natty vulnerabilities (USN-1279-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2183", "CVE-2011-2491", "CVE-2011-2494", "CVE-2011-2495", "CVE-2011-2517", "CVE-2011-2905", "CVE-2011-2909"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts"], "id": "UBUNTU_USN-1279-1.NASL", "href": "https://www.tenable.com/plugins/nessus/56947", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1279-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56947);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2011-2183\", \"CVE-2011-2491\", \"CVE-2011-2494\", \"CVE-2011-2495\", \"CVE-2011-2517\", \"CVE-2011-2905\", \"CVE-2011-2909\");\n script_bugtraq_id(49140, 49408, 49411, 50314);\n script_xref(name:\"USN\", value:\"1279-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS : linux-lts-backport-natty vulnerabilities (USN-1279-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Andrea Righi discovered a race condition in the KSM memory merging\nsupport. If KSM was being used, a local attacker could exploit this to\ncrash the system, leading to a denial of service. (CVE-2011-2183)\n\nVasily Averin discovered that the NFS Lock Manager (NLM) incorrectly\nhandled unlock requests. A local attacker could exploit this to cause\na denial of service. (CVE-2011-2491)\n\nVasiliy Kulikov discovered that taskstats did not enforce access\nrestrictions. A local attacker could exploit this to read certain\ninformation, leading to a loss of privacy. (CVE-2011-2494)\n\nVasiliy Kulikov discovered that /proc/PID/io did not enforce access\nrestrictions. A local attacker could exploit this to read certain\ninformation, leading to a loss of privacy. (CVE-2011-2495)\n\nIt was discovered that the wireless stack incorrectly verified SSID\nlengths. A local attacker could exploit this to cause a denial of\nservice or gain root privileges. (CVE-2011-2517)\n\nChristian Ohm discovered that the perf command looks for configuration\nfiles in the current directory. If a privileged user were tricked into\nrunning perf in a directory containing a malicious configuration file,\nan attacker could run arbitrary commands and possibly gain privileges.\n(CVE-2011-2905)\n\nVasiliy Kulikov discovered that the Comedi driver did not correctly\nclear memory. A local attacker could exploit this to read kernel stack\nmemory, leading to a loss of privacy. (CVE-2011-2909).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1279-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/05/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2011-2183\", \"CVE-2011-2491\", \"CVE-2011-2494\", \"CVE-2011-2495\", \"CVE-2011-2517\", \"CVE-2011-2905\", \"CVE-2011-2909\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-1279-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.38-13-generic\", pkgver:\"2.6.38-13.52~lucid1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.38-13-generic-pae\", pkgver:\"2.6.38-13.52~lucid1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.38-13-server\", pkgver:\"2.6.38-13.52~lucid1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.38-13-virtual\", pkgver:\"2.6.38-13.52~lucid1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-2.6-generic / linux-image-2.6-generic-pae / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:38:25", "description": "Andrea Righi discovered a race condition in the KSM memory merging support. If KSM was being used, a local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2183)\n\nVasily Averin discovered that the NFS Lock Manager (NLM) incorrectly handled unlock requests. A local attacker could exploit this to cause a denial of service. (CVE-2011-2491)\n\nVasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. (CVE-2011-2494)\n\nVasiliy Kulikov discovered that /proc/PID/io did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. (CVE-2011-2495)\n\nIt was discovered that the wireless stack incorrectly verified SSID lengths. A local attacker could exploit this to cause a denial of service or gain root privileges. (CVE-2011-2517)\n\nChristian Ohm discovered that the perf command looks for configuration files in the current directory. If a privileged user were tricked into running perf in a directory containing a malicious configuration file, an attacker could run arbitrary commands and possibly gain privileges.\n(CVE-2011-2905)\n\nVasiliy Kulikov discovered that the Comedi driver did not correctly clear memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2011-2909).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2011-11-30T00:00:00", "type": "nessus", "title": "Ubuntu 11.04 : linux vulnerabilities (USN-1285-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2183", "CVE-2011-2491", "CVE-2011-2494", "CVE-2011-2495", "CVE-2011-2517", "CVE-2011-2905", "CVE-2011-2909"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-versatile", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual", "cpe:/o:canonical:ubuntu_linux:11.04"], "id": "UBUNTU_USN-1285-1.NASL", "href": "https://www.tenable.com/plugins/nessus/56978", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1285-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56978);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2011-2183\", \"CVE-2011-2491\", \"CVE-2011-2494\", \"CVE-2011-2495\", \"CVE-2011-2517\", \"CVE-2011-2905\", \"CVE-2011-2909\");\n script_bugtraq_id(48101, 48538, 49140, 49141, 49408, 49411, 50314);\n script_xref(name:\"USN\", value:\"1285-1\");\n\n script_name(english:\"Ubuntu 11.04 : linux vulnerabilities (USN-1285-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Andrea Righi discovered a race condition in the KSM memory merging\nsupport. If KSM was being used, a local attacker could exploit this to\ncrash the system, leading to a denial of service. (CVE-2011-2183)\n\nVasily Averin discovered that the NFS Lock Manager (NLM) incorrectly\nhandled unlock requests. A local attacker could exploit this to cause\na denial of service. (CVE-2011-2491)\n\nVasiliy Kulikov discovered that taskstats did not enforce access\nrestrictions. A local attacker could exploit this to read certain\ninformation, leading to a loss of privacy. (CVE-2011-2494)\n\nVasiliy Kulikov discovered that /proc/PID/io did not enforce access\nrestrictions. A local attacker could exploit this to read certain\ninformation, leading to a loss of privacy. (CVE-2011-2495)\n\nIt was discovered that the wireless stack incorrectly verified SSID\nlengths. A local attacker could exploit this to cause a denial of\nservice or gain root privileges. (CVE-2011-2517)\n\nChristian Ohm discovered that the perf command looks for configuration\nfiles in the current directory. If a privileged user were tricked into\nrunning perf in a directory containing a malicious configuration file,\nan attacker could run arbitrary commands and possibly gain privileges.\n(CVE-2011-2905)\n\nVasiliy Kulikov discovered that the Comedi driver did not correctly\nclear memory. A local attacker could exploit this to read kernel stack\nmemory, leading to a loss of privacy. (CVE-2011-2909).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1285-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-versatile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/05/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(11\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 11.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2011-2183\", \"CVE-2011-2491\", \"CVE-2011-2494\", \"CVE-2011-2495\", \"CVE-2011-2517\", \"CVE-2011-2905\", \"CVE-2011-2909\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-1285-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"11.04\", pkgname:\"linux-image-2.6.38-13-generic\", pkgver:\"2.6.38-13.52\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"linux-image-2.6.38-13-generic-pae\", pkgver:\"2.6.38-13.52\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"linux-image-2.6.38-13-server\", pkgver:\"2.6.38-13.52\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"linux-image-2.6.38-13-versatile\", pkgver:\"2.6.38-13.52\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"linux-image-2.6.38-13-virtual\", pkgver:\"2.6.38-13.52\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-2.6-generic / linux-image-2.6-generic-pae / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:35:24", "description": "Update to kernel 2.6.35.14 :\n\nhttp://ftp.kernel.org/pub/linux/kernel/v2.6/longterm/v2.6.35/ChangeLog\n-2.6.35.14\n\nNOTE: These upstream commits from 2.6.35.14 were already in the previous Fedora 14 kernel 2.6.35.13-92 :\n\nb934c20de1398d4a82d2ecfeb588a214a910f13f 3cd01976e702ccaffb907727caff4f8789353599 9c047157a20521cd525527947b13b950d168d2e6 6b4e81db2552bad04100e7d5ddeed7e848f53b48 3e9d08ec0a68f6faf718d5a7e050fe5ca0ba004f b522f02184b413955f3bc952e3776ce41edc6355 194b3da873fd334ef183806db751473512af29ce a1f74ae82d133ebb2aabb19d181944b4e83e9960 e9cdd343a5e42c43bcda01e609fa23089e026470 14fb57dccb6e1defe9f89a66f548fcb24c374c1d 221d1d797202984cb874e3ed9f1388593d34ee22 a294865978b701e4d0d90135672749531b9a900d\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2011-08-23T00:00:00", "type": "nessus", "title": "Fedora 14 : kernel-2.6.35.14-95.fc14 (2011-11103)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1598", "CVE-2011-1748", "CVE-2011-2183", "CVE-2011-2213", "CVE-2011-2484", "CVE-2011-2497", "CVE-2011-2517", "CVE-2011-2695", "CVE-2011-2699", "CVE-2011-2905"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:14"], "id": "FEDORA_2011-11103.NASL", "href": "https://www.tenable.com/plugins/nessus/55955", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-11103.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55955);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-1598\", \"CVE-2011-1748\", \"CVE-2011-2183\", \"CVE-2011-2213\", \"CVE-2011-2484\", \"CVE-2011-2497\", \"CVE-2011-2517\", \"CVE-2011-2695\", \"CVE-2011-2699\", \"CVE-2011-2905\");\n script_bugtraq_id(47503, 47835, 48333, 48383, 48472, 48538, 48697, 48802, 49140);\n script_xref(name:\"FEDORA\", value:\"2011-11103\");\n\n script_name(english:\"Fedora 14 : kernel-2.6.35.14-95.fc14 (2011-11103)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to kernel 2.6.35.14 :\n\nhttp://ftp.kernel.org/pub/linux/kernel/v2.6/longterm/v2.6.35/ChangeLog\n-2.6.35.14\n\nNOTE: These upstream commits from 2.6.35.14 were already in the\nprevious Fedora 14 kernel 2.6.35.13-92 :\n\nb934c20de1398d4a82d2ecfeb588a214a910f13f\n3cd01976e702ccaffb907727caff4f8789353599\n9c047157a20521cd525527947b13b950d168d2e6\n6b4e81db2552bad04100e7d5ddeed7e848f53b48\n3e9d08ec0a68f6faf718d5a7e050fe5ca0ba004f\nb522f02184b413955f3bc952e3776ce41edc6355\n194b3da873fd334ef183806db751473512af29ce\na1f74ae82d133ebb2aabb19d181944b4e83e9960\ne9cdd343a5e42c43bcda01e609fa23089e026470\n14fb57dccb6e1defe9f89a66f548fcb24c374c1d\n221d1d797202984cb874e3ed9f1388593d34ee22\na294865978b701e4d0d90135672749531b9a900d\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://ftp.kernel.org/pub/linux/kernel/v2.6/longterm/v2.6.35/ChangeLog-2.6.35.14\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?13012155\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=698057\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=710338\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=714536\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=715436\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=716805\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=718152\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=722557\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=723429\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=729808\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-August/064393.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?38ec6e06\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:14\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^14([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 14.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC14\", reference:\"kernel-2.6.35.14-95.fc14\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:37:32", "description": "Dan Rosenberg discovered that the Linux kernel X.25 implementation incorrectly parsed facilities. A remote attacker could exploit this to crash the kernel, leading to a denial of service. (CVE-2010-3873)\n\nAndrea Righi discovered a race condition in the KSM memory merging support. If KSM was being used, a local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2183)\n\nVasily Averin discovered that the NFS Lock Manager (NLM) incorrectly handled unlock requests. A local attacker could exploit this to cause a denial of service. (CVE-2011-2491)\n\nVasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. (CVE-2011-2494)\n\nVasiliy Kulikov discovered that /proc/PID/io did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. (CVE-2011-2495)\n\nIt was discovered that the wireless stack incorrectly verified SSID lengths. A local attacker could exploit this to cause a denial of service or gain root privileges. (CVE-2011-2517)\n\nIt was discovered that the EXT4 filesystem contained multiple off-by-one flaws. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2695)\n\nChristian Ohm discovered that the perf command looks for configuration files in the current directory. If a privileged user were tricked into running perf in a directory containing a malicious configuration file, an attacker could run arbitrary commands and possibly gain privileges. (CVE-2011-2905)\n\nVasiliy Kulikov discovered that the Comedi driver did not correctly clear memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2011-2909)\n\nYogesh Sharma discovered that CIFS did not correctly handle UNCs that had no prefixpaths. A local attacker with access to a CIFS partition could exploit this to crash the system, leading to a denial of service. (CVE-2011-3363)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2011-10-26T00:00:00", "type": "nessus", "title": "USN-1244-1 : linux-ti-omap4 vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-3873", "CVE-2011-2183", "CVE-2011-2491", "CVE-2011-2494", "CVE-2011-2495", "CVE-2011-2517", "CVE-2011-2695", "CVE-2011-2905", "CVE-2011-2909", "CVE-2011-3363"], "modified": "2016-12-01T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux"], "id": "UBUNTU_USN-1244-1.NASL", "href": "https://www.tenable.com/plugins/nessus/56643", "sourceData": "# This script was automatically generated from Ubuntu Security\n# Notice USN-1244-1. It is released under the Nessus Script \n# Licence.