(RHSA-2011:1090) Moderate: rhev-hypervisor security and bug fix update

2011-07-27T00:00:00

Description

The rhev-hypervisor package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A flaw was found that allowed napi_reuse_skb() to be called on VLAN (virtual LAN) packets. An attacker on the local network could trigger this flaw by sending specially-crafted packets to a target system, possibly causing a denial of service. (CVE-2011-1576) Red Hat would like to thank Ryan Sweat for reporting CVE-2011-1576. This updated package provides updated components that include fixes for security issues; however, these issues have no security impact for Red Hat Enterprise Virtualization Hypervisor. These fixes are for bash issue CVE-2008-5374; curl issue CVE-2011-2192; kernel issues CVE-2010-4649, CVE-2011-0695, CVE-2011-0711, CVE-2011-1044, CVE-2011-1182, CVE-2011-1573, CVE-2011-1593, CVE-2011-1745, CVE-2011-1746, CVE-2011-1776, CVE-2011-1780, CVE-2011-1936, CVE-2011-2022, CVE-2011-2213, CVE-2011-2492, CVE-2011-2525, and CVE-2011-2689; libvirt issue CVE-2011-2511; and rsync issue CVE-2007-6200. This update also fixes several bugs. Documentation for these bug fixes will be available shortly from the Technical Notes document linked to in the References section. As Red Hat Enterprise Virtualization Hypervisor is based on KVM, the bug fixes from the KVM update RHBA-2011:1068 have been included in this update: https://rhn.redhat.com/errata/RHBA-2011-1068.html Users of Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package, which resolves this issue and fixes the bugs noted in the Technical Notes.

Affected Package

OS	OS Version	Package Name	Package Version
RedHat	5	rhev-hypervisor	5.7-20110725.1.el5

{"id": "RHSA-2011:1090", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2011:1090) Moderate: rhev-hypervisor security and bug fix update", "description": "The rhev-hypervisor package provides a Red Hat Enterprise Virtualization\nHypervisor ISO disk image. The Red Hat Enterprise Virtualization\nHypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor.\nIt includes everything necessary to run and manage virtual machines: A\nsubset of the Red Hat Enterprise Linux operating environment and the Red\nHat Enterprise Virtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for\nthe Intel 64 and AMD64 architectures with virtualization extensions.\n\nA flaw was found that allowed napi_reuse_skb() to be called on VLAN\n(virtual LAN) packets. An attacker on the local network could trigger this\nflaw by sending specially-crafted packets to a target system, possibly\ncausing a denial of service. (CVE-2011-1576)\n\nRed Hat would like to thank Ryan Sweat for reporting CVE-2011-1576.\n\nThis updated package provides updated components that include fixes for\nsecurity issues; however, these issues have no security impact for Red Hat\nEnterprise Virtualization Hypervisor. These fixes are for bash issue\nCVE-2008-5374; curl issue CVE-2011-2192; kernel issues CVE-2010-4649,\nCVE-2011-0695, CVE-2011-0711, CVE-2011-1044, CVE-2011-1182, CVE-2011-1573,\nCVE-2011-1593, CVE-2011-1745, CVE-2011-1746, CVE-2011-1776, CVE-2011-1780,\nCVE-2011-1936, CVE-2011-2022, CVE-2011-2213, CVE-2011-2492, CVE-2011-2525,\nand CVE-2011-2689; libvirt issue CVE-2011-2511; and rsync issue\nCVE-2007-6200.\n\nThis update also fixes several bugs. Documentation for these bug fixes will\nbe available shortly from the Technical Notes document linked to in the\nReferences section.\n\nAs Red Hat Enterprise Virtualization Hypervisor is based on KVM, the bug\nfixes from the KVM update RHBA-2011:1068 have been included in this update:\n\nhttps://rhn.redhat.com/errata/RHBA-2011-1068.html\n\nUsers of Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to this updated package, which resolves this issue and fixes the\nbugs noted in the Technical Notes.\n", "published": "2011-07-27T00:00:00", "modified": "2019-03-22T19:43:59", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://access.redhat.com/errata/RHSA-2011:1090", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2007-6200", "CVE-2008-5374", "CVE-2010-4649", "CVE-2011-0695", "CVE-2011-0711", "CVE-2011-1044", "CVE-2011-1182", "CVE-2011-1573", "CVE-2011-1576", "CVE-2011-1593", "CVE-2011-1745", "CVE-2011-1746", "CVE-2011-1776", "CVE-2011-1780", "CVE-2011-1936", "CVE-2011-2022", "CVE-2011-2192", "CVE-2011-2213", "CVE-2011-2492", "CVE-2011-2511", "CVE-2011-2525", "CVE-2011-2689"], "immutableFields": [], "lastseen": "2021-10-19T20:41:03", "viewCount": 9, "enchantments": {"dependencies": {"references": [{"type": "centos", "idList": ["CESA-2011:0918", "CESA-2011:0927", "CESA-2011:0999", "CESA-2011:1019", "CESA-2011:1065", "CESA-2011:1073"]}, {"type": "cve", "idList": ["CVE-2007-6200", "CVE-2008-5374", "CVE-2010-4649", "CVE-2011-0695", "CVE-2011-0711", "CVE-2011-1044", "CVE-2011-1182", "CVE-2011-1573", "CVE-2011-1576", "CVE-2011-1593", "CVE-2011-1745", "CVE-2011-1746", "CVE-2011-1776", "CVE-2011-1780", "CVE-2011-1936", "CVE-2011-2022", "CVE-2011-2192", "CVE-2011-2213", "CVE-2011-2492", "CVE-2011-2511", "CVE-2011-2525", "CVE-2011-2689"]}, {"type": "debian", "idList": ["DEBIAN:BSA-052:2E8C1", "DEBIAN:DSA-2153-1:FDD6A", "DEBIAN:DSA-2240-1:38C7A", "DEBIAN:DSA-2264-1:87A7B", "DEBIAN:DSA-2271-1:0BBCF", "DEBIAN:DSA-2271-1:1B88B", "DEBIAN:DSA-2280-1:ECE34", "DEBIAN:DSA-2303-1:FAE10", "DEBIAN:DSA-2303-2:A9DDE", "DEBIAN:DSA-2310-1:3E5BE", "DEBIAN:DSA-2389-1:215DA"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2007-6200", "DEBIANCVE:CVE-2008-5374", "DEBIANCVE:CVE-2011-2192", "DEBIANCVE:CVE-2011-2511"]}, {"type": "f5", "idList": ["SOL15604"]}, {"type": "fedora", "idList": ["FEDORA:13309110B4E", "FEDORA:16AED110C39", "FEDORA:329D9110666", "FEDORA:6F955210EC", "FEDORA:79E5C110A75", "FEDORA:7AE2C1106A7", "FEDORA:8785411086D", "FEDORA:8F4F21106DA", "FEDORA:A272A110C4A", "FEDORA:ACEFF2102F", "FEDORA:BCC0720E13", "FEDORA:BD6A910FBAE", "FEDORA:CAA68215A9", "FEDORA:CAECE110D4F", "FEDORA:E446A2122A"]}, {"type": "freebsd", "idList": ["9AECB94C-C1AD-11E3-A5AC-001B21614864"]}, {"type": "gentoo", "idList": ["GLSA-201202-07", "GLSA-201203-02", "GLSA-201210-05"]}, {"type": "nessus", "idList": ["6303.PRM", "6904.PRM", "801392.PRM", "CENTOS_RHSA-2011-0918.NASL", "CENTOS_RHSA-2011-0927.NASL", "CENTOS_RHSA-2011-0999.NASL", "CENTOS_RHSA-2011-1019.NASL", "CENTOS_RHSA-2011-1065.NASL", "CENTOS_RHSA-2011-1073.NASL", "DEBIAN_DSA-2153.NASL", "DEBIAN_DSA-2240.NASL", "DEBIAN_DSA-2264.NASL", "DEBIAN_DSA-2271.NASL", "DEBIAN_DSA-2280.NASL", "DEBIAN_DSA-2303.NASL", "DEBIAN_DSA-2310.NASL", "DEBIAN_DSA-2389.NASL", "FEDORA_2011-11103.NASL", "FEDORA_2011-1138.NASL", "FEDORA_2011-2134.NASL", "FEDORA_2011-6447.NASL", "FEDORA_2011-6541.NASL", "FEDORA_2011-8586.NASL", "FEDORA_2011-8640.NASL", "FEDORA_2011-9062.NASL", "FEDORA_2011-9091.NASL", "FREEBSD_PKG_9AECB94CC1AD11E3A5AC001B21614864.NASL", "GENTOO_GLSA-201202-07.NASL", "GENTOO_GLSA-201203-02.NASL", "GENTOO_GLSA-201210-05.NASL", "HPSMH_7_0_0_24.NASL", "MACOSX_10_7_3.NASL", "MACOSX_SECUPD2008-005.NASL", "MACOSX_SECUPD2012-001.NASL", "MANDRIVA_MDVSA-2008-011.NASL", "MANDRIVA_MDVSA-2010-004.NASL", "MANDRIVA_MDVSA-2011-116.NASL", "ORACLELINUX_ELSA-2011-0261.NASL", "ORACLELINUX_ELSA-2011-0421.NASL", "ORACLELINUX_ELSA-2011-0498.NASL", "ORACLELINUX_ELSA-2011-0918.NASL", "ORACLELINUX_ELSA-2011-0927.NASL", "ORACLELINUX_ELSA-2011-1189.NASL", "ORACLELINUX_ELSA-2011-1197.NASL", "ORACLELINUX_ELSA-2011-1350.NASL", "ORACLELINUX_ELSA-2011-2014.NASL", "ORACLELINUX_ELSA-2011-2015.NASL", "ORACLELINUX_ELSA-2011-2024.NASL", "ORACLELINUX_ELSA-2011-2025.NASL", "ORACLELINUX_ELSA-2011-2037.NASL", "ORACLELINUX_ELSA-2011-2038.NASL", "ORACLEVM_OVMSA-2013-0039.NASL", "ORACLEVM_OVMSA-2016-0056.NASL", "REDHAT-RHSA-2011-0261.NASL", "REDHAT-RHSA-2011-0421.NASL", "REDHAT-RHSA-2011-0498.NASL", "REDHAT-RHSA-2011-0883.NASL", "REDHAT-RHSA-2011-0918.NASL", "REDHAT-RHSA-2011-0927.NASL", "REDHAT-RHSA-2011-0999.NASL", "REDHAT-RHSA-2011-1019.NASL", "REDHAT-RHSA-2011-1065.NASL", "REDHAT-RHSA-2011-1073.NASL", "REDHAT-RHSA-2011-1090.NASL", "REDHAT-RHSA-2011-1106.NASL", "REDHAT-RHSA-2011-1163.NASL", "REDHAT-RHSA-2011-1189.NASL", "REDHAT-RHSA-2011-1197.NASL", "REDHAT-RHSA-2011-1253.NASL", "REDHAT-RHSA-2011-1350.NASL", "SL_20110216_BASH_ON_SL4_X.NASL", "SL_20110407_KERNEL_ON_SL6_X.NASL", "SL_20110510_KERNEL_ON_SL6_X.NASL", "SL_20110705_CURL_ON_SL4_X.NASL", "SL_20110715_KERNEL_ON_SL5_X.NASL", "SL_20110721_BASH_ON_SL5_X.NASL", "SL_20110721_LIBVIRT_ON_SL5_X.NASL", "SL_20110721_RSYNC_ON_SL5_X.NASL", "SL_20110823_KERNEL_ON_SL6_X.NASL", "SL_20110823_LIBVIRT_ON_SL6_X.NASL", "SL_20111005_KERNEL_ON_SL6_X.NASL", "SUSE9_12038.NASL", "SUSE_11_2_KERNEL-110413.NASL", "SUSE_11_3_KERNEL-110414.NASL", "SUSE_11_3_KERNEL-110726.NASL", "SUSE_11_3_KERNEL-111026.NASL", "SUSE_11_3_KERNEL-120104.NASL", "SUSE_11_3_LIBVIRT-110706.NASL", "SUSE_11_4_CURL-120131.NASL", "SUSE_11_4_KERNEL-110426.NASL", "SUSE_11_4_KERNEL-110726.NASL", "SUSE_11_4_KERNEL-111026.NASL", "SUSE_11_4_KERNEL-120104.NASL", "SUSE_11_4_LIBVIRT-110706.NASL", "SUSE_11_KERNEL-110228.NASL", "SUSE_11_KERNEL-110414.NASL", "SUSE_11_KERNEL-110415.NASL", "SUSE_11_KERNEL-110718.NASL", "SUSE_11_KERNEL-110823.NASL", "SUSE_11_KERNEL-110824.NASL", "SUSE_11_KERNEL-111202.NASL", "SUSE_11_LIBVIRT-110712.NASL", "SUSE_KERNEL-7381.NASL", "SUSE_KERNEL-7384.NASL", "SUSE_KERNEL-7515.NASL", "SUSE_KERNEL-7516.NASL", "SUSE_KERNEL-7568.NASL", "SUSE_KERNEL-7665.NASL", "SUSE_KERNEL-7666.NASL", "SUSE_KERNEL-7729.NASL", "SUSE_KERNEL-7734.NASL", "SUSE_KERNEL-7811.NASL", "SUSE_KERNEL-7812.NASL", "SUSE_KERNEL-7915.NASL", "SUSE_KERNEL-7918.NASL", "SUSE_KERNEL-8324.NASL", "SUSE_KERNEL-8325.NASL", "SUSE_LIBVIRT-7613.NASL", "SUSE_LIBVIRT-7616.NASL", "SUSE_OFED-8386.NASL", "SUSE_RSYNC-4793.NASL", "SUSE_RSYNC-4798.NASL", "SUSE_SU-2012-1391-1.NASL", "SUSE_SU-2012-1708-1.NASL", "SUSE_SU-2013-1832-1.NASL", "SUSE_SU-2014-0536-1.NASL", "SUSE_XEN-201108-7703.NASL", "SUSE_XEN-7654.NASL", "UBUNTU_USN-1080-1.NASL", "UBUNTU_USN-1080-2.NASL", "UBUNTU_USN-1081-1.NASL", "UBUNTU_USN-1093-1.NASL", "UBUNTU_USN-1111-1.NASL", "UBUNTU_USN-1133-1.NASL", "UBUNTU_USN-1141-1.NASL", "UBUNTU_USN-1146-1.NASL", "UBUNTU_USN-1158-1.NASL", "UBUNTU_USN-1159-1.NASL", "UBUNTU_USN-1160-1.NASL", "UBUNTU_USN-1161-1.NASL", "UBUNTU_USN-1162-1.NASL", "UBUNTU_USN-1164-1.NASL", "UBUNTU_USN-1167-1.NASL", "UBUNTU_USN-1168-1.NASL", "UBUNTU_USN-1170-1.NASL", "UBUNTU_USN-1180-1.NASL", "UBUNTU_USN-1183-1.NASL", "UBUNTU_USN-1186-1.NASL", "UBUNTU_USN-1187-1.NASL", "UBUNTU_USN-1189-1.NASL", "UBUNTU_USN-1201-1.NASL", "UBUNTU_USN-1202-1.NASL", "UBUNTU_USN-1203-1.NASL", "UBUNTU_USN-1204-1.NASL", "UBUNTU_USN-1205-1.NASL", "UBUNTU_USN-1208-1.NASL", "UBUNTU_USN-1211-1.NASL", "UBUNTU_USN-1212-1.NASL", "UBUNTU_USN-1216-1.NASL", "UBUNTU_USN-1218-1.NASL", "UBUNTU_USN-1219-1.NASL", "UBUNTU_USN-1220-1.NASL", "UBUNTU_USN-1225-1.NASL", "UBUNTU_USN-1227-1.NASL", "UBUNTU_USN-1228-1.NASL", "UBUNTU_USN-1236-1.NASL", "UBUNTU_USN-1239-1.NASL", "UBUNTU_USN-1240-1.NASL", "UBUNTU_USN-1241-1.NASL", "UBUNTU_USN-1245-1.NASL", "UBUNTU_USN-1246-1.NASL", "UBUNTU_USN-1253-1.NASL", "UBUNTU_USN-1256-1.NASL", "UBUNTU_USN-1268-1.NASL", "UBUNTU_USN-1269-1.NASL", "UBUNTU_USN-1274-1.NASL", "UBUNTU_USN-1286-1.NASL", "VMWARE_VMSA-2012-0001.NASL", "VMWARE_VMSA-2012-0001_REMOTE.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:102024", "OPENVAS:103448", "OPENVAS:1361412562310102024", "OPENVAS:1361412562310103448", "OPENVAS:1361412562310122018", "OPENVAS:1361412562310122029", "OPENVAS:1361412562310122078", "OPENVAS:1361412562310122102", "OPENVAS:1361412562310122103", "OPENVAS:1361412562310122105", "OPENVAS:1361412562310122106", "OPENVAS:1361412562310122118", "OPENVAS:1361412562310122119", "OPENVAS:1361412562310122122", "OPENVAS:1361412562310122123", "OPENVAS:1361412562310122132", "OPENVAS:1361412562310122139", "OPENVAS:1361412562310122177", "OPENVAS:1361412562310122179", "OPENVAS:1361412562310122192", "OPENVAS:1361412562310122198", "OPENVAS:136141256231065598", "OPENVAS:136141256231065976", "OPENVAS:136141256231068992", "OPENVAS:136141256231069970", "OPENVAS:136141256231069972", "OPENVAS:136141256231069989", "OPENVAS:136141256231071182", "OPENVAS:136141256231071186", "OPENVAS:136141256231072521", "OPENVAS:1361412562310802392", "OPENVAS:1361412562310830649", "OPENVAS:1361412562310830811", "OPENVAS:1361412562310831429", "OPENVAS:1361412562310840599", "OPENVAS:1361412562310840600", "OPENVAS:1361412562310840601", "OPENVAS:1361412562310840638", "OPENVAS:1361412562310840663", "OPENVAS:1361412562310840671", "OPENVAS:1361412562310840676", "OPENVAS:1361412562310840685", "OPENVAS:1361412562310840691", "OPENVAS:1361412562310840693", "OPENVAS:1361412562310840696", "OPENVAS:1361412562310840698", "OPENVAS:1361412562310840699", "OPENVAS:1361412562310840700", "OPENVAS:1361412562310840703", "OPENVAS:1361412562310840704", "OPENVAS:1361412562310840709", "OPENVAS:1361412562310840716", "OPENVAS:1361412562310840718", "OPENVAS:1361412562310840720", "OPENVAS:1361412562310840725", "OPENVAS:1361412562310840739", "OPENVAS:1361412562310840740", "OPENVAS:1361412562310840743", "OPENVAS:1361412562310840744", "OPENVAS:1361412562310840745", "OPENVAS:1361412562310840746", "OPENVAS:1361412562310840748", "OPENVAS:1361412562310840749", "OPENVAS:1361412562310840758", "OPENVAS:1361412562310840760", "OPENVAS:1361412562310840761", "OPENVAS:1361412562310840762", "OPENVAS:1361412562310840764", "OPENVAS:1361412562310840771", "OPENVAS:1361412562310840773", "OPENVAS:1361412562310840778", "OPENVAS:1361412562310840786", "OPENVAS:1361412562310840788", "OPENVAS:1361412562310840790", "OPENVAS:1361412562310840793", "OPENVAS:1361412562310840796", "OPENVAS:1361412562310840802", "OPENVAS:1361412562310840804", "OPENVAS:1361412562310840811", "OPENVAS:1361412562310840816", "OPENVAS:1361412562310840823", "OPENVAS:1361412562310840828", "OPENVAS:1361412562310850163", "OPENVAS:1361412562310850165", "OPENVAS:1361412562310850211", "OPENVAS:1361412562310850253", "OPENVAS:1361412562310862842", "OPENVAS:1361412562310862910", "OPENVAS:1361412562310863087", "OPENVAS:1361412562310863279", "OPENVAS:1361412562310863292", "OPENVAS:1361412562310863312", "OPENVAS:1361412562310863333", "OPENVAS:1361412562310863350", "OPENVAS:1361412562310863370", "OPENVAS:1361412562310863447", "OPENVAS:1361412562310863571", "OPENVAS:1361412562310863604", "OPENVAS:1361412562310863606", "OPENVAS:1361412562310863647", "OPENVAS:1361412562310863728", "OPENVAS:1361412562310870392", "OPENVAS:1361412562310870452", "OPENVAS:1361412562310870453", "OPENVAS:1361412562310870454", "OPENVAS:1361412562310870455", "OPENVAS:1361412562310870458", "OPENVAS:1361412562310870470", "OPENVAS:1361412562310870628", "OPENVAS:1361412562310870632", "OPENVAS:1361412562310870646", "OPENVAS:1361412562310870687", "OPENVAS:1361412562310870731", "OPENVAS:1361412562310871860", "OPENVAS:1361412562310880495", "OPENVAS:1361412562310880545", "OPENVAS:1361412562310880960", "OPENVAS:1361412562310880988", "OPENVAS:1361412562310880990", "OPENVAS:1361412562310880996", "OPENVAS:1361412562310881002", "OPENVAS:1361412562310881298", "OPENVAS:1361412562310881313", "OPENVAS:1361412562310881323", "OPENVAS:1361412562310881342", "OPENVAS:1361412562310881347", "OPENVAS:1361412562310881391", "OPENVAS:1361412562310881424", "OPENVAS:1361412562310892389", "OPENVAS:65598", "OPENVAS:65976", "OPENVAS:68992", "OPENVAS:69970", "OPENVAS:69972", "OPENVAS:69989", "OPENVAS:71182", "OPENVAS:71186", "OPENVAS:72521", "OPENVAS:802392", "OPENVAS:830649", "OPENVAS:830811", "OPENVAS:831429", "OPENVAS:840599", "OPENVAS:840600", "OPENVAS:840601", "OPENVAS:840638", "OPENVAS:840663", "OPENVAS:840671", "OPENVAS:840676", "OPENVAS:840685", "OPENVAS:840691", "OPENVAS:840693", "OPENVAS:840696", "OPENVAS:840698", "OPENVAS:840699", "OPENVAS:840700", "OPENVAS:840703", "OPENVAS:840704", "OPENVAS:840709", "OPENVAS:840716", "OPENVAS:840718", "OPENVAS:840720", "OPENVAS:840725", "OPENVAS:840739", "OPENVAS:840740", "OPENVAS:840743", "OPENVAS:840744", "OPENVAS:840745", "OPENVAS:840746", "OPENVAS:840748", "OPENVAS:840749", "OPENVAS:840758", "OPENVAS:840760", "OPENVAS:840761", "OPENVAS:840762", "OPENVAS:840764", "OPENVAS:840771", "OPENVAS:840773", "OPENVAS:840778", "OPENVAS:840786", "OPENVAS:840788", "OPENVAS:840790", "OPENVAS:840793", "OPENVAS:840796", "OPENVAS:840802", "OPENVAS:840804", "OPENVAS:840811", "OPENVAS:840816", "OPENVAS:840823", "OPENVAS:840828", "OPENVAS:850163", "OPENVAS:850165", "OPENVAS:850211", "OPENVAS:850253", "OPENVAS:862842", "OPENVAS:862910", "OPENVAS:863087", "OPENVAS:863279", "OPENVAS:863292", "OPENVAS:863312", "OPENVAS:863333", "OPENVAS:863350", "OPENVAS:863370", "OPENVAS:863447", "OPENVAS:863571", "OPENVAS:863604", "OPENVAS:863606", "OPENVAS:863647", "OPENVAS:863728", "OPENVAS:870392", "OPENVAS:870452", "OPENVAS:870453", "OPENVAS:870454", "OPENVAS:870455", "OPENVAS:870458", "OPENVAS:870470", "OPENVAS:870628", "OPENVAS:870632", "OPENVAS:870646", "OPENVAS:870687", "OPENVAS:870731", "OPENVAS:880495", "OPENVAS:880545", "OPENVAS:880960", "OPENVAS:880988", "OPENVAS:880990", "OPENVAS:880996", "OPENVAS:881002", "OPENVAS:881298", "OPENVAS:881313", "OPENVAS:881323", "OPENVAS:881342", "OPENVAS:881347", "OPENVAS:881391", "OPENVAS:881424", "OPENVAS:892389"]}, {"type": "oraclelinux", "idList": ["ELSA-2011-0261", "ELSA-2011-0421", "ELSA-2011-0498", "ELSA-2011-0542", "ELSA-2011-0918", "ELSA-2011-0927", "ELSA-2011-0999", "ELSA-2011-1019", "ELSA-2011-1065", "ELSA-2011-1073", "ELSA-2011-1189", "ELSA-2011-1197", "ELSA-2011-1350", "ELSA-2011-2014", "ELSA-2011-2015", "ELSA-2011-2024", "ELSA-2011-2025", "ELSA-2011-2037", "ELSA-2011-2038"]}, {"type": "osv", "idList": ["OSV:DSA-2153-1", "OSV:DSA-2240-1", "OSV:DSA-2264-1", "OSV:DSA-2271-1", "OSV:DSA-2280-1", "OSV:DSA-2303-1", "OSV:DSA-2310-1", "OSV:DSA-2389-1"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:105078"]}, {"type": "redhat", "idList": ["RHSA-2011:0261", "RHSA-2011:0330", "RHSA-2011:0421", "RHSA-2011:0498", "RHSA-2011:0500", "RHSA-2011:0918", "RHSA-2011:0927", "RHSA-2011:0999", "RHSA-2011:1019", "RHSA-2011:1065", "RHSA-2011:1073", "RHSA-2011:1163", "RHSA-2011:1189", "RHSA-2011:1197", "RHSA-2011:1253", "RHSA-2011:1350"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:18565", "SECURITYVULNS:DOC:23060", "SECURITYVULNS:DOC:25594", "SECURITYVULNS:DOC:26323", "SECURITYVULNS:DOC:26354", "SECURITYVULNS:DOC:26397", "SECURITYVULNS:DOC:26416", "SECURITYVULNS:DOC:26447", "SECURITYVULNS:DOC:26586", "SECURITYVULNS:DOC:26676", "SECURITYVULNS:DOC:27006", "SECURITYVULNS:DOC:27054", "SECURITYVULNS:DOC:27375", "SECURITYVULNS:DOC:27