\n#\n# Ubuntu Security Notices are (C) Canonical, Inc.\n# See http://www.ubuntu.com/usn/\n# Ubuntu(R) is a registered trademark of Canonical, Inc.\n\nif (!defined_func(\"bn_random\")) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56643);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2016/12/01 20:56:51 $\");\n\n script_cve_id(\"CVE-2010-3873\", \"CVE-2011-2183\", \"CVE-2011-2491\", \"CVE-2011-2494\", \"CVE-2011-2495\", \"CVE-2011-2517\", \"CVE-2011-2695\", \"CVE-2011-2905\", \"CVE-2011-2909\", \"CVE-2011-3363\");\n script_xref(name:\"USN\", value:\"1244-1\");\n\n script_name(english:\"USN-1244-1 : linux-ti-omap4 vulnerabilities\");\n script_summary(english:\"Checks dpkg output for updated package(s)\");\n\n script_set_attribute(attribute:\"synopsis\", value: \n\"The remote Ubuntu host is missing one or more security-related\npatches.\");\n script_set_attribute(attribute:\"description\", value:\n\"Dan Rosenberg discovered that the Linux kernel X.25 implementation\nincorrectly parsed facilities. A remote attacker could exploit this\nto crash the kernel, leading to a denial of service. (CVE-2010-3873)\n\nAndrea Righi discovered a race condition in the KSM memory merging\nsupport. If KSM was being used, a local attacker could exploit this\nto crash the system, leading to a denial of service. (CVE-2011-2183)\n\nVasily Averin discovered that the NFS Lock Manager (NLM) incorrectly\nhandled unlock requests. A local attacker could exploit this to cause\na denial of service. (CVE-2011-2491)\n\nVasiliy Kulikov discovered that taskstats did not enforce access\nrestrictions. A local attacker could exploit this to read certain\ninformation, leading to a loss of privacy. (CVE-2011-2494)\n\nVasiliy Kulikov discovered that /proc/PID/io did not enforce access\nrestrictions. A local attacker could exploit this to read certain\ninformation, leading to a loss of privacy. (CVE-2011-2495)\n\nIt was discovered that the wireless stack incorrectly verified SSID\nlengths. A local attacker could exploit this to cause a denial of\nservice or gain root privileges. (CVE-2011-2517)\n\nIt was discovered that the EXT4 filesystem contained multiple\noff-by-one flaws. A local attacker could exploit this to crash the\nsystem, leading to a denial of service. (CVE-2011-2695)\n\nChristian Ohm discovered that the perf command looks for\nconfiguration files in the current directory. If a privileged user\nwere tricked into running perf in a directory containing a malicious\nconfiguration file, an attacker could run arbitrary commands and\npossibly gain privileges. (CVE-2011-2905)\n\nVasiliy Kulikov discovered that the Comedi driver did not correctly\nclear memory. A local attacker could exploit this to read kernel\nstack memory, leading to a loss of privacy. (CVE-2011-2909)\n\nYogesh Sharma discovered that CIFS did not correctly handle UNCs that\nhad no prefixpaths. A local attacker with access to a CIFS partition\ncould exploit this to crash the system, leading to a denial of\nservice. (CVE-2011-3363)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.ubuntu.com/usn/usn-1244-1/\");\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package(s).\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/25\");\n\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/26\");\n script_end_attributes();\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(\"Ubuntu Security Notice (C) 2011 Canonical, Inc. / NASL script (C) 2011-2016 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude(\"ubuntu.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/Ubuntu/release\")) exit(0, \"The host is not running Ubuntu.\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) exit(1, \"Could not obtain the list of installed packages.\");\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.10\", pkgname:\"linux-image-2.6.35-903-omap4\", pkgver:\"2.6.35-903.26\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:ubuntu_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:34:08", "description": "Fixes some bugs that were caused by upstream stable kernel updates, including a longstanding bug causing oopses when removing USB storage devices and optical media.\n\nFixes stalls on machines with the latest Intel graphics hardware (Sandybridge.)\n\nAlso fixes some important security issues.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2011-07-13T00:00:00", "type": "nessus", "title": "Fedora 15 : kernel-2.6.38.8-35.fc15 (2011-9130)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2497", "CVE-2011-2517"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:15"], "id": "FEDORA_2011-9130.NASL", "href": "https://www.tenable.com/plugins/nessus/55583", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-9130.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55583);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-2497\", \"CVE-2011-2517\");\n script_bugtraq_id(48472, 48538);\n script_xref(name:\"FEDORA\", value:\"2011-9130\");\n\n script_name(english:\"Fedora 15 : kernel-2.6.38.8-35.fc15 (2011-9130)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fixes some bugs that were caused by upstream stable kernel updates,\nincluding a longstanding bug causing oopses when removing USB storage\ndevices and optical media.\n\nFixes stalls on machines with the latest Intel graphics hardware\n(Sandybridge.)\n\nAlso fixes some important security issues.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=710338\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=716805\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=718152\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-July/062611.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3d0387cf\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/07/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"kernel-2.6.38.8-35.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:37:49", "description": "It was discovered that CIFS incorrectly handled authentication. When a user had a CIFS share mounted that required authentication, a local user could mount the same share without knowing the correct password.\n(CVE-2011-1585)\n\nAndrea Righi discovered a race condition in the KSM memory merging support. If KSM was being used, a local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2183)\n\nVasily Averin discovered that the NFS Lock Manager (NLM) incorrectly handled unlock requests. A local attacker could exploit this to cause a denial of service. (CVE-2011-2491)\n\nRobert Swiecki discovered that mapping extensions were incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2496)\n\nIt was discovered that the wireless stack incorrectly verified SSID lengths. A local attacker could exploit this to cause a denial of service or gain root privileges. (CVE-2011-2517).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2011-11-22T00:00:00", "type": "nessus", "title": "Ubuntu 10.10 : linux vulnerabilities (USN-1272-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1585", "CVE-2011-2183", "CVE-2011-2491", "CVE-2011-2496", "CVE-2011-2517"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-versatile", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual", "cpe:/o:canonical:ubuntu_linux:10.10"], "id": "UBUNTU_USN-1272-1.NASL", "href": "https://www.tenable.com/plugins/nessus/56914", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1272-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56914);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2011-1585\", \"CVE-2011-2183\", \"CVE-2011-2491\", \"CVE-2011-2496\", \"CVE-2011-2517\");\n script_bugtraq_id(48101, 48538);\n script_xref(name:\"USN\", value:\"1272-1\");\n\n script_name(english:\"Ubuntu 10.10 : linux vulnerabilities (USN-1272-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that CIFS incorrectly handled authentication. When a\nuser had a CIFS share mounted that required authentication, a local\nuser could mount the same share without knowing the correct password.\n(CVE-2011-1585)\n\nAndrea Righi discovered a race condition in the KSM memory merging\nsupport. If KSM was being used, a local attacker could exploit this to\ncrash the system, leading to a denial of service. (CVE-2011-2183)\n\nVasily Averin discovered that the NFS Lock Manager (NLM) incorrectly\nhandled unlock requests. A local attacker could exploit this to cause\na denial of service. (CVE-2011-2491)\n\nRobert Swiecki discovered that mapping extensions were incorrectly\nhandled. A local attacker could exploit this to crash the system,\nleading to a denial of service. (CVE-2011-2496)\n\nIt was discovered that the wireless stack incorrectly verified SSID\nlengths. A local attacker could exploit this to cause a denial of\nservice or gain root privileges. (CVE-2011-2517).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1272-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-versatile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/05/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2011-1585\", \"CVE-2011-2183\", \"CVE-2011-2491\", \"CVE-2011-2496\", \"CVE-2011-2517\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-1272-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.10\", pkgname:\"linux-image-2.6.35-31-generic\", pkgver:\"2.6.35-31.62\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"linux-image-2.6.35-31-generic-pae\", pkgver:\"2.6.35-31.62\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"linux-image-2.6.35-31-server\", pkgver:\"2.6.35-31.62\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"linux-image-2.6.35-31-versatile\", pkgver:\"2.6.35-31.62\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"linux-image-2.6.35-31-virtual\", pkgver:\"2.6.35-31.62\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-2.6-generic / linux-image-2.6-generic-pae / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:38:12", "description": "It was discovered that CIFS incorrectly handled authentication. When a user had a CIFS share mounted that required authentication, a local user could mount the same share without knowing the correct password.\n(CVE-2011-1585)\n\nAndrea Righi discovered a race condition in the KSM memory merging support. If KSM was being used, a local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2183)\n\nVasily Averin discovered that the NFS Lock Manager (NLM) incorrectly handled unlock requests. A local attacker could exploit this to cause a denial of service. (CVE-2011-2491)\n\nRobert Swiecki discovered that mapping extensions were incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2496)\n\nIt was discovered that the wireless stack incorrectly verified SSID lengths. A local attacker could exploit this to cause a denial of service or gain root privileges. (CVE-2011-2517).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2011-11-26T00:00:00", "type": "nessus", "title": "Ubuntu 10.04 LTS : linux-lts-backport-maverick vulnerabilities (USN-1278-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1585", "CVE-2011-2183", "CVE-2011-2491", "CVE-2011-2496", "CVE-2011-2517"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts"], "id": "UBUNTU_USN-1278-1.NASL", "href": "https://www.tenable.com/plugins/nessus/56946", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1278-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56946);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2011-1585\", \"CVE-2011-2183\", \"CVE-2011-2491\", \"CVE-2011-2496\", \"CVE-2011-2517\");\n script_bugtraq_id(47381);\n script_xref(name:\"USN\", value:\"1278-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS : linux-lts-backport-maverick vulnerabilities (USN-1278-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that CIFS incorrectly handled authentication. When a\nuser had a CIFS share mounted that required authentication, a local\nuser could mount the same share without knowing the correct password.\n(CVE-2011-1585)\n\nAndrea Righi discovered a race condition in the KSM memory merging\nsupport. If KSM was being used, a local attacker could exploit this to\ncrash the system, leading to a denial of service. (CVE-2011-2183)\n\nVasily Averin discovered that the NFS Lock Manager (NLM) incorrectly\nhandled unlock requests. A local attacker could exploit this to cause\na denial of service. (CVE-2011-2491)\n\nRobert Swiecki discovered that mapping extensions were incorrectly\nhandled. A local attacker could exploit this to crash the system,\nleading to a denial of service. (CVE-2011-2496)\n\nIt was discovered that the wireless stack incorrectly verified SSID\nlengths. A local attacker could exploit this to cause a denial of\nservice or gain root privileges. (CVE-2011-2517).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1278-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/05/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2011-1585\", \"CVE-2011-2183\", \"CVE-2011-2491\", \"CVE-2011-2496\", \"CVE-2011-2517\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-1278-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.35-31-generic\", pkgver:\"2.6.35-31.62~lucid1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.35-31-generic-pae\", pkgver:\"2.6.35-31.62~lucid1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.35-31-server\", pkgver:\"2.6.35-31.62~lucid1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.35-31-virtual\", pkgver:\"2.6.35-31.62~lucid1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-2.6-generic / linux-image-2.6-generic-pae / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-18T14:27:41", "description": "It was discovered that the Stream Control Transmission Protocol (SCTP) implementation incorrectly calculated lengths. If the net.sctp.addip_enable variable was turned on, a remote attacker could send specially crafted traffic to crash the system. (CVE-2011-1573)\n\nRyan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service.\n(CVE-2011-1576)\n\nTimo Warns discovered that the EFI GUID partition table was not correctly parsed. A physically local attacker that could insert mountable devices could exploit this to crash the system or possibly gain root privileges. (CVE-2011-1776)\n\nDan Rosenberg discovered that the IPv4 diagnostic routines did not correctly validate certain requests. A local attacker could exploit this to consume CPU resources, leading to a denial of service.\n(CVE-2011-2213)\n\nVasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. (CVE-2011-2494)\n\nVasiliy Kulikov discovered that /proc/PID/io did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. (CVE-2011-2495)\n\nRobert Swiecki discovered that mapping extensions were incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2496)\n\nDan Rosenberg discovered that the Bluetooth stack incorrectly handled certain L2CAP requests. If a system was using Bluetooth, a remote attacker could send specially crafted traffic to crash the system or gain root privileges. (CVE-2011-2497)\n\nIt was discovered that the wireless stack incorrectly verified SSID lengths. A local attacker could exploit this to cause a denial of service or gain root privileges. (CVE-2011-2517)\n\nBen Pfaff discovered that Classless Queuing Disciplines (qdiscs) were being incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2525)\n\nIt was discovered that the EXT4 filesystem contained multiple off-by-one flaws. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2695)\n\nHerbert Xu discovered that certain fields were incorrectly handled when Generic Receive Offload (CVE-2011-2723)\n\nChristian Ohm discovered that the perf command looks for configuration files in the current directory. If a privileged user were tricked into running perf in a directory containing a malicious configuration file, an attacker could run arbitrary commands and possibly gain privileges. (CVE-2011-2905)\n\nVasiliy Kulikov discovered that the Comedi driver did not correctly clear memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2011-2909)\n\nTime Warns discovered that long symlinks were incorrectly handled on Be filesystems. A local attacker could exploit this with a malformed Be filesystem and crash the system, leading to a denial of service.\n(CVE-2011-2928)\n\nDan Kaminsky discovered that the kernel incorrectly handled random sequence number generation. An attacker could use this flaw to possibly predict sequence numbers and inject packets. (CVE-2011-3188)\n\nDarren Lavender discovered that the CIFS client incorrectly handled certain large values. A remote attacker with a malicious server could exploit this to crash the system or possibly execute arbitrary code as the root user. (CVE-2011-3191)\n\nYogesh Sharma discovered that CIFS did not correctly handle UNCs that had no prefixpaths. A local attacker with access to a CIFS partition could exploit this to crash the system, leading to a denial of service. (CVE-2011-3363)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2011-10-26T00:00:00", "type": "nessus", "title": "USN-1241-1 : linux-fsl-imx51 vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1573", "CVE-2011-1576", "CVE-2011-1776", "CVE-2011-2213", "CVE-2011-2494", "CVE-2011-2495", "CVE-2011-2496", "CVE-2011-2497", "CVE-2011-2517", "CVE-2011-2525", "CVE-2011-2695", "CVE-2011-2723", "CVE-2011-2905", "CVE-2011-2909", "CVE-2011-2928", "CVE-2011-3188", "CVE-2011-3191", "CVE-2011-3363"], "modified": "2016-12-01T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux"], "id": "UBUNTU_USN-1241-1.NASL", "href": "https://www.tenable.com/plugins/nessus/56640", "sourceData": "# This script was automatically generated from Ubuntu Security\n# Notice USN-1241-1. It is released under the Nessus Script \n# Licence.\n#\n# Ubuntu Security Notices are (C) Canonical, Inc.\n# See http://www.ubuntu.com/usn/\n# Ubuntu(R) is a registered trademark of Canonical, Inc.\n\nif (!defined_func(\"bn_random\")) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56640);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2016/12/01 20:56:51 $\");\n\n script_cve_id(\"CVE-2011-1573\", \"CVE-2011-1576\", \"CVE-2011-1776\", \"CVE-2011-2213\", \"CVE-2011-2494\", \"CVE-2011-2495\", \"CVE-2011-2496\", \"CVE-2011-2497\", \"CVE-2011-2517\", \"CVE-2011-2525\", \"CVE-2011-2695\", \"CVE-2011-2723\", \"CVE-2011-2905\", \"CVE-2011-2909\", \"CVE-2011-2928\", \"CVE-2011-3188\", \"CVE-2011-3191\", \"CVE-2011-3363\");\n script_xref(name:\"USN\", value:\"1241-1\");\n\n script_name(english:\"USN-1241-1 : linux-fsl-imx51 vulnerabilities\");\n script_summary(english:\"Checks dpkg output for updated package(s)\");\n\n script_set_attribute(attribute:\"synopsis\", value: \n\"The remote Ubuntu host is missing one or more security-related\npatches.\");\n script_set_attribute(attribute:\"description\", value:\n\"It was discovered that the Stream Control Transmission Protocol\n(SCTP) implementation incorrectly calculated lengths. If the\nnet.sctp.addip_enable variable was turned on, a remote attacker could\nsend specially crafted traffic to crash the system. (CVE-2011-1573)\n\nRyan Sweat discovered that the kernel incorrectly handled certain\nVLAN packets. On some systems, a remote attacker could send specially\ncrafted traffic to crash the system, leading to a denial of service.\n(CVE-2011-1576)\n\nTimo Warns discovered that the EFI GUID partition table was not\ncorrectly parsed. A physically local attacker that could insert\nmountable devices could exploit this to crash the system or possibly\ngain root privileges. (CVE-2011-1776)\n\nDan Rosenberg discovered that the IPv4 diagnostic routines did not\ncorrectly validate certain requests. A local attacker could exploit\nthis to consume CPU resources, leading to a denial of service.\n(CVE-2011-2213)\n\nVasiliy Kulikov discovered that taskstats did not enforce access\nrestrictions. A local attacker could exploit this to read certain\ninformation, leading to a loss of privacy. (CVE-2011-2494)\n\nVasiliy Kulikov discovered that /proc/PID/io did not enforce access\nrestrictions. A local attacker could exploit this to read certain\ninformation, leading to a loss of privacy. (CVE-2011-2495)\n\nRobert Swiecki discovered that mapping extensions were incorrectly\nhandled. A local attacker could exploit this to crash the system,\nleading to a denial of service. (CVE-2011-2496)\n\nDan Rosenberg discovered that the Bluetooth stack incorrectly handled\ncertain L2CAP requests. If a system was using Bluetooth, a remote\nattacker could send specially crafted traffic to crash the system or\ngain root privileges. (CVE-2011-2497)\n\nIt was discovered that the wireless stack incorrectly verified SSID\nlengths. A local attacker could exploit this to cause a denial of\nservice or gain root privileges. (CVE-2011-2517)\n\nBen Pfaff discovered that Classless Queuing Disciplines (qdiscs) were\nbeing incorrectly handled. A local attacker could exploit this to\ncrash the system, leading to a denial of service. (CVE-2011-2525)\n\nIt was discovered that the EXT4 filesystem contained multiple\noff-by-one flaws. A local attacker could exploit this to crash the\nsystem, leading to a denial of service. (CVE-2011-2695)\n\nHerbert Xu discovered that certain fields were incorrectly handled\nwhen Generic Receive Offload (CVE-2011-2723)\n\nChristian Ohm discovered that the perf command looks for\nconfiguration files in the current directory. If a privileged user\nwere tricked into running perf in a directory containing a malicious\nconfiguration file, an attacker could run arbitrary commands and\npossibly gain privileges. (CVE-2011-2905)\n\nVasiliy Kulikov discovered that the Comedi driver did not correctly\nclear memory. A local attacker could exploit this to read kernel\nstack memory, leading to a loss of privacy. (CVE-2011-2909)\n\nTime Warns discovered that long symlinks were incorrectly handled on\nBe filesystems. A local attacker could exploit this with a malformed\nBe filesystem and crash the system, leading to a denial of service.\n(CVE-2011-2928)\n\nDan Kaminsky discovered that the kernel incorrectly handled random\nsequence number generation. An attacker could use this flaw to\npossibly predict sequence numbers and inject packets. (CVE-2011-3188)\n\nDarren Lavender discovered that the CIFS client incorrectly handled\ncertain large values. A remote attacker with a malicious server could\nexploit this to crash the system or possibly execute arbitrary code\nas the root user. (CVE-2011-3191)\n\nYogesh Sharma discovered that CIFS did not correctly handle UNCs that\nhad no prefixpaths. A local attacker with access to a CIFS partition\ncould exploit this to crash the system, leading to a denial of\nservice. (CVE-2011-3363)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.ubuntu.com/usn/usn-1241-1/\");\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package(s).\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/25\");\n\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/26\");\n script_end_attributes();\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(\"Ubuntu Security Notice (C) 2011 Canonical, Inc. / NASL script (C) 2011-2016 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude(\"ubuntu.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/Ubuntu/release\")) exit(0, \"The host is not running Ubuntu.\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) exit(1, \"Could not obtain the list of installed packages.\");\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.31-611-imx51\", pkgver:\"2.6.31-611.29\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:ubuntu_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-19T14:22:26", "description": "Timo Warns discovered that the EFI GUID partition table was not correctly parsed. A physically local attacker that could insert mountable devices could exploit this to crash the system or possibly gain root privileges. (CVE-2011-1776)\n\nDan Rosenberg discovered that the IPv4 diagnostic routines did not correctly validate certain requests. A local attacker could exploit this to consume CPU resources, leading to a denial of service.\n(CVE-2011-2213)\n\nDan Rosenberg discovered that the Bluetooth stack incorrectly handled certain L2CAP requests. If a system was using Bluetooth, a remote attacker could send specially crafted traffic to crash the system or gain root privileges. (CVE-2011-2497)\n\nIt was discovered that the EXT4 filesystem contained multiple off-by-one flaws. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2695)\n\nMauro Carvalho Chehab discovered that the si4713 radio driver did not correctly check the length of memory copies. If this hardware was available, a local attacker could exploit this to crash the system or gain root privileges. (CVE-2011-2700)\n\nHerbert Xu discovered that certain fields were incorrectly handled when Generic Receive Offload (CVE-2011-2723)\n\nTime Warns discovered that long symlinks were incorrectly handled on Be filesystems. A local attacker could exploit this with a malformed Be filesystem and crash the system, leading to a denial of service.\n(CVE-2011-2928)\n\nDan Kaminsky discovered that the kernel incorrectly handled random sequence number generation. An attacker could use this flaw to possibly predict sequence numbers and inject packets. (CVE-2011-3188)\n\nDarren Lavender discovered that the CIFS client incorrectly handled certain large values. A remote attacker with a malicious server could exploit this to crash the system or possibly execute arbitrary code as the root user. (CVE-2011-3191)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2011-10-13T00:00:00", "type": "nessus", "title": "USN-1228-1 : linux-ti-omap4 vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1776", "CVE-2011-2213", "CVE-2011-2497", "CVE-2011-2695", "CVE-2011-2700", "CVE-2011-2723", "CVE-2011-2928", "CVE-2011-3188", "CVE-2011-3191"], "modified": "2016-12-01T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux"], "id": "UBUNTU_USN-1228-1.NASL", "href": "https://www.tenable.com/plugins/nessus/56479", "sourceData": "# This script was automatically generated from Ubuntu Security\n# Notice USN-1228-1. It is released under the Nessus Script \n# Licence.\n#\n# Ubuntu Security Notices are (C) Canonical, Inc.\n# See http://www.ubuntu.com/usn/\n# Ubuntu(R) is a registered trademark of Canonical, Inc.\n\nif (!defined_func(\"bn_random\")) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56479);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2016/12/01 20:56:51 $\");\n\n script_cve_id(\"CVE-2011-1776\", \"CVE-2011-2213\", \"CVE-2011-2497\", \"CVE-2011-2695\", \"CVE-2011-2700\", \"CVE-2011-2723\", \"CVE-2011-2928\", \"CVE-2011-3188\", \"CVE-2011-3191\");\n script_xref(name:\"USN\", value:\"1228-1\");\n\n script_name(english:\"USN-1228-1 : linux-ti-omap4 vulnerabilities\");\n script_summary(english:\"Checks dpkg output for updated package(s)\");\n\n script_set_attribute(attribute:\"synopsis\", value: \n\"The remote Ubuntu host is missing one or more security-related\npatches.\");\n script_set_attribute(attribute:\"description\", value:\n\"Timo Warns discovered that the EFI GUID partition table was not\ncorrectly parsed. A physically local attacker that could insert\nmountable devices could exploit this to crash the system or possibly\ngain root privileges. (CVE-2011-1776)\n\nDan Rosenberg discovered that the IPv4 diagnostic routines did not\ncorrectly validate certain requests. A local attacker could exploit\nthis to consume CPU resources, leading to a denial of service.