566", "SECURITYVULNS:DOC:27600", "SECURITYVULNS:DOC:30403", "SECURITYVULNS:DOC:30412", "SECURITYVULNS:VULN:11394", "SECURITYVULNS:VULN:11588", "SECURITYVULNS:VULN:11656", "SECURITYVULNS:VULN:11708", "SECURITYVULNS:VULN:11749", "SECURITYVULNS:VULN:11800", "SECURITYVULNS:VULN:11922", "SECURITYVULNS:VULN:12057", "SECURITYVULNS:VULN:12151", "SECURITYVULNS:VULN:12164", "SECURITYVULNS:VULN:13641", "SECURITYVULNS:VULN:8404"]}, {"type": "seebug", "idList": ["SSV:20357", "SSV:20653", "SSV:20738", "SSV:20784", "SSV:20865"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2012:0206-1", "OPENSUSE-SU-2012:0236-1", "SUSE-SA:2011:012", "SUSE-SA:2011:015", "SUSE-SA:2011:017", "SUSE-SA:2011:019", "SUSE-SA:2011:020", "SUSE-SA:2011:021", "SUSE-SA:2011:026", "SUSE-SA:2011:027", "SUSE-SA:2011:031", "SUSE-SA:2011:034", "SUSE-SA:2011:038", "SUSE-SA:2011:040", "SUSE-SA:2011:042", "SUSE-SA:2011:046", "SUSE-SU-2011:0711-1", "SUSE-SU-2011:0832-1", "SUSE-SU-2011:0899-1", "SUSE-SU-2011:0925-1", "SUSE-SU-2011:0984-1", "SUSE-SU-2011:0984-2", "SUSE-SU-2011:0984-3", "SUSE-SU-2011:1057-1", "SUSE-SU-2011:1058-1", "SUSE-SU-2011:1195-1", "SUSE-SU-2011:1319-1", "SUSE-SU-2011:1319-2", "SUSE-SU-2012:0364-1", "SUSE-SU-2012:1391-1", "SUSE-SU-2014:0536-1"]}, {"type": "ubuntu", "idList": ["USN-1080-1", "USN-1080-2", "USN-1081-1", "USN-1093-1", "USN-1111-1", "USN-1141-1", "USN-1146-1", "USN-1158-1", "USN-1159-1", "USN-1160-1", "USN-1161-1", "USN-1162-1", "USN-1164-1", "USN-1167-1", "USN-1168-1", "USN-1170-1", "USN-1180-1", "USN-1183-1", "USN-1186-1", "USN-1187-1", "USN-1189-1", "USN-1201-1", "USN-1202-1", "USN-1203-1", "USN-1204-1", "USN-1205-1", "USN-1208-1", "USN-1211-1", "USN-1212-1", "USN-1216-1", "USN-1218-1", "USN-1219-1", "USN-1220-1", "USN-1225-1", "USN-1227-1", "USN-1228-1", "USN-1236-1", "USN-1239-1", "USN-1240-1", "USN-1241-1", "USN-1245-1", "USN-1246-1", "USN-1253-1", "USN-1256-1", "USN-1268-1", "USN-1269-1", "USN-1274-1", "USN-1286-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2007-6200", "UB:CVE-2008-5374", "UB:CVE-2010-4649", "UB:CVE-2011-0695", "UB:CVE-2011-0711", "UB:CVE-2011-1044", "UB:CVE-2011-1182", "UB:CVE-2011-1573", "UB:CVE-2011-1576", "UB:CVE-2011-1593", "UB:CVE-2011-1745", "UB:CVE-2011-1746", "UB:CVE-2011-1776", "UB:CVE-2011-1780", "UB:CVE-2011-1936", "UB:CVE-2011-2022", "UB:CVE-2011-2192", "UB:CVE-2011-2213", "UB:CVE-2011-2492", "UB:CVE-2011-2511", "UB:CVE-2011-2525", "UB:CVE-2011-2689"]}, {"type": "veracode", "idList": ["VERACODE:24582", "VERACODE:24594", "VERACODE:24648", "VERACODE:24653", "VERACODE:24655", "VERACODE:24660", "VERACODE:24661", "VERACODE:24694", "VERACODE:24695", "VERACODE:24731", "VERACODE:24753", "VERACODE:24754", "VERACODE:24756", "VERACODE:24774", "VERACODE:24776", "VERACODE:24777", "VERACODE:24778", "VERACODE:24779", "VERACODE:24780", "VERACODE:24781", "VERACODE:24797"]}, {"type": "vmware", "idList": ["VMSA-2012-0001", "VMSA-2012-0001.2"]}]}, "score": {"value": 0.6, "vector": "NONE"}, "backreferences": {"references": [{"type": "canvas", "idList": ["RSYNC"]}, {"type": "centos", "idList": ["CESA-2011:0918", "CESA-2011:0927", "CESA-2011:0999", "CESA-2011:1019", "CESA-2011:1065", "CESA-2011:1073"]}, {"type": "cve", "idList": ["CVE-2007-6200"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2271-1:0BBCF"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2011-2192"]}, {"type": "f5", "idList": ["SOL15604"]}, {"type": "fedora", "idList": ["FEDORA:6F955210EC"]}, {"type": "freebsd", "idList": ["9AECB94C-C1AD-11E3-A5AC-001B21614864"]}, {"type": "gentoo", "idList": ["GLSA-201202-07"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/LINUXRPM-RHSA-2011-1106/", "MSF:ILITIES/SUSE-CVE-2011-1182/"]}, {"type": "nessus", "idList": ["801392.PRM", "CENTOS_RHSA-2011-0918.NASL", "DEBIAN_DSA-2271.NASL", "FEDORA_2011-11103.NASL", "FEDORA_2011-1138.NASL", "MACOSX_10_7_3.NASL", "ORACLELINUX_ELSA-2011-0261.NASL", "ORACLELINUX_ELSA-2011-0498.NASL", "ORACLELINUX_ELSA-2011-2025.NASL", "REDHAT-RHSA-2011-0261.NASL", "REDHAT-RHSA-2011-0883.NASL", "REDHAT-RHSA-2011-1189.NASL", "SUSE_KERNEL-7516.NASL", "SUSE_KERNEL-8324.NASL", "SUSE_RSYNC-4793.NASL", "UBUNTU_USN-1080-1.NASL", "UBUNTU_USN-1133-1.NASL", "UBUNTU_USN-1164-1.NASL", "UBUNTU_USN-1211-1.NASL", "UBUNTU_USN-1246-1.NASL", "UBUNTU_USN-1269-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310122018", "OPENVAS:1361412562310122132", "OPENVAS:136141256231065598", "OPENVAS:1361412562310830811", "OPENVAS:1361412562310831429", "OPENVAS:1361412562310840699", "OPENVAS:1361412562310840700", "OPENVAS:1361412562310840740", "OPENVAS:1361412562310840758", "OPENVAS:1361412562310840760", "OPENVAS:1361412562310840771", "OPENVAS:1361412562310863350", "OPENVAS:1361412562310863447", "OPENVAS:1361412562310863606", "OPENVAS:1361412562310870458", "OPENVAS:1361412562310870470", "OPENVAS:1361412562310870646", "OPENVAS:1361412562310881298", "OPENVAS:840773", "OPENVAS:863312", "OPENVAS:870687", "OPENVAS:880545", "OPENVAS:881391"]}, {"type": "oraclelinux", "idList": ["ELSA-2011-0261", "ELSA-2011-0421", "ELSA-2011-0498", "ELSA-2011-0542", "ELSA-2011-0927", "ELSA-2011-1019", "ELSA-2011-1065", "ELSA-2011-1073", "ELSA-2011-1189", "ELSA-2011-1197", "ELSA-2011-1350", "ELSA-2011-2014", "ELSA-2011-2015", "ELSA-2011-2024", "ELSA-2011-2025", "ELSA-2011-2037", "ELSA-2011-2038"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:105078"]}, {"type": "redhat", "idList": ["RHSA-2011:0261", "RHSA-2011:0421", "RHSA-2011:0498", "RHSA-2011:0927", "RHSA-2011:1019", "RHSA-2011:1065", "RHSA-2011:1073", "RHSA-2011:1189", "RHSA-2011:1197", "RHSA-2011:1350"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:26447"]}, {"type": "seebug", "idList": ["SSV:20865"]}, {"type": "suse", "idList": ["SUSE-SA:2011:015", "SUSE-SU-2011:1058-1"]}, {"type": "ubuntu", "idList": ["USN-1158-1", "USN-1236-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2011-0695", "UB:CVE-2011-2022", "UB:CVE-2011-2192"]}, {"type": "vmware", "idList": ["VMSA-2012-0001"]}]}, "exploitation": null, "vulnersScore": 0.6}, "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "arch": "noarch", "packageVersion": "5.7-20110725.1.el5", "packageFilename": "rhev-hypervisor-5.7-20110725.1.el5.noarch.rpm", "operator": "lt", "packageName": "rhev-hypervisor"}], "vendorCvss": {"severity": "moderate"}, "_state": {"dependencies": 1660012827, "score": 1659809374}, "_internal": {"score_hash": "8e9d01a18cc300d6e90af15f39595787"}}

{"nessus": [{"lastseen": "2023-01-18T14:40:15", "description": "An updated rhev-hypervisor package that fixes one security issue and several bugs is now available.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe rhev-hypervisor package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions.\n\nA flaw was found that allowed napi_reuse_skb() to be called on VLAN (virtual LAN) packets. An attacker on the local network could trigger this flaw by sending specially crafted packets to a target system, possibly causing a denial of service. (CVE-2011-1576)\n\nRed Hat would like to thank Ryan Sweat for reporting CVE-2011-1576.\n\nThis updated package provides updated components that include fixes for security issues; however, these issues have no security impact for Red Hat Enterprise Virtualization Hypervisor. These fixes are for bash issue CVE-2008-5374; curl issue CVE-2011-2192; kernel issues CVE-2010-4649, CVE-2011-0695, CVE-2011-0711, CVE-2011-1044, CVE-2011-1182, CVE-2011-1573, CVE-2011-1593, CVE-2011-1745, CVE-2011-1746, CVE-2011-1776, CVE-2011-1780, CVE-2011-1936, CVE-2011-2022, CVE-2011-2213, CVE-2011-2492, CVE-2011-2525, and CVE-2011-2689; libvirt issue CVE-2011-2511; and rsync issue CVE-2007-6200.\n\nThis update also fixes several bugs. Documentation for these bug fixes will be available shortly from the Technical Notes document linked to in the References section.\n\nAs Red Hat Enterprise Virtualization Hypervisor is based on KVM, the bug fixes from the KVM update RHBA-2011:1068 have been included in this update :\n\nhttps://rhn.redhat.com/errata/RHBA-2011-1068.html\n\nUsers of Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package, which resolves this issue and fixes the bugs noted in the Technical Notes.", "cvss3": {}, "published": "2014-11-17T00:00:00", "type": "nessus", "title": "RHEL 5 : rhev-hypervisor (RHSA-2011:1090)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 5.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 5.7, "vectorString": "AV:A/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6200", "CVE-2008-5374", "CVE-2010-4649", "CVE-2011-0695", "CVE-2011-0711", "CVE-2011-1044", "CVE-2011-1182", "CVE-2011-1573", "CVE-2011-1576", "CVE-2011-1593", "CVE-2011-1745", "CVE-2011-1746", "CVE-2011-1776", "CVE-2011-1780", "CVE-2011-1936", "CVE-2011-2022", "CVE-2011-2192", "CVE-2011-2213", "CVE-2011-2492", "CVE-2011-2511", "CVE-2011-2525", "CVE-2011-2689"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor", "cpe:/o:redhat:enterprise_linux:5"], "id": "REDHAT-RHSA-2011-1090.NASL", "href": "https://www.tenable.com/plugins/nessus/79279", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1090. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79279);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-1576\");\n script_xref(name:\"RHSA\", value:\"2011:1090\");\n\n script_name(english:\"RHEL 5 : rhev-hypervisor (RHSA-2011:1090)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated rhev-hypervisor package that fixes one security issue and\nseveral bugs is now available.