\n(CVE-2011-2213)\n\nDan Rosenberg discovered that the Bluetooth stack incorrectly handled\ncertain L2CAP requests. If a system was using Bluetooth, a remote\nattacker could send specially crafted traffic to crash the system or\ngain root privileges. (CVE-2011-2497)\n\nIt was discovered that the EXT4 filesystem contained multiple\noff-by-one flaws. A local attacker could exploit this to crash the\nsystem, leading to a denial of service. (CVE-2011-2695)\n\nMauro Carvalho Chehab discovered that the si4713 radio driver did not\ncorrectly check the length of memory copies. If this hardware was\navailable, a local attacker could exploit this to crash the system or\ngain root privileges. (CVE-2011-2700)\n\nHerbert Xu discovered that certain fields were incorrectly handled\nwhen Generic Receive Offload (CVE-2011-2723)\n\nTime Warns discovered that long symlinks were incorrectly handled on\nBe filesystems. A local attacker could exploit this with a malformed\nBe filesystem and crash the system, leading to a denial of service.\n(CVE-2011-2928)\n\nDan Kaminsky discovered that the kernel incorrectly handled random\nsequence number generation. An attacker could use this flaw to\npossibly predict sequence numbers and inject packets. (CVE-2011-3188)\n\nDarren Lavender discovered that the CIFS client incorrectly handled\ncertain large values. A remote attacker with a malicious server could\nexploit this to crash the system or possibly execute arbitrary code\nas the root user. (CVE-2011-3191)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.ubuntu.com/usn/usn-1228-1/\");\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package(s).\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/12\");\n\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2011/10/13\");\n script_end_attributes();\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(\"Ubuntu Security Notice (C) 2011 Canonical, Inc. / NASL script (C) 2011-2016 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude(\"ubuntu.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/Ubuntu/release\")) exit(0, \"The host is not running Ubuntu.\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) exit(1, \"Could not obtain the list of installed packages.\");\n\nflag = 0;\n\nif (ubuntu_check(osver:\"11.04\", pkgname:\"linux-image-2.6.38-1209-omap4\", pkgver:\"2.6.38-1209.16\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:ubuntu_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:34:18", "description": "Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThis update fixes the following security issues :\n\n* An integer overflow flaw in ib_uverbs_poll_cq() could allow a local, unprivileged user to cause a denial of service or escalate their privileges. (CVE-2010-4649, Important)\n\n* A race condition in the way new InfiniBand connections were set up could allow a remote user to cause a denial of service.\n(CVE-2011-0695, Important)\n\n* A flaw in the Stream Control Transmission Protocol (SCTP) implementation could allow a remote attacker to cause a denial of service if the sysctl 'net.sctp.addip_enable' variable was turned on (it is off by default). (CVE-2011-1573, Important)\n\n* Flaws in the AGPGART driver implementation when handling certain IOCTL commands could allow a local, unprivileged user to cause a denial of service or escalate their privileges. (CVE-2011-1745, CVE-2011-2022, Important)\n\n* An integer overflow flaw in agp_allocate_memory() could allow a local, unprivileged user to cause a denial of service or escalate their privileges. (CVE-2011-1746, Important)\n\n* A flaw allowed napi_reuse_skb() to be called on VLAN (virtual LAN) packets. An attacker on the local network could trigger this flaw by sending specially crafted packets to a target system, possibly causing a denial of service. (CVE-2011-1576, Moderate)\n\n* An integer signedness error in next_pidmap() could allow a local, unprivileged user to cause a denial of service. (CVE-2011-1593, Moderate)\n\n* A flaw in the way the Xen hypervisor implementation handled CPUID instruction emulation during virtual machine exits could allow an unprivileged guest user to crash a guest. This only affects systems that have an Intel x86 processor with the Intel VT-x extension enabled. (CVE-2011-1936, Moderate)\n\n* A flaw in inet_diag_bc_audit() could allow a local, unprivileged user to cause a denial of service (infinite loop). (CVE-2011-2213, Moderate)\n\n* A missing initialization flaw in the XFS file system implementation could lead to an information leak. (CVE-2011-0711, Low)\n\n* A flaw in ib_uverbs_poll_cq() could allow a local, unprivileged user to cause an information leak. (CVE-2011-1044, Low)\n\n* A missing validation check was found in the signals implementation.\nA local, unprivileged user could use this flaw to send signals via the sigqueueinfo system call, with the si_code set to SI_TKILL and with spoofed process and user IDs, to other processes. Note: This flaw does not allow existing permission checks to be bypassed; signals can only be sent if your privileges allow you to already do so. (CVE-2011-1182, Low)\n\n* A heap overflow flaw in the EFI GUID Partition Table (GPT) implementation could allow a local attacker to cause a denial of service by mounting a disk containing specially crafted partition tables. (CVE-2011-1776, Low)\n\n* Structure padding in two structures in the Bluetooth implementation was not initialized properly before being copied to user-space, possibly allowing local, unprivileged users to leak kernel stack memory to user-space. (CVE-2011-2492, Low)\n\nRed Hat would like to thank Jens Kuehnel for reporting CVE-2011-0695;\nVasiliy Kulikov for reporting CVE-2011-1745, CVE-2011-2022, and CVE-2011-1746; Ryan Sweat for reporting CVE-2011-1576; Robert Swiecki for reporting CVE-2011-1593; Dan Rosenberg for reporting CVE-2011-2213 and CVE-2011-0711; Julien Tinnes of the Google Security Team for reporting CVE-2011-1182; Timo Warns for reporting CVE-2011-1776; and Marek Kroemeke and Filip Palian for reporting CVE-2011-2492.\n\nBug fix documentation will be available shortly from the Technical Notes document linked to in the References.\n\nUsers should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs noted in the Technical Notes. The system must be rebooted for this update to take effect.", "cvss3": {"exploitabilityScore": 0.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2011-07-15T00:00:00", "type": "nessus", "title": "RHEL 5 : kernel (RHSA-2011:0927)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-4649", "CVE-2011-0695", "CVE-2011-0711", "CVE-2011-1044", "CVE-2011-1182", "CVE-2011-1573", "CVE-2011-1576", "CVE-2011-1593", "CVE-2011-1745", "CVE-2011-1746", "CVE-2011-1776", "CVE-2011-1936", "CVE-2011-2022", "CVE-2011-2213", "CVE-2011-2492"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-PAE", "p-cpe:/a:redhat:enterprise_linux:kernel-PAE-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-xen", "p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:5.6"], "id": "REDHAT-RHSA-2011-0927.NASL", "href": "https://www.tenable.com/plugins/nessus/55597", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:0927. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55597);\n script_version(\"1.28\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-4649\", \"CVE-2011-0695\", \"CVE-2011-0711\", \"CVE-2011-1044\", \"CVE-2011-1182\", \"CVE-2011-1573\", \"CVE-2011-1576\", \"CVE-2011-1593\", \"CVE-2011-1745\", \"CVE-2011-1746\", \"CVE-2011-1776\", \"CVE-2011-1936\", \"CVE-2011-2022\", \"CVE-2011-2213\", \"CVE-2011-2492\");\n script_bugtraq_id(46073, 46417, 46488, 46839, 47003, 47308, 47497, 47534, 47535, 47796, 47843, 48333, 48441, 48610);\n script_xref(name:\"RHSA\", value:\"2011:0927\");\n\n script_name(english:\"RHEL 5 : kernel (RHSA-2011:0927)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix multiple security issues and several\nbugs are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n* An integer overflow flaw in ib_uverbs_poll_cq() could allow a local,\nunprivileged user to cause a denial of service or escalate their\nprivileges. (CVE-2010-4649, Important)\n\n* A race condition in the way new InfiniBand connections were set up\ncould allow a remote user to cause a denial of service.\n(CVE-2011-0695, Important)\n\n* A flaw in the Stream Control Transmission Protocol (SCTP)\nimplementation could allow a remote attacker to cause a denial of\nservice if the sysctl 'net.sctp.addip_enable' variable was turned on\n(it is off by default). (CVE-2011-1573, Important)\n\n* Flaws in the AGPGART driver implementation when handling certain\nIOCTL commands could allow a local, unprivileged user to cause a\ndenial of service or escalate their privileges. (CVE-2011-1745,\nCVE-2011-2022, Important)\n\n* An integer overflow flaw in agp_allocate_memory() could allow a\nlocal, unprivileged user to cause a denial of service or escalate\ntheir privileges. (CVE-2011-1746, Important)\n\n* A flaw allowed napi_reuse_skb() to be called on VLAN (virtual LAN)\npackets. An attacker on the local network could trigger this flaw by\nsending specially crafted packets to a target system, possibly causing\na denial of service. (CVE-2011-1576, Moderate)\n\n* An integer signedness error in next_pidmap() could allow a local,\nunprivileged user to cause a denial of service. (CVE-2011-1593,\nModerate)\n\n* A flaw in the way the Xen hypervisor implementation handled CPUID\ninstruction emulation during virtual machine exits could allow an\nunprivileged guest user to crash a guest. This only affects systems\nthat have an Intel x86 processor with the Intel VT-x extension\nenabled. (CVE-2011-1936, Moderate)\n\n* A flaw in inet_diag_bc_audit() could allow a local, unprivileged\nuser to cause a denial of service (infinite loop). (CVE-2011-2213,\nModerate)\n\n* A missing initialization flaw in the XFS file system implementation\ncould lead to an information leak. (CVE-2011-0711, Low)\n\n* A flaw in ib_uverbs_poll_cq() could allow a local, unprivileged user\nto cause an information leak. (CVE-2011-1044, Low)\n\n* A missing validation check was found in the signals implementation.\nA local, unprivileged user could use this flaw to send signals via the\nsigqueueinfo system call, with the si_code set to SI_TKILL and with\nspoofed process and user IDs, to other processes. Note: This flaw does\nnot allow existing permission checks to be bypassed; signals can only\nbe sent if your privileges allow you to already do so. (CVE-2011-1182,\nLow)\n\n* A heap overflow flaw in the EFI GUID Partition Table (GPT)\nimplementation could allow a local attacker to cause a denial of\nservice by mounting a disk containing specially crafted partition\ntables. (CVE-2011-1776, Low)\n\n* Structure padding in two structures in the Bluetooth implementation\nwas not initialized properly before being copied to user-space,\npossibly allowing local, unprivileged users to leak kernel stack\nmemory to user-space. (CVE-2011-2492, Low)\n\nRed Hat would like to thank Jens Kuehnel for reporting CVE-2011-0695;\nVasiliy Kulikov for reporting CVE-2011-1745, CVE-2011-2022, and\nCVE-2011-1746; Ryan Sweat for reporting CVE-2011-1576; Robert Swiecki\nfor reporting CVE-2011-1593; Dan Rosenberg for reporting CVE-2011-2213\nand CVE-2011-0711; Julien Tinnes of the Google Security Team for\nreporting CVE-2011-1182; Timo Warns for reporting CVE-2011-1776; and\nMarek Kroemeke and Filip Palian for reporting CVE-2011-2492.\n\nBug fix documentation will be available shortly from the Technical\nNotes document linked to in the References.\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues, and fix the bugs noted in\nthe Technical Notes. The system must be rebooted for this update to\ntake effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-4649\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0695\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0711\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1044\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1182\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1573\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1576\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1593\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1745\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1746\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1776\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1936\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2022\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2213\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2492\"\n );\n # https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?056c0c27\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:0927\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-PAE-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/02/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/07/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2010-4649\", \"CVE-2011-0695\", \"CVE-2011-0711\", \"CVE-2011-1044\", \"CVE-2011-1182\", \"CVE-2011-1573\", \"CVE-2011-1576\", \"CVE-2011-1593\", \"CVE-2011-1745\", \"CVE-2011-1746\", \"CVE-2011-1776\", \"CVE-2011-1936\", \"CVE-2011-2022\", \"CVE-2011-2213\", \"CVE-2011-2492\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2011:0927\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:0927\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-2.6.18-238.19.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-2.6.18-238.19.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-2.6.18-238.19.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-PAE-2.6.18-238.19.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-PAE-devel-2.6.18-238.19.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-debug-2.6.18-238.19.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-debug-2.6.18-238.19.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.18-238.19.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-debug-devel-2.6.18-238.19.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-debug-devel-2.6.18-238.19.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.18-238.19.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-devel-2.6.18-238.19.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-devel-2.6.18-238.19.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.18-238.19.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"kernel-doc-2.6.18-238.19.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"kernel-headers-2.6.18-238.19.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-headers-2.6.18-238.19.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.18-238.19.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-kdump-2.6.18-238.19.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-kdump-devel-2.6.18-238.19.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-xen-2.6.18-238.19.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-xen-2.6.18-238.19.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-xen-devel-2.6.18-238.19.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-xen-devel-2.6.18-238.19.1.el5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-PAE / kernel-PAE-devel / kernel-debug / etc\");\n }\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:34:21", "description": "Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThis update fixes the following security issues :\n\n* An integer overflow flaw in ib_uverbs_poll_cq() could allow a local, unprivileged user to cause a denial of service or escalate their privileges. (CVE-2010-4649, Important)\n\n* A race condition in the way new InfiniBand connections were set up could allow a remote user to cause a denial of service.\n(CVE-2011-0695, Important)\n\n* A flaw in the Stream Control Transmission Protocol (SCTP) implementation could allow a remote attacker to cause a denial of service if the sysctl 'net.sctp.addip_enable' variable was turned on (it is off by default). (CVE-2011-1573, Important)\n\n* Flaws in the AGPGART driver implementation when handling certain IOCTL commands could allow a local, unprivileged user to cause a denial of service or escalate their privileges. (CVE-2011-1745, CVE-2011-2022, Important)\n\n* An integer overflow flaw in agp_allocate_memory() could allow a local, unprivileged user to cause a denial of service or escalate their privileges. (CVE-2011-1746, Important)\n\n* A flaw allowed napi_reuse_skb() to be called on VLAN (virtual LAN) packets. An attacker on the local network could trigger this flaw by sending specially crafted packets to a target system, possibly causing a denial of service. (CVE-2011-1576, Moderate)\n\n* An integer signedness error in next_pidmap() could allow a local, unprivileged user to cause a denial of service. (CVE-2011-1593, Moderate)\n\n* A flaw in the way the Xen hypervisor implementation handled CPUID instruction emulation during virtual machine exits could allow an unprivileged guest user to crash a guest. This only affects systems that have an Intel x86 processor with the Intel VT-x extension enabled. (CVE-2011-1936, Moderate)\n\n* A flaw in inet_diag_bc_audit() could allow a local, unprivileged user to cause a denial of service (infinite loop). (CVE-2011-2213, Moderate)\n\n* A missing initialization flaw in the XFS file system implementation could lead to an information leak. (CVE-2011-0711, Low)\n\n* A flaw in ib_uverbs_poll_cq() could allow a local, unprivileged user to cause an information leak. (CVE-2011-1044, Low)\n\n* A missing validation check was found in the signals implementation.\nA local, unprivileged user could use this flaw to send signals via the sigqueueinfo system call, with the si_code set to SI_TKILL and with spoofed process and user IDs, to other processes. Note: This flaw does not allow existing permission checks to be bypassed; signals can only be sent if your privileges allow you to already do so. (CVE-2011-1182, Low)\n\n* A heap overflow flaw in the EFI GUID Partition Table (GPT) implementation could allow a local attacker to cause a denial of service by mounting a disk containing specially crafted partition tables. (CVE-2011-1776, Low)\n\n* Structure padding in two structures in the Bluetooth implementation was not initialized properly before being copied to user-space, possibly allowing local, unprivileged users to leak kernel stack memory to user-space. (CVE-2011-2492, Low)\n\nRed Hat would like to thank Jens Kuehnel for reporting CVE-2011-0695;\nVasiliy Kulikov for reporting CVE-2011-1745, CVE-2011-2022, and CVE-2011-1746; Ryan Sweat for reporting CVE-2011-1576; Robert Swiecki for reporting CVE-2011-1593; Dan Rosenberg for reporting CVE-2011-2213 and CVE-2011-0711; Julien Tinnes of the Google Security Team for reporting CVE-2011-1182; Timo Warns for reporting CVE-2011-1776; and Marek Kroemeke and Filip Palian for reporting CVE-2011-2492.\n\nBug fix documentation will be available shortly from the Technical Notes document linked to in the References.\n\nUsers should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs noted in the Technical Notes. The system must be rebooted for this update to take effect.", "cvss3": {"exploitabilityScore": 0.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2011-07-19T00:00:00", "type": "nessus", "title": "CentOS 5 : kernel (CESA-2011:0927)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-4649", "CVE-2011-0695", "CVE-2011-0711", "CVE-2011-1044", "CVE-2011-1182", "CVE-2011-1573", "CVE-2011-1576", "CVE-2011-1593", "CVE-2011-1745", "CVE-2011-1746", "CVE-2011-1776", "CVE-2011-1936", "CVE-2011-2022", "CVE-2011-2213", "CVE-2011-2492"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-PAE", "p-cpe:/a:centos:centos:kernel-PAE-devel", "p-cpe:/a:centos:centos:kernel-debug", "p-cpe:/a:centos:centos:kernel-debug-devel", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel-doc", "p-cpe:/a:centos:centos:kernel-headers", "p-cpe:/a:centos:centos:kernel-xen", "p-cpe:/a:centos:centos:kernel-xen-devel", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2011-0927.NASL", "href": "https://www.tenable.com/plugins/nessus/55609", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:0927 and \n# CentOS Errata and Security Advisory 2011:0927 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55609);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2010-4649\", \"CVE-2011-0695\", \"CVE-2011-0711\", \"CVE-2011-1044\", \"CVE-2011-1182\", \"CVE-2011-1573\", \"CVE-2011-1576\", \"CVE-2011-1593\", \"CVE-2011-1745\", \"CVE-2011-1746\", \"CVE-2011-1776\", \"CVE-2011-1936\", \"CVE-2011-2022\", \"CVE-2011-2213\", \"CVE-2011-2492\");\n script_bugtraq_id(46073, 46417, 46488, 46839, 47003, 47308, 47497, 47534, 47535, 47796, 47843, 48333, 48441, 48610);\n script_xref(name:\"RHSA\", value:\"2011:0927\");\n\n script_name(english:\"CentOS 5 : kernel (CESA-2011:0927)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix multiple security issues and several\nbugs are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n* An integer overflow flaw in ib_uverbs_poll_cq() could allow a local,\nunprivileged user to cause a denial of service or escalate their\nprivileges. (CVE-2010-4649, Important)\n\n* A race condition in the way new InfiniBand connections were set up\ncould allow a remote user to cause a denial of service.\n(CVE-2011-0695, Important)\n\n* A flaw in the Stream Control Transmission Protocol (SCTP)\nimplementation could allow a remote attacker to cause a denial of\nservice if the sysctl 'net.sctp.addip_enable' variable was turned on\n(it is off by default). (CVE-2011-1573, Important)\n\n* Flaws in the AGPGART driver implementation when handling certain\nIOCTL commands could allow a local, unprivileged user to cause a\ndenial of service or escalate their privileges. (CVE-2011-1745,\nCVE-2011-2022, Important)\n\n* An integer overflow flaw in agp_allocate_memory() could allow a\nlocal, unprivileged user to cause a denial of service or escalate\ntheir privileges. (CVE-2011-1746, Important)\n\n* A flaw allowed napi_reuse_skb() to be called on VLAN (virtual LAN)\npackets. An attacker on the local network could trigger this flaw by\nsending specially crafted packets to a target system, possibly causing\na denial of service. (CVE-2011-1576, Moderate)\n\n* An integer signedness error in next_pidmap() could allow a local,\nunprivileged user to cause a denial of service. (CVE-2011-1593,\nModerate)\n\n* A flaw in the way the Xen hypervisor implementation handled CPUID\ninstruction emulation during virtual machine exits could allow an\nunprivileged guest user to crash a guest. This only affects systems\nthat have an Intel x86 processor with the Intel VT-x extension\nenabled. (CVE-2011-1936, Moderate)\n\n* A flaw in inet_diag_bc_audit() could allow a local, unprivileged\nuser to cause a denial of service (infinite loop). (CVE-2011-2213,\nModerate)\n\n* A missing initialization flaw in the XFS file system implementation\ncould lead to an information leak. (CVE-2011-0711, Low)\n\n* A flaw in ib_uverbs_poll_cq() could allow a local, unprivileged user\nto cause an information leak. (CVE-2011-1044, Low)\n\n* A missing validation check was found in the signals implementation.\nA local, unprivileged user could use this flaw to send signals via the\nsigqueueinfo system call, with the si_code set to SI_TKILL and with\nspoofed process and user IDs, to other processes. Note: This flaw does\nnot allow existing permission checks to be bypassed; signals can only\nbe sent if your privileges allow you to already do so. (CVE-2011-1182,\nLow)\n\n* A heap overflow flaw in the EFI GUID Partition Table (GPT)\nimplementation could allow a local attacker to cause a denial of\nservice by mounting a disk containing specially crafted partition\ntables. (CVE-2011-1776, Low)\n\n* Structure padding in two structures in the Bluetooth implementation\nwas not initialized properly before being copied to user-space,\npossibly allowing local, unprivileged users to leak kernel stack\nmemory to user-space. (CVE-2011-2492, Low)\n\nRed Hat would like to thank Jens Kuehnel for reporting CVE-2011-0695;\nVasiliy Kulikov for reporting CVE-2011-1745, CVE-2011-2022, and\nCVE-2011-1746; Ryan Sweat for reporting CVE-2011-1576; Robert Swiecki\nfor reporting CVE-2011-1593; Dan Rosenberg for reporting CVE-2011-2213\nand CVE-2011-0711; Julien Tinnes of the Google Security Team for\nreporting CVE-2011-1182; Timo Warns for reporting CVE-2011-1776; and\nMarek Kroemeke and Filip Palian for reporting CVE-2011-2492.\n\nBug fix documentation will be available shortly from the Technical\nNotes document linked to in the References.\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues, and fix the bugs noted in\nthe Technical Notes. The system must be rebooted for this update to\ntake effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-July/017646.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8d65c9da\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-July/017647.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2d98f161\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-PAE-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/02/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/07/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-2.6.18-238.19.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", cpu:\"i386\", reference:\"kernel-PAE-2.6.18-238.19.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", cpu:\"i386\", reference:\"kernel-PAE-devel-2.6.18-238.19.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-debug-2.6.18-238.19.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-debug-devel-2.6.18-238.19.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-devel-2.6.18-238.19.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-doc-2.6.18-238.19.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-headers-2.6.18-238.19.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-xen-2.6.18-238.19.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-xen-devel-2.6.18-238.19.1.el5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-PAE / kernel-PAE-devel / kernel-debug / etc\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:26:53", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThis update fixes the following security issues :\n\n - An integer overflow flaw in ib_uverbs_poll_cq() could allow a local, unprivileged user to cause a denial of service or escalate their privileges. (CVE-2010-4649, Important)\n\n - A race condition in the way new InfiniBand connections were set up could allow a remote user to cause a denial of service. (CVE-2011-0695, Important)\n\n - A flaw in the Stream Control Transmission Protocol (SCTP) implementation could allow a remote attacker to cause a denial of service if the sysctl 'net.sctp.addip_enable' variable was turned on (it is off by default). (CVE-2011-1573, Important)\n\n - Flaws in the AGPGART driver implementation when handling certain IOCTL commands could allow a local, unprivileged user to cause a denial of service or escalate their privileges. (CVE-2011-1745, CVE-2011-2022, Important)\n\n - An integer overflow flaw in agp_allocate_memory() could allow a local, unprivileged user to cause a denial of service or escalate their privileges. (CVE-2011-1746, Important)\n\n - A flaw allowed napi_reuse_skb() to be called on VLAN (virtual LAN) packets. An attacker on the local network could trigger this flaw by sending specially crafted packets to a target system, possibly causing a denial of service. (CVE-2011-1576, Moderate)\n\n - An integer signedness error in next_pidmap() could allow a local, unprivileged user to cause a denial of service.\n (CVE-2011-1593, Moderate)\n\n - A flaw in the way the Xen hypervisor implementation handled CPUID instruction emulation during virtual machine exits could allow an unprivileged guest user to crash a guest. This only affects systems that have an Intel x86 processor with the Intel VT-x extension enabled. (CVE-2011-1936, Moderate)\n\n - A flaw in inet_diag_bc_audit() could allow a local, unprivileged user to cause a denial of service (infinite loop). (CVE-2011-2213, Moderate)\n\n - A missing initialization flaw in the XFS file system implementation could lead to an information leak.\n (CVE-2011-0711, Low)\n\n - A flaw in ib_uverbs_poll_cq() could allow a local, unprivileged user to cause an information leak.