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe rhev-hypervisor package provides a Red Hat Enterprise\nVirtualization Hypervisor ISO disk image. The Red Hat Enterprise\nVirtualization Hypervisor is a dedicated Kernel-based Virtual Machine\n(KVM) hypervisor. It includes everything necessary to run and manage\nvirtual machines: A subset of the Red Hat Enterprise Linux operating\nenvironment and the Red Hat Enterprise Virtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available\nfor the Intel 64 and AMD64 architectures with virtualization\nextensions.\n\nA flaw was found that allowed napi_reuse_skb() to be called on VLAN\n(virtual LAN) packets. An attacker on the local network could trigger\nthis flaw by sending specially crafted packets to a target system,\npossibly causing a denial of service. (CVE-2011-1576)\n\nRed Hat would like to thank Ryan Sweat for reporting CVE-2011-1576.\n\nThis updated package provides updated components that include fixes\nfor security issues; however, these issues have no security impact for\nRed Hat Enterprise Virtualization Hypervisor. These fixes are for bash\nissue CVE-2008-5374; curl issue CVE-2011-2192; kernel issues\nCVE-2010-4649, CVE-2011-0695, CVE-2011-0711, CVE-2011-1044,\nCVE-2011-1182, CVE-2011-1573, CVE-2011-1593, CVE-2011-1745,\nCVE-2011-1746, CVE-2011-1776, CVE-2011-1780, CVE-2011-1936,\nCVE-2011-2022, CVE-2011-2213, CVE-2011-2492, CVE-2011-2525, and\nCVE-2011-2689; libvirt issue CVE-2011-2511; and rsync issue\nCVE-2007-6200.\n\nThis update also fixes several bugs. Documentation for these bug fixes\nwill be available shortly from the Technical Notes document linked to\nin the References section.\n\nAs Red Hat Enterprise Virtualization Hypervisor is based on KVM, the\nbug fixes from the KVM update RHBA-2011:1068 have been included in\nthis update :\n\nhttps://rhn.redhat.com/errata/RHBA-2011-1068.html\n\nUsers of Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to this updated package, which resolves this issue and fixes\nthe bugs noted in the Technical Notes.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1576\"\n );\n # https://docs.redhat.com/docs/en-US/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/documentation/en-US/\"\n );\n # https://rhn.redhat.com/errata/RHBA-2011-1068.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHBA-2011:1068\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:1090\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected rhev-hypervisor package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/08/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:1090\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"rhev-hypervisor-5.7-20110725.1.el5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rhev-hypervisor\");\n }\n}\n", "cvss": {"score": 5.7, "vector": "AV:A/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-11T14:34:18", "description": "Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThis update fixes the following security issues :\n\n* An integer overflow flaw in ib_uverbs_poll_cq() could allow a local, unprivileged user to cause a denial of service or escalate their privileges. (CVE-2010-4649, Important)\n\n* A race condition in the way new InfiniBand connections were set up could allow a remote user to cause a denial of service.\n(CVE-2011-0695, Important)\n\n* A flaw in the Stream Control Transmission Protocol (SCTP) implementation could allow a remote attacker to cause a denial of service if the sysctl 'net.sctp.addip_enable' variable was turned on (it is off by default). (CVE-2011-1573, Important)\n\n* Flaws in the AGPGART driver implementation when handling certain IOCTL commands could allow a local, unprivileged user to cause a denial of service or escalate their privileges. (CVE-2011-1745, CVE-2011-2022, Important)\n\n* An integer overflow flaw in agp_allocate_memory() could allow a local, unprivileged user to cause a denial of service or escalate their privileges. (CVE-2011-1746, Important)\n\n* A flaw allowed napi_reuse_skb() to be called on VLAN (virtual LAN) packets. An attacker on the local network could trigger this flaw by sending specially crafted packets to a target system, possibly causing a denial of service. (CVE-2011-1576, Moderate)\n\n* An integer signedness error in next_pidmap() could allow a local, unprivileged user to cause a denial of service. (CVE-2011-1593, Moderate)\n\n* A flaw in the way the Xen hypervisor implementation handled CPUID instruction emulation during virtual machine exits could allow an unprivileged guest user to crash a guest. This only affects systems that have an Intel x86 processor with the Intel VT-x extension enabled. (CVE-2011-1936, Moderate)\n\n* A flaw in inet_diag_bc_audit() could allow a local, unprivileged user to cause a denial of service (infinite loop). (CVE-2011-2213, Moderate)\n\n* A missing initialization flaw in the XFS file system implementation could lead to an information leak. (CVE-2011-0711, Low)\n\n* A flaw in ib_uverbs_poll_cq() could allow a local, unprivileged user to cause an information leak. (CVE-2011-1044, Low)\n\n* A missing validation check was found in the signals implementation.\nA local, unprivileged user could use this flaw to send signals via the sigqueueinfo system call, with the si_code set to SI_TKILL and with spoofed process and user IDs, to other processes. Note: This flaw does not allow existing permission checks to be bypassed; signals can only be sent if your privileges allow you to already do so. (CVE-2011-1182, Low)\n\n* A heap overflow flaw in the EFI GUID Partition Table (GPT) implementation could allow a local attacker to cause a denial of service by mounting a disk containing specially crafted partition tables. (CVE-2011-1776, Low)\n\n* Structure padding in two structures in the Bluetooth implementation was not initialized properly before being copied to user-space, possibly allowing local, unprivileged users to leak kernel stack memory to user-space. (CVE-2011-2492, Low)\n\nRed Hat would like to thank Jens Kuehnel for reporting CVE-2011-0695;\nVasiliy Kulikov for reporting CVE-2011-1745, CVE-2011-2022, and CVE-2011-1746; Ryan Sweat for reporting CVE-2011-1576; Robert Swiecki for reporting CVE-2011-1593; Dan Rosenberg for reporting CVE-2011-2213 and CVE-2011-0711; Julien Tinnes of the Google Security Team for reporting CVE-2011-1182; Timo Warns for reporting CVE-2011-1776; and Marek Kroemeke and Filip Palian for reporting CVE-2011-2492.\n\nBug fix documentation will be available shortly from the Technical Notes document linked to in the References.\n\nUsers should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs noted in the Technical Notes. The system must be rebooted for this update to take effect.", "cvss3": {"exploitabilityScore": 0.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2011-07-15T00:00:00", "type": "nessus", "title": "RHEL 5 : kernel (RHSA-2011:0927)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-4649", "CVE-2011-0695", "CVE-2011-0711", "CVE-2011-1044", "CVE-2011-1182", "CVE-2011-1573", "CVE-2011-1576", "CVE-2011-1593", "CVE-2011-1745", "CVE-2011-1746", "CVE-2011-1776", "CVE-2011-1936", "CVE-2011-2022", "CVE-2011-2213", "CVE-2011-2492"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-PAE", "p-cpe:/a:redhat:enterprise_linux:kernel-PAE-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-xen", "p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:5.6"], "id": "REDHAT-RHSA-2011-0927.NASL", "href": "https://www.tenable.com/plugins/nessus/55597", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:0927. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55597);\n script_version(\"1.28\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-4649\", \"CVE-2011-0695\", \"CVE-2011-0711\", \"CVE-2011-1044\", \"CVE-2011-1182\", \"CVE-2011-1573\", \"CVE-2011-1576\", \"CVE-2011-1593\", \"CVE-2011-1745\", \"CVE-2011-1746\", \"CVE-2011-1776\", \"CVE-2011-1936\", \"CVE-2011-2022\", \"CVE-2011-2213\", \"CVE-2011-2492\");\n script_bugtraq_id(46073, 46417, 46488, 46839, 47003, 47308, 47497, 47534, 47535, 47796, 47843, 48333, 48441, 48610);\n script_xref(name:\"RHSA\", value:\"2011:0927\");\n\n script_name(english:\"RHEL 5 : kernel (RHSA-2011:0927)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix multiple security issues and several\nbugs are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n* An integer overflow flaw in ib_uverbs_poll_cq() could allow a local,\nunprivileged user to cause a denial of service or escalate their\nprivileges. (CVE-2010-4649, Important)\n\n* A race condition in the way new InfiniBand connections were set up\ncould allow a remote user to cause a denial of service.