\n (CVE-2011-1044, Low)\n\n - A missing validation check was found in the signals implementation. A local, unprivileged user could use this flaw to send signals via the sigqueueinfo system call, with the si_code set to SI_TKILL and with spoofed process and user IDs, to other processes. Note: This flaw does not allow existing permission checks to be bypassed; signals can only be sent if your privileges allow you to already do so. (CVE-2011-1182, Low)\n\n - A heap overflow flaw in the EFI GUID Partition Table (GPT) implementation could allow a local attacker to cause a denial of service by mounting a disk containing specially crafted partition tables. (CVE-2011-1776, Low)\n\n - Structure padding in two structures in the Bluetooth implementation was not initialized properly before being copied to user-space, possibly allowing local, unprivileged users to leak kernel stack memory to user-space. (CVE-2011-2492, Low)\n\nThis update fixes several bugs.\n\nThe system must be rebooted for this update to take effect.", "cvss3": {"exploitabilityScore": 0.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : kernel on SL5.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-4649", "CVE-2011-0695", "CVE-2011-0711", "CVE-2011-1044", "CVE-2011-1182", "CVE-2011-1573", "CVE-2011-1576", "CVE-2011-1593", "CVE-2011-1745", "CVE-2011-1746", "CVE-2011-1776", "CVE-2011-1936", "CVE-2011-2022", "CVE-2011-2213", "CVE-2011-2492"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20110715_KERNEL_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61083", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61083);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-4649\", \"CVE-2011-0695\", \"CVE-2011-0711\", \"CVE-2011-1182\", \"CVE-2011-1573\", \"CVE-2011-1576\", \"CVE-2011-1593\", \"CVE-2011-1745\", \"CVE-2011-1746\", \"CVE-2011-1776\", \"CVE-2011-1936\", \"CVE-2011-2213\", \"CVE-2011-2492\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n - An integer overflow flaw in ib_uverbs_poll_cq() could\n allow a local, unprivileged user to cause a denial of\n service or escalate their privileges. (CVE-2010-4649,\n Important)\n\n - A race condition in the way new InfiniBand connections\n were set up could allow a remote user to cause a denial\n of service. (CVE-2011-0695, Important)\n\n - A flaw in the Stream Control Transmission Protocol\n (SCTP) implementation could allow a remote attacker to\n cause a denial of service if the sysctl\n 'net.sctp.addip_enable' variable was turned on (it is\n off by default). (CVE-2011-1573, Important)\n\n - Flaws in the AGPGART driver implementation when handling\n certain IOCTL commands could allow a local, unprivileged\n user to cause a denial of service or escalate their\n privileges. (CVE-2011-1745, CVE-2011-2022, Important)\n\n - An integer overflow flaw in agp_allocate_memory() could\n allow a local, unprivileged user to cause a denial of\n service or escalate their privileges. (CVE-2011-1746,\n Important)\n\n - A flaw allowed napi_reuse_skb() to be called on VLAN\n (virtual LAN) packets. An attacker on the local network\n could trigger this flaw by sending specially crafted\n packets to a target system, possibly causing a denial of\n service. (CVE-2011-1576, Moderate)\n\n - An integer signedness error in next_pidmap() could allow\n a local, unprivileged user to cause a denial of service.\n (CVE-2011-1593, Moderate)\n\n - A flaw in the way the Xen hypervisor implementation\n handled CPUID instruction emulation during virtual\n machine exits could allow an unprivileged guest user to\n crash a guest. This only affects systems that have an\n Intel x86 processor with the Intel VT-x extension\n enabled. (CVE-2011-1936, Moderate)\n\n - A flaw in inet_diag_bc_audit() could allow a local,\n unprivileged user to cause a denial of service (infinite\n loop). (CVE-2011-2213, Moderate)\n\n - A missing initialization flaw in the XFS file system\n implementation could lead to an information leak.\n (CVE-2011-0711, Low)\n\n - A flaw in ib_uverbs_poll_cq() could allow a local,\n unprivileged user to cause an information leak.\n (CVE-2011-1044, Low)\n\n - A missing validation check was found in the signals\n implementation. A local, unprivileged user could use\n this flaw to send signals via the sigqueueinfo system\n call, with the si_code set to SI_TKILL and with spoofed\n process and user IDs, to other processes. Note: This\n flaw does not allow existing permission checks to be\n bypassed; signals can only be sent if your privileges\n allow you to already do so. (CVE-2011-1182, Low)\n\n - A heap overflow flaw in the EFI GUID Partition Table\n (GPT) implementation could allow a local attacker to\n cause a denial of service by mounting a disk containing\n specially crafted partition tables. (CVE-2011-1776, Low)\n\n - Structure padding in two structures in the Bluetooth\n implementation was not initialized properly before being\n copied to user-space, possibly allowing local,\n unprivileged users to leak kernel stack memory to\n user-space. (CVE-2011-2492, Low)\n\nThis update fixes several bugs.\n\nThe system must be rebooted for this update to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1107&L=scientific-linux-errata&T=0&P=1940\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e210468e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/02/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"kernel-2.6.18-238.19.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"i386\", reference:\"kernel-PAE-2.6.18-238.19.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"i386\", reference:\"kernel-PAE-devel-2.6.18-238.19.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-debug-2.6.18-238.19.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-debug-devel-2.6.18-238.19.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-devel-2.6.18-238.19.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-doc-2.6.18-238.19.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-headers-2.6.18-238.19.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-xen-2.6.18-238.19.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-xen-devel-2.6.18-238.19.1.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:50:38", "description": "From Red Hat Security Advisory 2011:0927 :\n\nUpdated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThis update fixes the following security issues :\n\n* An integer overflow flaw in ib_uverbs_poll_cq() could allow a local, unprivileged user to cause a denial of service or escalate their privileges. (CVE-2010-4649, Important)\n\n* A race condition in the way new InfiniBand connections were set up could allow a remote user to cause a denial of service.\n(CVE-2011-0695, Important)\n\n* A flaw in the Stream Control Transmission Protocol (SCTP) implementation could allow a remote attacker to cause a denial of service if the sysctl 'net.sctp.addip_enable' variable was turned on (it is off by default). (CVE-2011-1573, Important)\n\n* Flaws in the AGPGART driver implementation when handling certain IOCTL commands could allow a local, unprivileged user to cause a denial of service or escalate their privileges. (CVE-2011-1745, CVE-2011-2022, Important)\n\n* An integer overflow flaw in agp_allocate_memory() could allow a local, unprivileged user to cause a denial of service or escalate their privileges. (CVE-2011-1746, Important)\n\n* A flaw allowed napi_reuse_skb() to be called on VLAN (virtual LAN) packets. An attacker on the local network could trigger this flaw by sending specially crafted packets to a target system, possibly causing a denial of service. (CVE-2011-1576, Moderate)\n\n* An integer signedness error in next_pidmap() could allow a local, unprivileged user to cause a denial of service. (CVE-2011-1593, Moderate)\n\n* A flaw in the way the Xen hypervisor implementation handled CPUID instruction emulation during virtual machine exits could allow an unprivileged guest user to crash a guest. This only affects systems that have an Intel x86 processor with the Intel VT-x extension enabled. (CVE-2011-1936, Moderate)\n\n* A flaw in inet_diag_bc_audit() could allow a local, unprivileged user to cause a denial of service (infinite loop). (CVE-2011-2213, Moderate)\n\n* A missing initialization flaw in the XFS file system implementation could lead to an information leak. (CVE-2011-0711, Low)\n\n* A flaw in ib_uverbs_poll_cq() could allow a local, unprivileged user to cause an information leak. (CVE-2011-1044, Low)\n\n* A missing validation check was found in the signals implementation.\nA local, unprivileged user could use this flaw to send signals via the sigqueueinfo system call, with the si_code set to SI_TKILL and with spoofed process and user IDs, to other processes. Note: This flaw does not allow existing permission checks to be bypassed; signals can only be sent if your privileges allow you to already do so. (CVE-2011-1182, Low)\n\n* A heap overflow flaw in the EFI GUID Partition Table (GPT) implementation could allow a local attacker to cause a denial of service by mounting a disk containing specially crafted partition tables. (CVE-2011-1776, Low)\n\n* Structure padding in two structures in the Bluetooth implementation was not initialized properly before being copied to user-space, possibly allowing local, unprivileged users to leak kernel stack memory to user-space. (CVE-2011-2492, Low)\n\nRed Hat would like to thank Jens Kuehnel for reporting CVE-2011-0695;\nVasiliy Kulikov for reporting CVE-2011-1745, CVE-2011-2022, and CVE-2011-1746; Ryan Sweat for reporting CVE-2011-1576; Robert Swiecki for reporting CVE-2011-1593; Dan Rosenberg for reporting CVE-2011-2213 and CVE-2011-0711; Julien Tinnes of the Google Security Team for reporting CVE-2011-1182; Timo Warns for reporting CVE-2011-1776; and Marek Kroemeke and Filip Palian for reporting CVE-2011-2492.\n\nBug fix documentation will be available shortly from the Technical Notes document linked to in the References.\n\nUsers should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs noted in the Technical Notes. The system must be rebooted for this update to take effect.", "cvss3": {"exploitabilityScore": 0.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 5 : kernel (ELSA-2011-0927)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-4649", "CVE-2011-0695", "CVE-2011-0711", "CVE-2011-1044", "CVE-2011-1182", "CVE-2011-1573", "CVE-2011-1576", "CVE-2011-1593", "CVE-2011-1745", "CVE-2011-1746", "CVE-2011-1776", "CVE-2011-1936", "CVE-2011-2022", "CVE-2011-2213", "CVE-2011-2492"], "modified": "2021-08-24T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-PAE", "p-cpe:/a:oracle:linux:kernel-PAE-devel", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-doc", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel-xen", "p-cpe:/a:oracle:linux:kernel-xen-devel", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2011-0927.NASL", "href": "https://www.tenable.com/plugins/nessus/68304", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2011:0927 and \n# Oracle Linux Security Advisory ELSA-2011-0927 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68304);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/24\");\n\n script_cve_id(\"CVE-2010-4649\", \"CVE-2011-0695\", \"CVE-2011-0711\", \"CVE-2011-1044\", \"CVE-2011-1182\", \"CVE-2011-1573\", \"CVE-2011-1576\", \"CVE-2011-1593\", \"CVE-2011-1745\", \"CVE-2011-1746\", \"CVE-2011-1776\", \"CVE-2011-1936\", \"CVE-2011-2022\", \"CVE-2011-2213\", \"CVE-2011-2492\");\n script_bugtraq_id(46073, 46417, 46488, 46839, 47003, 47308, 47497, 47534, 47535, 47796, 47843, 48333, 48441, 48610);\n script_xref(name:\"RHSA\", value:\"2011:0927\");\n\n script_name(english:\"Oracle Linux 5 : kernel (ELSA-2011-0927)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2011:0927 :\n\nUpdated kernel packages that fix multiple security issues and several\nbugs are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n* An integer overflow flaw in ib_uverbs_poll_cq() could allow a local,\nunprivileged user to cause a denial of service or escalate their\nprivileges. (CVE-2010-4649, Important)\n\n* A race condition in the way new InfiniBand connections were set up\ncould allow a remote user to cause a denial of service.\n(CVE-2011-0695, Important)\n\n* A flaw in the Stream Control Transmission Protocol (SCTP)\nimplementation could allow a remote attacker to cause a denial of\nservice if the sysctl 'net.sctp.addip_enable' variable was turned on\n(it is off by default). (CVE-2011-1573, Important)\n\n* Flaws in the AGPGART driver implementation when handling certain\nIOCTL commands could allow a local, unprivileged user to cause a\ndenial of service or escalate their privileges. (CVE-2011-1745,\nCVE-2011-2022, Important)\n\n* An integer overflow flaw in agp_allocate_memory() could allow a\nlocal, unprivileged user to cause a denial of service or escalate\ntheir privileges. (CVE-2011-1746, Important)\n\n* A flaw allowed napi_reuse_skb() to be called on VLAN (virtual LAN)\npackets. An attacker on the local network could trigger this flaw by\nsending specially crafted packets to a target system, possibly causing\na denial of service. (CVE-2011-1576, Moderate)\n\n* An integer signedness error in next_pidmap() could allow a local,\nunprivileged user to cause a denial of service. (CVE-2011-1593,\nModerate)\n\n* A flaw in the way the Xen hypervisor implementation handled CPUID\ninstruction emulation during virtual machine exits could allow an\nunprivileged guest user to crash a guest. This only affects systems\nthat have an Intel x86 processor with the Intel VT-x extension\nenabled. (CVE-2011-1936, Moderate)\n\n* A flaw in inet_diag_bc_audit() could allow a local, unprivileged\nuser to cause a denial of service (infinite loop). (CVE-2011-2213,\nModerate)\n\n* A missing initialization flaw in the XFS file system implementation\ncould lead to an information leak. (CVE-2011-0711, Low)\n\n* A flaw in ib_uverbs_poll_cq() could allow a local, unprivileged user\nto cause an information leak. (CVE-2011-1044, Low)\n\n* A missing validation check was found in the signals implementation.