\n(CVE-2011-0695, Important)\n\n* A flaw in the Stream Control Transmission Protocol (SCTP)\nimplementation could allow a remote attacker to cause a denial of\nservice if the sysctl 'net.sctp.addip_enable' variable was turned on\n(it is off by default). (CVE-2011-1573, Important)\n\n* Flaws in the AGPGART driver implementation when handling certain\nIOCTL commands could allow a local, unprivileged user to cause a\ndenial of service or escalate their privileges. (CVE-2011-1745,\nCVE-2011-2022, Important)\n\n* An integer overflow flaw in agp_allocate_memory() could allow a\nlocal, unprivileged user to cause a denial of service or escalate\ntheir privileges. (CVE-2011-1746, Important)\n\n* A flaw allowed napi_reuse_skb() to be called on VLAN (virtual LAN)\npackets. An attacker on the local network could trigger this flaw by\nsending specially crafted packets to a target system, possibly causing\na denial of service. (CVE-2011-1576, Moderate)\n\n* An integer signedness error in next_pidmap() could allow a local,\nunprivileged user to cause a denial of service. (CVE-2011-1593,\nModerate)\n\n* A flaw in the way the Xen hypervisor implementation handled CPUID\ninstruction emulation during virtual machine exits could allow an\nunprivileged guest user to crash a guest. This only affects systems\nthat have an Intel x86 processor with the Intel VT-x extension\nenabled. (CVE-2011-1936, Moderate)\n\n* A flaw in inet_diag_bc_audit() could allow a local, unprivileged\nuser to cause a denial of service (infinite loop). (CVE-2011-2213,\nModerate)\n\n* A missing initialization flaw in the XFS file system implementation\ncould lead to an information leak. (CVE-2011-0711, Low)\n\n* A flaw in ib_uverbs_poll_cq() could allow a local, unprivileged user\nto cause an information leak. (CVE-2011-1044, Low)\n\n* A missing validation check was found in the signals implementation.\nA local, unprivileged user could use this flaw to send signals via the\nsigqueueinfo system call, with the si_code set to SI_TKILL and with\nspoofed process and user IDs, to other processes. Note: This flaw does\nnot allow existing permission checks to be bypassed; signals can only\nbe sent if your privileges allow you to already do so. (CVE-2011-1182,\nLow)\n\n* A heap overflow flaw in the EFI GUID Partition Table (GPT)\nimplementation could allow a local attacker to cause a denial of\nservice by mounting a disk containing specially crafted partition\ntables. (CVE-2011-1776, Low)\n\n* Structure padding in two structures in the Bluetooth implementation\nwas not initialized properly before being copied to user-space,\npossibly allowing local, unprivileged users to leak kernel stack\nmemory to user-space. (CVE-2011-2492, Low)\n\nRed Hat would like to thank Jens Kuehnel for reporting CVE-2011-0695;\nVasiliy Kulikov for reporting CVE-2011-1745, CVE-2011-2022, and\nCVE-2011-1746; Ryan Sweat for reporting CVE-2011-1576; Robert Swiecki\nfor reporting CVE-2011-1593; Dan Rosenberg for reporting CVE-2011-2213\nand CVE-2011-0711; Julien Tinnes of the Google Security Team for\nreporting CVE-2011-1182; Timo Warns for reporting CVE-2011-1776; and\nMarek Kroemeke and Filip Palian for reporting CVE-2011-2492.\n\nBug fix documentation will be available shortly from the Technical\nNotes document linked to in the References.\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues, and fix the bugs noted in\nthe Technical Notes. The system must be rebooted for this update to\ntake effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-4649\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0695\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0711\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1044\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1182\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1573\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1576\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1593\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1745\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1746\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1776\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1936\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2022\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2213\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2492\"\n );\n # https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?056c0c27\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:0927\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-PAE-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/02/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/07/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2010-4649\", \"CVE-2011-0695\", \"CVE-2011-0711\", \"CVE-2011-1044\", \"CVE-2011-1182\", \"CVE-2011-1573\", \"CVE-2011-1576\", \"CVE-2011-1593\", \"CVE-2011-1745\", \"CVE-2011-1746\", \"CVE-2011-1776\", \"CVE-2011-1936\", \"CVE-2011-2022\", \"CVE-2011-2213\", \"CVE-2011-2492\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2011:0927\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:0927\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-2.6.18-238.19.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-2.6.18-238.19.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-2.6.18-238.19.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-PAE-2.6.18-238.19.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-PAE-devel-2.6.18-238.19.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-debug-2.6.18-238.19.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-debug-2.6.18-238.19.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.18-238.19.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-debug-devel-2.6.18-238.19.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-debug-devel-2.6.18-238.19.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.18-238.19.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-devel-2.6.18-238.19.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-devel-2.6.18-238.19.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.18-238.19.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"kernel-doc-2.6.18-238.19.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"kernel-headers-2.6.18-238.19.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-headers-2.6.18-238.19.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.18-238.19.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-kdump-2.6.18-238.19.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-kdump-devel-2.6.18-238.19.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-xen-2.6.18-238.19.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-xen-2.6.18-238.19.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-xen-devel-2.6.18-238.19.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-xen-devel-2.6.18-238.19.1.el5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-PAE / kernel-PAE-devel / kernel-debug / etc\");\n }\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:34:21", "description": "Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThis update fixes the following security issues :\n\n* An integer overflow flaw in ib_uverbs_poll_cq() could allow a local, unprivileged user to cause a denial of service or escalate their privileges. (CVE-2010-4649, Important)\n\n* A race condition in the way new InfiniBand connections were set up could allow a remote user to cause a denial of service.\n(CVE-2011-0695, Important)\n\n* A flaw in the Stream Control Transmission Protocol (SCTP) implementation could allow a remote attacker to cause a denial of service if the sysctl 'net.sctp.addip_enable' variable was turned on (it is off by default). (CVE-2011-1573, Important)\n\n* Flaws in the AGPGART driver implementation when handling certain IOCTL commands could allow a local, unprivileged user to cause a denial of service or escalate their privileges. (CVE-2011-1745, CVE-2011-2022, Important)\n\n* An integer overflow flaw in agp_allocate_memory() could allow a local, unprivileged user to cause a denial of service or escalate their privileges. (CVE-2011-1746, Important)\n\n* A flaw allowed napi_reuse_skb() to be called on VLAN (virtual LAN) packets. An attacker on the local network could trigger this flaw by sending specially crafted packets to a target system, possibly causing a denial of service. (CVE-2011-1576, Moderate)\n\n* An integer signedness error in next_pidmap() could allow a local, unprivileged user to cause a denial of service. (CVE-2011-1593, Moderate)\n\n* A flaw in the way the Xen hypervisor implementation handled CPUID instruction emulation during virtual machine exits could allow an unprivileged guest user to crash a guest. This only affects systems that have an Intel x86 processor with the Intel VT-x extension enabled. (CVE-2011-1936, Moderate)\n\n* A flaw in inet_diag_bc_audit() could allow a local, unprivileged user to cause a denial of service (infinite loop). (CVE-2011-2213, Moderate)\n\n* A missing initialization flaw in the XFS file system implementation could lead to an information leak. (CVE-2011-0711, Low)\n\n* A flaw in ib_uverbs_poll_cq() could allow a local, unprivileged user to cause an information leak. (CVE-2011-1044, Low)\n\n* A missing validation check was found in the signals implementation.\nA local, unprivileged user could use this flaw to send signals via the sigqueueinfo system call, with the si_code set to SI_TKILL and with spoofed process and user IDs, to other processes. Note: This flaw does not allow existing permission checks to be bypassed; signals can only be sent if your privileges allow you to already do so. (CVE-2011-1182, Low)\n\n* A heap overflow flaw in the EFI GUID Partition Table (GPT) implementation could allow a local attacker to cause a denial of service by mounting a disk containing specially crafted partition tables. (CVE-2011-1776, Low)\n\n* Structure padding in two structures in the Bluetooth implementation was not initialized properly before being copied to user-space, possibly allowing local, unprivileged users to leak kernel stack memory to user-space. (CVE-2011-2492, Low)\n\nRed Hat would like to thank Jens Kuehnel for reporting CVE-2011-0695;\nVasiliy Kulikov for reporting CVE-2011-1745, CVE-2011-2022, and CVE-2011-1746; Ryan Sweat for reporting CVE-2011-1576; Robert Swiecki for reporting CVE-2011-1593; Dan Rosenberg for reporting CVE-2011-2213 and CVE-2011-0711; Julien Tinnes of the Google Security Team for reporting CVE-2011-1182; Timo Warns for reporting CVE-2011-1776; and Marek Kroemeke and Filip Palian for reporting CVE-2011-2492.\n\nBug fix documentation will be available shortly from the Technical Notes document linked to in the References.\n\nUsers should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs noted in the Technical Notes. The system must be rebooted for this update to take effect.", "cvss3": {"exploitabilityScore": 0.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2011-07-19T00:00:00", "type": "nessus", "title": "CentOS 5 : kernel (CESA-2011:0927)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-4649", "CVE-2011-0695", "CVE-2011-0711", "CVE-2011-1044", "CVE-2011-1182", "CVE-2011-1573", "CVE-2011-1576", "CVE-2011-1593", "CVE-2011-1745", "CVE-2011-1746", "CVE-2011-1776", "CVE-2011-1936", "CVE-2011-2022", "CVE-2011-2213", "CVE-2011-2492"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-PAE", "p-cpe:/a:centos:centos:kernel-PAE-devel", "p-cpe:/a:centos:centos:kernel-debug", "p-cpe:/a:centos:centos:kernel-debug-devel", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel-doc", "p-cpe:/a:centos:centos:kernel-headers", "p-cpe:/a:centos:centos:kernel-xen", "p-cpe:/a:centos:centos:kernel-xen-devel", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2011-0927.NASL", "href": "https://www.tenable.com/plugins/nessus/55609", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:0927 and \n# CentOS Errata and Security Advisory 2011:0927 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55609);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2010-4649\", \"CVE-2011-0695\", \"CVE-2011-0711\", \"CVE-2011-1044\", \"CVE-2011-1182\", \"CVE-2011-1573\", \"CVE-2011-1576\", \"CVE-2011-1593\", \"CVE-2011-1745\", \"CVE-2011-1746\", \"CVE-2011-1776\", \"CVE-2011-1936\", \"CVE-2011-2022\", \"CVE-2011-2213\", \"CVE-2011-2492\");\n script_bugtraq_id(46073, 46417, 46488, 46839, 47003, 47308, 47497, 47534, 47535, 47796, 47843, 48333, 48441, 48610);\n script_xref(name:\"RHSA\", value:\"2011:0927\");\n\n script_name(english:\"CentOS 5 : kernel (CESA-2011:0927)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix multiple security issues and several\nbugs are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n* An integer overflow flaw in ib_uverbs_poll_cq() could allow a local,\nunprivileged user to cause a denial of service or escalate their\nprivileges. (CVE-2010-4649, Important)\n\n* A race condition in the way new InfiniBand connections were set up\ncould allow a remote user to cause a denial of service.\n(CVE-2011-0695, Important)\n\n* A flaw in the Stream Control Transmission Protocol (SCTP)\nimplementation could allow a remote attacker to cause a denial of\nservice if the sysctl 'net.sctp.addip_enable' variable was turned on\n(it is off by default). (CVE-2011-1573, Important)\n\n* Flaws in the AGPGART driver implementation when handling certain\nIOCTL commands could allow a local, unprivileged user to cause a\ndenial of service or escalate their privileges. (CVE-2011-1745,\nCVE-2011-2022, Important)\n\n* An integer overflow flaw in agp_allocate_memory() could allow a\nlocal, unprivileged user to cause a denial of service or escalate\ntheir privileges. (CVE-2011-1746, Important)\n\n* A flaw allowed napi_reuse_skb() to be called on VLAN (virtual LAN)\npackets. An attacker on the local network could trigger this flaw by\nsending specially crafted packets to a target system, possibly causing\na denial of service. (CVE-2011-1576, Moderate)\n\n* An integer signedness error in next_pidmap() could allow a local,\nunprivileged user to cause a denial of service. (CVE-2011-1593,\nModerate)\n\n* A flaw in the way the Xen hypervisor implementation handled CPUID\ninstruction emulation during virtual machine exits could allow an\nunprivileged guest user to crash a guest. This only affects systems\nthat have an Intel x86 processor with the Intel VT-x extension\nenabled. (CVE-2011-1936, Moderate)\n\n* A flaw in inet_diag_bc_audit() could allow a local, unprivileged\nuser to cause a denial of service (infinite loop). (CVE-2011-2213,\nModerate)\n\n* A missing initialization flaw in the XFS file system implementation\ncould lead to an information leak. (CVE-2011-0711, Low)\n\n* A flaw in ib_uverbs_poll_cq() could allow a local, unprivileged user\nto cause an information leak. (CVE-2011-1044, Low)\n\n* A missing validation check was found in the signals implementation.\nA local, unprivileged user could use this flaw to send signals via the\nsigqueueinfo system call, with the si_code set to SI_TKILL and with\nspoofed process and user IDs, to other processes. Note: This flaw does\nnot allow existing permission checks to be bypassed; signals can only\nbe sent if your privileges allow you to already do so. (CVE-2011-1182,\nLow)\n\n* A heap overflow flaw in the EFI GUID Partition Table (GPT)\nimplementation could allow a local attacker to cause a denial of\nservice by mounting a disk containing specially crafted partition\ntables. (CVE-2011-1776, Low)\n\n* Structure padding in two structures in the Bluetooth implementation\nwas not initialized properly before being copied to user-space,\npossibly allowing local, unprivileged users to leak kernel stack\nmemory to user-space. (CVE-2011-2492, Low)\n\nRed Hat would like to thank Jens Kuehnel for reporting CVE-2011-0695;\nVasiliy Kulikov for reporting CVE-2011-1745, CVE-2011-2022, and\nCVE-2011-1746; Ryan Sweat for reporting CVE-2011-1576; Robert Swiecki\nfor reporting CVE-2011-1593; Dan Rosenberg for reporting CVE-2011-2213\nand CVE-2011-0711; Julien Tinnes of the Google Security Team for\nreporting CVE-2011-1182; Timo Warns for reporting CVE-2011-1776; and\nMarek Kroemeke and Filip Palian for reporting CVE-2011-2492.\n\nBug fix documentation will be available shortly from the Technical\nNotes document linked to in the References.\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues, and fix the bugs noted in\nthe Technical Notes. The system must be rebooted for this update to\ntake effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-July/017646.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8d65c9da\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-July/017647.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2d98f161\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-PAE-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/02/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/07/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-2.6.18-238.19.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", cpu:\"i386\", reference:\"kernel-PAE-2.6.18-238.19.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", cpu:\"i386\", reference:\"kernel-PAE-devel-2.6.18-238.19.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-debug-2.6.18-238.19.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-debug-devel-2.6.18-238.19.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-devel-2.6.18-238.19.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-doc-2.6.18-238.19.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-headers-2.6.18-238.19.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-xen-2.6.18-238.19.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-xen-devel-2.6.18-238.19.1.el5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-PAE / kernel-PAE-devel / kernel-debug / etc\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:26:53", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThis update fixes the following security issues :\n\n - An integer overflow flaw in ib_uverbs_poll_cq() could allow a local, unprivileged user to cause a denial of service or escalate their privileges. (CVE-2010-4649, Important)\n\n - A race condition in the way new InfiniBand connections were set up could allow a remote user to cause a denial of service. (CVE-2011-0695, Important)\n\n - A flaw in the Stream Control Transmission Protocol (SCTP) implementation could allow a remote attacker to cause a denial of service if the sysctl 'net.sctp.addip_enable' variable was turned on (it is off by default). (CVE-2011-1573, Important)\n\n - Flaws in the AGPGART driver implementation when handling certain IOCTL commands could allow a local, unprivileged user to cause a denial of service or escalate their privileges. (CVE-2011-1745, CVE-2011-2022, Important)\n\n - An integer overflow flaw in agp_allocate_memory() could allow a local, unprivileged user to cause a denial of service or escalate their privileges. (CVE-2011-1746, Important)\n\n - A flaw allowed napi_reuse_skb() to be called on VLAN (virtual LAN) packets. An attacker on the local network could trigger this flaw by sending specially crafted packets to a target system, possibly causing a denial of service. (CVE-2011-1576, Moderate)\n\n - An integer signedness error in next_pidmap() could allow a local, unprivileged user to cause a denial of service.