\nA local, unprivileged user could use this flaw to send signals via the\nsigqueueinfo system call, with the si_code set to SI_TKILL and with\nspoofed process and user IDs, to other processes. Note: This flaw does\nnot allow existing permission checks to be bypassed; signals can only\nbe sent if your privileges allow you to already do so. (CVE-2011-1182,\nLow)\n\n* A heap overflow flaw in the EFI GUID Partition Table (GPT)\nimplementation could allow a local attacker to cause a denial of\nservice by mounting a disk containing specially crafted partition\ntables. (CVE-2011-1776, Low)\n\n* Structure padding in two structures in the Bluetooth implementation\nwas not initialized properly before being copied to user-space,\npossibly allowing local, unprivileged users to leak kernel stack\nmemory to user-space. (CVE-2011-2492, Low)\n\nRed Hat would like to thank Jens Kuehnel for reporting CVE-2011-0695;\nVasiliy Kulikov for reporting CVE-2011-1745, CVE-2011-2022, and\nCVE-2011-1746; Ryan Sweat for reporting CVE-2011-1576; Robert Swiecki\nfor reporting CVE-2011-1593; Dan Rosenberg for reporting CVE-2011-2213\nand CVE-2011-0711; Julien Tinnes of the Google Security Team for\nreporting CVE-2011-1182; Timo Warns for reporting CVE-2011-1776; and\nMarek Kroemeke and Filip Palian for reporting CVE-2011-2492.\n\nBug fix documentation will be available shortly from the Technical\nNotes document linked to in the References.\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues, and fix the bugs noted in\nthe Technical Notes. The system must be rebooted for this update to\ntake effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-July/002231.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-PAE-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/02/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n cve_list = make_list(\"CVE-2010-4649\", \"CVE-2011-0695\", \"CVE-2011-0711\", \"CVE-2011-1044\", \"CVE-2011-1182\", \"CVE-2011-1573\", \"CVE-2011-1576\", \"CVE-2011-1593\", \"CVE-2011-1745\", \"CVE-2011-1746\", \"CVE-2011-1776\", \"CVE-2011-1936\", \"CVE-2011-2022\", \"CVE-2011-2213\", \"CVE-2011-2492\"); \n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for ELSA-2011-0927\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item(\"Host/uname/major_minor\");\nif (empty_or_null(kernel_major_minor)) exit(1, \"Unable to determine kernel major-minor level.\");\nexpected_kernel_major_minor = \"2.6\";\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, \"running kernel level \" + expected_kernel_major_minor + \", it is running kernel level \" + kernel_major_minor);\n\nflag = 0;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-2.6.18-238.19.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-PAE-2.6.18\") && rpm_check(release:\"EL5\", cpu:\"i386\", reference:\"kernel-PAE-2.6.18-238.19.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-PAE-devel-2.6.18\") && rpm_check(release:\"EL5\", cpu:\"i386\", reference:\"kernel-PAE-devel-2.6.18-238.19.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-debug-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-debug-2.6.18-238.19.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-debug-devel-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-debug-devel-2.6.18-238.19.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-devel-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-devel-2.6.18-238.19.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-doc-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-doc-2.6.18-238.19.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-headers-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-headers-2.6.18-238.19.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-xen-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-xen-2.6.18-238.19.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-xen-devel-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-xen-devel-2.6.18-238.19.1.0.1.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-20T14:19:36", "description": "Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service.\n(CVE-2011-1576)\n\nTimo Warns discovered that the EFI GUID partition table was not correctly parsed. A physically local attacker that could insert mountable devices could exploit this to crash the system or possibly gain root privileges. (CVE-2011-1776)\n\nDan Rosenberg discovered that the IPv4 diagnostic routines did not correctly validate certain requests. A local attacker could exploit this to consume CPU resources, leading to a denial of service.\n(CVE-2011-2213)\n\nDan Rosenberg discovered that the Bluetooth stack incorrectly handled certain L2CAP requests. If a system was using Bluetooth, a remote attacker could send specially crafted traffic to crash the system or gain root privileges. (CVE-2011-2497)\n\nMauro Carvalho Chehab discovered that the si4713 radio driver did not correctly check the length of memory copies. If this hardware was available, a local attacker could exploit this to crash the system or gain root privileges. (CVE-2011-2700)\n\nHerbert Xu discovered that certain fields were incorrectly handled when Generic Receive Offload (CVE-2011-2723)\n\nTime Warns discovered that long symlinks were incorrectly handled on Be filesystems. A local attacker could exploit this with a malformed Be filesystem and crash the system, leading to a denial of service.\n(CVE-2011-2928)\n\nDan Kaminsky discovered that the kernel incorrectly handled random sequence number generation. An attacker could use this flaw to possibly predict sequence numbers and inject packets. (CVE-2011-3188)\n\nDarren Lavender discovered that the CIFS client incorrectly handled certain large values. A remote attacker with a malicious server could exploit this to crash the system or possibly execute arbitrary code as the root user. (CVE-2011-3191)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2011-09-30T00:00:00", "type": "nessus", "title": "USN-1220-1 : linux-ti-omap4 vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1576", "CVE-2011-1776", "CVE-2011-2213", "CVE-2011-2497", "CVE-2011-2700", "CVE-2011-2723", "CVE-2011-2928", "CVE-2011-3188", "CVE-2011-3191"], "modified": "2016-12-01T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux"], "id": "UBUNTU_USN-1220-1.NASL", "href": "https://www.tenable.com/plugins/nessus/56345", "sourceData": "# This script was automatically generated from Ubuntu Security\n# Notice USN-1220-1. It is released under the Nessus Script \n# Licence.\n#\n# Ubuntu Security Notices are (C) Canonical, Inc.\n# See http://www.ubuntu.com/usn/\n# Ubuntu(R) is a registered trademark of Canonical, Inc.\n\nif (!defined_func(\"bn_random\")) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56345);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2016/12/01 20:56:51 $\");\n\n script_cve_id(\"CVE-2011-1576\", \"CVE-2011-1776\", \"CVE-2011-2213\", \"CVE-2011-2497\", \"CVE-2011-2700\", \"CVE-2011-2723\", \"CVE-2011-2928\", \"CVE-2011-3188\", \"CVE-2011-3191\");\n script_xref(name:\"USN\", value:\"1220-1\");\n\n script_name(english:\"USN-1220-1 : linux-ti-omap4 vulnerabilities\");\n script_summary(english:\"Checks dpkg output for updated package(s)\");\n\n script_set_attribute(attribute:\"synopsis\", value: \n\"The remote Ubuntu host is missing one or more security-related\npatches.\");\n script_set_attribute(attribute:\"description\", value:\n\"Ryan Sweat discovered that the kernel incorrectly handled certain\nVLAN packets. On some systems, a remote attacker could send specially\ncrafted traffic to crash the system, leading to a denial of service.\n(CVE-2011-1576)\n\nTimo Warns discovered that the EFI GUID partition table was not\ncorrectly parsed. A physically local attacker that could insert\nmountable devices could exploit this to crash the system or possibly\ngain root privileges. (CVE-2011-1776)\n\nDan Rosenberg discovered that the IPv4 diagnostic routines did not\ncorrectly validate certain requests. A local attacker could exploit\nthis to consume CPU resources, leading to a denial of service.\n(CVE-2011-2213)\n\nDan Rosenberg discovered that the Bluetooth stack incorrectly handled\ncertain L2CAP requests. If a system was using Bluetooth, a remote\nattacker could send specially crafted traffic to crash the system or\ngain root privileges. (CVE-2011-2497)\n\nMauro Carvalho Chehab discovered that the si4713 radio driver did not\ncorrectly check the length of memory copies. If this hardware was\navailable, a local attacker could exploit this to crash the system or\ngain root privileges. (CVE-2011-2700)\n\nHerbert Xu discovered that certain fields were incorrectly handled\nwhen Generic Receive Offload (CVE-2011-2723)\n\nTime Warns discovered that long symlinks were incorrectly handled on\nBe filesystems. A local attacker could exploit this with a malformed\nBe filesystem and crash the system, leading to a denial of service.\n(CVE-2011-2928)\n\nDan Kaminsky discovered that the kernel incorrectly handled random\nsequence number generation. An attacker could use this flaw to\npossibly predict sequence numbers and inject packets. (CVE-2011-3188)\n\nDarren Lavender discovered that the CIFS client incorrectly handled\ncertain large values. A remote attacker with a malicious server could\nexploit this to crash the system or possibly execute arbitrary code\nas the root user. (CVE-2011-3191)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.ubuntu.com/usn/usn-1220-1/\");\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package(s).\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/29\");\n\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2011/09/30\");\n script_end_attributes();\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(\"Ubuntu Security Notice (C) 2011 Canonical, Inc. / NASL script (C) 2011-2016 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude(\"ubuntu.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/Ubuntu/release\")) exit(0, \"The host is not running Ubuntu.\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) exit(1, \"Could not obtain the list of installed packages.\");\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.10\", pkgname:\"linux-image-2.6.35-903-omap4\", pkgver:\"2.6.35-903.25\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:ubuntu_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:35:47", "description": "Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThis update fixes the following security issues :\n\n* A NULL pointer dereference flaw was found in the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation. A remote attacker could send a specially crafted SCTP packet to a target system, resulting in a denial of service. (CVE-2011-2482, Important)\n\n* A flaw in the Linux kernel's client-side NFS Lock Manager (NLM) implementation could allow a local, unprivileged user to cause a denial of service. (CVE-2011-2491, Important)\n\n* Buffer overflow flaws in the Linux kernel's netlink-based wireless configuration interface implementation could allow a local user, who has the CAP_NET_ADMIN capability, to cause a denial of service or escalate their privileges on systems that have an active wireless interface. (CVE-2011-2517, Important)\n\n* A flaw was found in the way the Linux kernel's Xen hypervisor implementation emulated the SAHF instruction. When using a fully-virtualized guest on a host that does not use hardware assisted paging (HAP), such as those running CPUs that do not have support for (or those that have it disabled) Intel Extended Page Tables (EPT) or AMD Virtualization (AMD-V) Rapid Virtualization Indexing (RVI), a privileged guest user could trigger this flaw to cause the hypervisor to crash. (CVE-2011-2519, Moderate)\n\n* An off-by-one flaw was found in the __addr_ok() macro in the Linux kernel's Xen hypervisor implementation when running on 64-bit systems.\nA privileged guest user could trigger this flaw to cause the hypervisor to crash. (CVE-2011-2901, Moderate)\n\n* /proc/[PID]/io is world-readable by default. Previously, these files could be read without any further restrictions. A local, unprivileged user could read these files, belonging to other, possibly privileged processes to gather confidential information, such as the length of a password used in a process. (CVE-2011-2495, Low)\n\nRed Hat would like to thank Vasily Averin for reporting CVE-2011-2491, and Vasiliy Kulikov of Openwall for reporting CVE-2011-2495.\n\nThis update also fixes several bugs. Documentation for these bug fixes will be available shortly from the Technical Notes document linked to in the References section.\n\nUsers should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs noted in the Technical Notes. The system must be rebooted for this update to take effect.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2011-09-07T00:00:00", "type": "nessus", "title": "RHEL 5 : kernel (RHSA-2011:1212)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2482", "CVE-2011-2491", "CVE-2011-2495", "CVE-2011-2517", "CVE-2011-2519", "CVE-2011-2901"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-PAE", "p-cpe:/a:redhat:enterprise_linux:kernel-PAE-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-xen", "p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel", "cpe:/o:redhat:enterprise_linux:5"], "id": "REDHAT-RHSA-2011-1212.NASL", "href": "https://www.tenable.com/plugins/nessus/56110", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1212. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56110);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-2482\", \"CVE-2011-2491\", \"CVE-2011-2495\", \"CVE-2011-2517\", \"CVE-2011-2519\", \"CVE-2011-2901\");\n script_bugtraq_id(48538, 49141, 49370, 49373, 49375, 49408);\n script_xref(name:\"RHSA\", value:\"2011:1212\");\n\n script_name(english:\"RHEL 5 : kernel (RHSA-2011:1212)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix multiple security issues and several\nbugs are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n* A NULL pointer dereference flaw was found in the Linux kernel's\nStream Control Transmission Protocol (SCTP) implementation. A remote\nattacker could send a specially crafted SCTP packet to a target\nsystem, resulting in a denial of service. (CVE-2011-2482, Important)\n\n* A flaw in the Linux kernel's client-side NFS Lock Manager (NLM)\nimplementation could allow a local, unprivileged user to cause a\ndenial of service. (CVE-2011-2491, Important)\n\n* Buffer overflow flaws in the Linux kernel's netlink-based wireless\nconfiguration interface implementation could allow a local user, who\nhas the CAP_NET_ADMIN capability, to cause a denial of service or\nescalate their privileges on systems that have an active wireless\ninterface. (CVE-2011-2517, Important)\n\n* A flaw was found in the way the Linux kernel's Xen hypervisor\nimplementation emulated the SAHF instruction. When using a\nfully-virtualized guest on a host that does not use hardware assisted\npaging (HAP), such as those running CPUs that do not have support for\n(or those that have it disabled) Intel Extended Page Tables (EPT) or\nAMD Virtualization (AMD-V) Rapid Virtualization Indexing (RVI), a\nprivileged guest user could trigger this flaw to cause the hypervisor\nto crash. (CVE-2011-2519, Moderate)\n\n* An off-by-one flaw was found in the __addr_ok() macro in the Linux\nkernel's Xen hypervisor implementation when running on 64-bit systems.\nA privileged guest user could trigger this flaw to cause the\nhypervisor to crash. (CVE-2011-2901, Moderate)\n\n* /proc/[PID]/io is world-readable by default. Previously, these files\ncould be read without any further restrictions. A local, unprivileged\nuser could read these files, belonging to other, possibly privileged\nprocesses to gather confidential information, such as the length of a\npassword used in a process. (CVE-2011-2495, Low)\n\nRed Hat would like to thank Vasily Averin for reporting CVE-2011-2491,\nand Vasiliy Kulikov of Openwall for reporting CVE-2011-2495.\n\nThis update also fixes several bugs. Documentation for these bug fixes\nwill be available shortly from the Technical Notes document linked to\nin the References section.\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues, and fix the bugs noted in\nthe Technical Notes. The system must be rebooted for this update to\ntake effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2482\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2491\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2495\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2517\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2519\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2901\"\n );\n # https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?056c0c27\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:1212\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-PAE-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/05/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/09/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2011-2482\", \"CVE-2011-2491\", \"CVE-2011-2495\", \"CVE-2011-2517\", \"CVE-2011-2519\", \"CVE-2011-2901\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2011:1212\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:1212\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-2.6.18-274.3.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-2.6.18-274.3.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-2.6.18-274.3.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-PAE-2.6.18-274.3.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-PAE-devel-2.6.18-274.3.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-debug-2.6.18-274.3.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-debug-2.6.18-274.3.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.18-274.3.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-debug-devel-2.6.18-274.3.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-debug-devel-2.6.18-274.3.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.18-274.3.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-devel-2.6.18-274.3.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-devel-2.6.18-274.3.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.18-274.3.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"kernel-doc-2.6.18-274.3.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"kernel-headers-2.6.18-274.3.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-headers-2.6.18-274.3.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.18-274.3.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-kdump-2.6.18-274.3.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-kdump-devel-2.6.18-274.3.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-xen-2.6.18-274.3.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-xen-2.6.18-274.3.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-xen-devel-2.6.18-274.3.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-xen-devel-2.6.18-274.3.1.el5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-PAE / kernel-PAE-devel / kernel-debug / etc\");\n }\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-11T14:37:00", "description": "Updated kernel packages that fix several security issues and various bugs are now available for Red Hat Enterprise Linux 5.6 Extended Update Support.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThese packages contain the Linux kernel.\n\nThis update fixes the following security issues :\n\n* A flaw in the Stream Control Transmission Protocol (SCTP) implementation could allow a remote attacker to cause a denial of service by sending a specially crafted SCTP packet to a target system.\n(CVE-2011-2482, Important)\n\nIf you do not run applications that use SCTP, you can prevent the sctp module from being loaded by adding the following to the end of the '/etc/modprobe.d/blacklist.conf' file :\n\nblacklist sctp\n\nThis way, the sctp module cannot be loaded accidentally, which may occur if an application that requires SCTP is started. A reboot is not necessary for this change to take effect.\n\n* A flaw in the client-side NFS Lock Manager (NLM) implementation could allow a local, unprivileged user to cause a denial of service.\n(CVE-2011-2491, Important)\n\n* Flaws in the netlink-based wireless configuration interface could allow a local user, who has the CAP_NET_ADMIN capability, to cause a denial of service or escalate their privileges on systems that have an active wireless interface. (CVE-2011-2517, Important)\n\n* A flaw was found in the way the Linux kernel's Xen hypervisor implementation emulated the SAHF instruction. When using a fully-virtualized guest on a host that does not use hardware assisted paging (HAP), such as those running CPUs that do not have support for (or those that have it disabled) Intel Extended Page Tables (EPT) or AMD Virtualization (AMD-V) Rapid Virtualization Indexing (RVI), a privileged guest user could trigger this flaw to cause the hypervisor to crash. (CVE-2011-2519, Moderate)\n\n* A flaw in the __addr_ok() macro in the Linux kernel's Xen hypervisor implementation when running on 64-bit systems could allow a privileged guest user to crash the hypervisor. (CVE-2011-2901, Moderate)\n\n* /proc/[PID]/io is world-readable by default. Previously, these files could be read without any further restrictions. A local, unprivileged user could read these files, belonging to other, possibly privileged processes to gather confidential information, such as the length of a password used in a process. (CVE-2011-2495, Low)\n\nRed Hat would like to thank Vasily Averin for reporting CVE-2011-2491, and Vasiliy Kulikov of Openwall for reporting CVE-2011-2495.\n\nThis update also fixes the following bugs :\n\n* On Broadcom PCI cards that use the tg3 driver, the operational state of a network device, represented by the value in '/sys/class/net/ethX/operstate', was not initialized by default.\nConsequently, the state was reported as 'unknown' when the tg3 network device was actually in the 'up' state. This update modifies the tg3 driver to properly set the operstate value. (BZ#744699)\n\n* A KVM (Kernel-based Virtual Machine) guest can get preempted by the host, when a higher priority process needs to run. When a guest is not running for several timer interrupts in a row, ticks could be lost, resulting in the jiffies timer advancing slower than expected and timeouts taking longer than expected. To correct for the issue of lost ticks, do_timer_tsc_timekeeping() checks a reference clock source (kvm-clock when running as a KVM guest) to see if timer interrupts have been missed. If so, jiffies is incremented by the number of missed timer interrupts, ensuring that programs are woken up on time.\n(BZ#747874)\n\n* When a block device object was allocated, the bd_super field was not being explicitly initialized to NULL. Previously, users of the block device object could set bd_super to NULL when the object was released by calling the kill_block_super() function. Certain third-party file systems do not always use this function, and bd_super could therefore become uninitialized when the object was allocated again. This could cause a kernel panic in the blkdev_releasepage() function, when the uninitialized bd_super field was dereferenced. Now, bd_super is properly initialized in the bdget() function, and the kernel panic no longer occurs. (BZ#751137)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2013-01-24T00:00:00", "type": "nessus", "title": "RHEL 5 : kernel (RHSA-2011:1813)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2482", "CVE-2011-2491", "CVE-2011-2495", "CVE-2011-2517", "CVE-2011-2519", "CVE-2011-2901"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-PAE", "p-cpe:/a:redhat:enterprise_linux:kernel-PAE-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-xen", "p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel", "cpe:/o:redhat:enterprise_linux:5.6"], "id": "REDHAT-RHSA-2011-1813.NASL", "href": "https://www.tenable.com/plugins/nessus/64015", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1813. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(64015);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-2482\", \"CVE-2011-2491\", \"CVE-2011-2495\", \"CVE-2011-2517\", \"CVE-2011-2519\", \"CVE-2011-2901\");\n script_bugtraq_id(48538, 49141, 49370, 49373, 49375, 49408);\n script_xref(name:\"RHSA\", value:\"2011:1813\");\n\n script_name(english:\"RHEL 5 : kernel (RHSA-2011:1813)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix several security issues and various\nbugs are now available for Red Hat Enterprise Linux 5.6 Extended\nUpdate Support.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages contain the Linux kernel.\n\nThis update fixes the following security issues :\n\n* A flaw in the Stream Control Transmission Protocol (SCTP)\nimplementation could allow a remote attacker to cause a denial of\nservice by sending a specially crafted SCTP packet to a target system.\n(CVE-2011-2482, Important)\n\nIf you do not run applications that use SCTP, you can prevent the sctp\nmodule from being loaded by adding the following to the end of the\n'/etc/modprobe.d/blacklist.conf' file :\n\nblacklist sctp\n\nThis way, the sctp module cannot be loaded accidentally, which may\noccur if an application that requires SCTP is started. A reboot is not\nnecessary for this change to take effect.\n\n* A flaw in the client-side NFS Lock Manager (NLM) implementation\ncould allow a local, unprivileged user to cause a denial of service.\n(CVE-2011-2491, Important)\n\n* Flaws in the netlink-based wireless configuration interface could\nallow a local user, who has the CAP_NET_ADMIN capability, to cause a\ndenial of service or escalate their privileges on systems that have an\nactive wireless interface. (CVE-2011-2517, Important)\n\n* A flaw was found in the way the Linux kernel's Xen hypervisor\nimplementation emulated the SAHF instruction. When using a\nfully-virtualized guest on a host that does not use hardware assisted\npaging (HAP), such as those running CPUs that do not have support for\n(or those that have it disabled) Intel Extended Page Tables (EPT) or\nAMD Virtualization (AMD-V) Rapid Virtualization Indexing (RVI), a\nprivileged guest user could trigger this flaw to cause the hypervisor\nto crash. (CVE-2011-2519, Moderate)\n\n* A flaw in the __addr_ok() macro in the Linux kernel's Xen hypervisor\nimplementation when running on 64-bit systems could allow a privileged\nguest user to crash the hypervisor. (CVE-2011-2901, Moderate)\n\n* /proc/[PID]/io is world-readable by default. Previously, these files\ncould be read without any further restrictions. A local, unprivileged\nuser could read these files, belonging to other, possibly privileged\nprocesses to gather confidential information, such as the length of a\npassword used in a process. (CVE-2011-2495, Low)\n\nRed Hat would like to thank Vasily Averin for reporting CVE-2011-2491,\nand Vasiliy Kulikov of Openwall for reporting CVE-2011-2495.\n\nThis update also fixes the following bugs :\n\n* On Broadcom PCI cards that use the tg3 driver, the operational state\nof a network device, represented by the value in\n'/sys/class/net/ethX/operstate', was not initialized by default.\nConsequently, the state was reported as 'unknown' when the tg3 network\ndevice was actually in the 'up' state. This update modifies the tg3\ndriver to properly set the operstate value. (BZ#744699)\n\n* A KVM (Kernel-based Virtual Machine) guest can get preempted by the\nhost, when a higher priority process needs to run. When a guest is not\nrunning for several timer interrupts in a row, ticks could be lost,\nresulting in the jiffies timer advancing slower than expected and\ntimeouts taking longer than expected. To correct for the issue of lost\nticks, do_timer_tsc_timekeeping() checks a reference clock source\n(kvm-clock when running as a KVM guest) to see if timer interrupts\nhave been missed. If so, jiffies is incremented by the number of\nmissed timer interrupts, ensuring that programs are woken up on time.\n(BZ#747874)\n\n* When a block device object was allocated, the bd_super field was not\nbeing explicitly initialized to NULL. Previously, users of the block\ndevice object could set bd_super to NULL when the object was released\nby calling the kill_block_super() function. Certain third-party file\nsystems do not always use this function, and bd_super could therefore\nbecome uninitialized when the object was allocated again.

kernel security, bug fix, and enhancement update

Description

Related