\n (CVE-2011-1593, Moderate)\n\n - A flaw in the way the Xen hypervisor implementation handled CPUID instruction emulation during virtual machine exits could allow an unprivileged guest user to crash a guest. This only affects systems that have an Intel x86 processor with the Intel VT-x extension enabled. (CVE-2011-1936, Moderate)\n\n - A flaw in inet_diag_bc_audit() could allow a local, unprivileged user to cause a denial of service (infinite loop). (CVE-2011-2213, Moderate)\n\n - A missing initialization flaw in the XFS file system implementation could lead to an information leak.\n (CVE-2011-0711, Low)\n\n - A flaw in ib_uverbs_poll_cq() could allow a local, unprivileged user to cause an information leak.\n (CVE-2011-1044, Low)\n\n - A missing validation check was found in the signals implementation. A local, unprivileged user could use this flaw to send signals via the sigqueueinfo system call, with the si_code set to SI_TKILL and with spoofed process and user IDs, to other processes. Note: This flaw does not allow existing permission checks to be bypassed; signals can only be sent if your privileges allow you to already do so. (CVE-2011-1182, Low)\n\n - A heap overflow flaw in the EFI GUID Partition Table (GPT) implementation could allow a local attacker to cause a denial of service by mounting a disk containing specially crafted partition tables. (CVE-2011-1776, Low)\n\n - Structure padding in two structures in the Bluetooth implementation was not initialized properly before being copied to user-space, possibly allowing local, unprivileged users to leak kernel stack memory to user-space. (CVE-2011-2492, Low)\n\nThis update fixes several bugs.\n\nThe system must be rebooted for this update to take effect.", "cvss3": {"exploitabilityScore": 0.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : kernel on SL5.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-4649", "CVE-2011-0695", "CVE-2011-0711", "CVE-2011-1044", "CVE-2011-1182", "CVE-2011-1573", "CVE-2011-1576", "CVE-2011-1593", "CVE-2011-1745", "CVE-2011-1746", "CVE-2011-1776", "CVE-2011-1936", "CVE-2011-2022", "CVE-2011-2213", "CVE-2011-2492"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20110715_KERNEL_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61083", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61083);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-4649\", \"CVE-2011-0695\", \"CVE-2011-0711\", \"CVE-2011-1182\", \"CVE-2011-1573\", \"CVE-2011-1576\", \"CVE-2011-1593\", \"CVE-2011-1745\", \"CVE-2011-1746\", \"CVE-2011-1776\", \"CVE-2011-1936\", \"CVE-2011-2213\", \"CVE-2011-2492\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n - An integer overflow flaw in ib_uverbs_poll_cq() could\n allow a local, unprivileged user to cause a denial of\n service or escalate their privileges. (CVE-2010-4649,\n Important)\n\n - A race condition in the way new InfiniBand connections\n were set up could allow a remote user to cause a denial\n of service. (CVE-2011-0695, Important)\n\n - A flaw in the Stream Control Transmission Protocol\n (SCTP) implementation could allow a remote attacker to\n cause a denial of service if the sysctl\n 'net.sctp.addip_enable' variable was turned on (it is\n off by default). (CVE-2011-1573, Important)\n\n - Flaws in the AGPGART driver implementation when handling\n certain IOCTL commands could allow a local, unprivileged\n user to cause a denial of service or escalate their\n privileges. (CVE-2011-1745, CVE-2011-2022, Important)\n\n - An integer overflow flaw in agp_allocate_memory() could\n allow a local, unprivileged user to cause a denial of\n service or escalate their privileges. (CVE-2011-1746,\n Important)\n\n - A flaw allowed napi_reuse_skb() to be called on VLAN\n (virtual LAN) packets. An attacker on the local network\n could trigger this flaw by sending specially crafted\n packets to a target system, possibly causing a denial of\n service. (CVE-2011-1576, Moderate)\n\n - An integer signedness error in next_pidmap() could allow\n a local, unprivileged user to cause a denial of service.\n (CVE-2011-1593, Moderate)\n\n - A flaw in the way the Xen hypervisor implementation\n handled CPUID instruction emulation during virtual\n machine exits could allow an unprivileged guest user to\n crash a guest. This only affects systems that have an\n Intel x86 processor with the Intel VT-x extension\n enabled. (CVE-2011-1936, Moderate)\n\n - A flaw in inet_diag_bc_audit() could allow a local,\n unprivileged user to cause a denial of service (infinite\n loop). (CVE-2011-2213, Moderate)\n\n - A missing initialization flaw in the XFS file system\n implementation could lead to an information leak.\n (CVE-2011-0711, Low)\n\n - A flaw in ib_uverbs_poll_cq() could allow a local,\n unprivileged user to cause an information leak.\n (CVE-2011-1044, Low)\n\n - A missing validation check was found in the signals\n implementation. A local, unprivileged user could use\n this flaw to send signals via the sigqueueinfo system\n call, with the si_code set to SI_TKILL and with spoofed\n process and user IDs, to other processes. Note: This\n flaw does not allow existing permission checks to be\n bypassed; signals can only be sent if your privileges\n allow you to already do so. (CVE-2011-1182, Low)\n\n - A heap overflow flaw in the EFI GUID Partition Table\n (GPT) implementation could allow a local attacker to\n cause a denial of service by mounting a disk containing\n specially crafted partition tables. (CVE-2011-1776, Low)\n\n - Structure padding in two structures in the Bluetooth\n implementation was not initialized properly before being\n copied to user-space, possibly allowing local,\n unprivileged users to leak kernel stack memory to\n user-space. (CVE-2011-2492, Low)\n\nThis update fixes several bugs.\n\nThe system must be rebooted for this update to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1107&L=scientific-linux-errata&T=0&P=1940\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e210468e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/02/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"kernel-2.6.18-238.19.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"i386\", reference:\"kernel-PAE-2.6.18-238.19.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"i386\", reference:\"kernel-PAE-devel-2.6.18-238.19.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-debug-2.6.18-238.19.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-debug-devel-2.6.18-238.19.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-devel-2.6.18-238.19.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-doc-2.6.18-238.19.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-headers-2.6.18-238.19.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-xen-2.6.18-238.19.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-xen-devel-2.6.18-238.19.1.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:50:38", "description": "From Red Hat Security Advisory 2011:0927 :\n\nUpdated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThis update fixes the following security issues :\n\n* An integer overflow flaw in ib_uverbs_poll_cq() could allow a local, unprivileged user to cause a denial of service or escalate their privileges. (CVE-2010-4649, Important)\n\n* A race condition in the way new InfiniBand connections were set up could allow a remote user to cause a denial of service.\n(CVE-2011-0695, Important)\n\n* A flaw in the Stream Control Transmission Protocol (SCTP) implementation could allow a remote attacker to cause a denial of service if the sysctl 'net.sctp.addip_enable' variable was turned on (it is off by default). (CVE-2011-1573, Important)\n\n* Flaws in the AGPGART driver implementation when handling certain IOCTL commands could allow a local, unprivileged user to cause a denial of service or escalate their privileges. (CVE-2011-1745, CVE-2011-2022, Important)\n\n* An integer overflow flaw in agp_allocate_memory() could allow a local, unprivileged user to cause a denial of service or escalate their privileges. (CVE-2011-1746, Important)\n\n* A flaw allowed napi_reuse_skb() to be called on VLAN (virtual LAN) packets. An attacker on the local network could trigger this flaw by sending specially crafted packets to a target system, possibly causing a denial of service. (CVE-2011-1576, Moderate)\n\n* An integer signedness error in next_pidmap() could allow a local, unprivileged user to cause a denial of service. (CVE-2011-1593, Moderate)\n\n* A flaw in the way the Xen hypervisor implementation handled CPUID instruction emulation during virtual machine exits could allow an unprivileged guest user to crash a guest. This only affects systems that have an Intel x86 processor with the Intel VT-x extension enabled. (CVE-2011-1936, Moderate)\n\n* A flaw in inet_diag_bc_audit() could allow a local, unprivileged user to cause a denial of service (infinite loop). (CVE-2011-2213, Moderate)\n\n* A missing initialization flaw in the XFS file system implementation could lead to an information leak. (CVE-2011-0711, Low)\n\n* A flaw in ib_uverbs_poll_cq() could allow a local, unprivileged user to cause an information leak. (CVE-2011-1044, Low)\n\n* A missing validation check was found in the signals implementation.\nA local, unprivileged user could use this flaw to send signals via the sigqueueinfo system call, with the si_code set to SI_TKILL and with spoofed process and user IDs, to other processes. Note: This flaw does not allow existing permission checks to be bypassed; signals can only be sent if your privileges allow you to already do so. (CVE-2011-1182, Low)\n\n* A heap overflow flaw in the EFI GUID Partition Table (GPT) implementation could allow a local attacker to cause a denial of service by mounting a disk containing specially crafted partition tables. (CVE-2011-1776, Low)\n\n* Structure padding in two structures in the Bluetooth implementation was not initialized properly before being copied to user-space, possibly allowing local, unprivileged users to leak kernel stack memory to user-space. (CVE-2011-2492, Low)\n\nRed Hat would like to thank Jens Kuehnel for reporting CVE-2011-0695;\nVasiliy Kulikov for reporting CVE-2011-1745, CVE-2011-2022, and CVE-2011-1746; Ryan Sweat for reporting CVE-2011-1576; Robert Swiecki for reporting CVE-2011-1593; Dan Rosenberg for reporting CVE-2011-2213 and CVE-2011-0711; Julien Tinnes of the Google Security Team for reporting CVE-2011-1182; Timo Warns for reporting CVE-2011-1776; and Marek Kroemeke and Filip Palian for reporting CVE-2011-2492.\n\nBug fix documentation will be available shortly from the Technical Notes document linked to in the References.\n\nUsers should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs noted in the Technical Notes. The system must be rebooted for this update to take effect.", "cvss3": {"exploitabilityScore": 0.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 5 : kernel (ELSA-2011-0927)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-4649", "CVE-2011-0695", "CVE-2011-0711", "CVE-2011-1044", "CVE-2011-1182", "CVE-2011-1573", "CVE-2011-1576", "CVE-2011-1593", "CVE-2011-1745", "CVE-2011-1746", "CVE-2011-1776", "CVE-2011-1936", "CVE-2011-2022", "CVE-2011-2213", "CVE-2011-2492"], "modified": "2021-08-24T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-PAE", "p-cpe:/a:oracle:linux:kernel-PAE-devel", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-doc", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel-xen", "p-cpe:/a:oracle:linux:kernel-xen-devel", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2011-0927.NASL", "href": "https://www.tenable.com/plugins/nessus/68304", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2011:0927 and \n# Oracle Linux Security Advisory ELSA-2011-0927 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68304);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/24\");\n\n script_cve_id(\"CVE-2010-4649\", \"CVE-2011-0695\", \"CVE-2011-0711\", \"CVE-2011-1044\", \"CVE-2011-1182\", \"CVE-2011-1573\", \"CVE-2011-1576\", \"CVE-2011-1593\", \"CVE-2011-1745\", \"CVE-2011-1746\", \"CVE-2011-1776\", \"CVE-2011-1936\", \"CVE-2011-2022\", \"CVE-2011-2213\", \"CVE-2011-2492\");\n script_bugtraq_id(46073, 46417, 46488, 46839, 47003, 47308, 47497, 47534, 47535, 47796, 47843, 48333, 48441, 48610);\n script_xref(name:\"RHSA\", value:\"2011:0927\");\n\n script_name(english:\"Oracle Linux 5 : kernel (ELSA-2011-0927)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2011:0927 :\n\nUpdated kernel packages that fix multiple security issues and several\nbugs are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n* An integer overflow flaw in ib_uverbs_poll_cq() could allow a local,\nunprivileged user to cause a denial of service or escalate their\nprivileges. (CVE-2010-4649, Important)\n\n* A race condition in the way new InfiniBand connections were set up\ncould allow a remote user to cause a denial of service.\n(CVE-2011-0695, Important)\n\n* A flaw in the Stream Control Transmission Protocol (SCTP)\nimplementation could allow a remote attacker to cause a denial of\nservice if the sysctl 'net.sctp.addip_enable' variable was turned on\n(it is off by default). (CVE-2011-1573, Important)\n\n* Flaws in the AGPGART driver implementation when handling certain\nIOCTL commands could allow a local, unprivileged user to cause a\ndenial of service or escalate their privileges. (CVE-2011-1745,\nCVE-2011-2022, Important)\n\n* An integer overflow flaw in agp_allocate_memory() could allow a\nlocal, unprivileged user to cause a denial of service or escalate\ntheir privileges. (CVE-2011-1746, Important)\n\n* A flaw allowed napi_reuse_skb() to be called on VLAN (virtual LAN)\npackets. An attacker on the local network could trigger this flaw by\nsending specially crafted packets to a target system, possibly causing\na denial of service. (CVE-2011-1576, Moderate)\n\n* An integer signedness error in next_pidmap() could allow a local,\nunprivileged user to cause a denial of service. (CVE-2011-1593,\nModerate)\n\n* A flaw in the way the Xen hypervisor implementation handled CPUID\ninstruction emulation during virtual machine exits could allow an\nunprivileged guest user to crash a guest. This only affects systems\nthat have an Intel x86 processor with the Intel VT-x extension\nenabled. (CVE-2011-1936, Moderate)\n\n* A flaw in inet_diag_bc_audit() could allow a local, unprivileged\nuser to cause a denial of service (infinite loop). (CVE-2011-2213,\nModerate)\n\n* A missing initialization flaw in the XFS file system implementation\ncould lead to an information leak. (CVE-2011-0711, Low)\n\n* A flaw in ib_uverbs_poll_cq() could allow a local, unprivileged user\nto cause an information leak. (CVE-2011-1044, Low)\n\n* A missing validation check was found in the signals implementation.\nA local, unprivileged user could use this flaw to send signals via the\nsigqueueinfo system call, with the si_code set to SI_TKILL and with\nspoofed process and user IDs, to other processes. Note: This flaw does\nnot allow existing permission checks to be bypassed; signals can only\nbe sent if your privileges allow you to already do so. (CVE-2011-1182,\nLow)\n\n* A heap overflow flaw in the EFI GUID Partition Table (GPT)\nimplementation could allow a local attacker to cause a denial of\nservice by mounting a disk containing specially crafted partition\ntables. (CVE-2011-1776, Low)\n\n* Structure padding in two structures in the Bluetooth implementation\nwas not initialized properly before being copied to user-space,\npossibly allowing local, unprivileged users to leak kernel stack\nmemory to user-space. (CVE-2011-2492, Low)\n\nRed Hat would like to thank Jens Kuehnel for reporting CVE-2011-0695;\nVasiliy Kulikov for reporting CVE-2011-1745, CVE-2011-2022, and\nCVE-2011-1746; Ryan Sweat for reporting CVE-2011-1576; Robert Swiecki\nfor reporting CVE-2011-1593; Dan Rosenberg for reporting CVE-2011-2213\nand CVE-2011-0711; Julien Tinnes of the Google Security Team for\nreporting CVE-2011-1182; Timo Warns for reporting CVE-2011-1776; and\nMarek Kroemeke and Filip Palian for reporting CVE-2011-2492.\n\nBug fix documentation will be available shortly from the Technical\nNotes document linked to in the References.\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues, and fix the bugs noted in\nthe Technical Notes. The system must be rebooted for this update to\ntake effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-July/002231.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-PAE-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/02/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n cve_list = make_list(\"CVE-2010-4649\", \"CVE-2011-0695\", \"CVE-2011-0711\", \"CVE-2011-1044\", \"CVE-2011-1182\", \"CVE-2011-1573\", \"CVE-2011-1576\", \"CVE-2011-1593\", \"CVE-2011-1745\", \"CVE-2011-1746\", \"CVE-2011-1776\", \"CVE-2011-1936\", \"CVE-2011-2022\", \"CVE-2011-2213\", \"CVE-2011-2492\"); \n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for ELSA-2011-0927\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item(\"Host/uname/major_minor\");\nif (empty_or_null(kernel_major_minor)) exit(1, \"Unable to determine kernel major-minor level.\");\nexpected_kernel_major_minor = \"2.6\";\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, \"running kernel level \" + expected_kernel_major_minor + \", it is running kernel level \" + kernel_major_minor);\n\nflag = 0;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-2.6.18-238.19.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-PAE-2.6.18\") && rpm_check(release:\"EL5\", cpu:\"i386\", reference:\"kernel-PAE-2.6.18-238.19.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-PAE-devel-2.6.18\") && rpm_check(release:\"EL5\", cpu:\"i386\", reference:\"kernel-PAE-devel-2.6.18-238.19.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-debug-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-debug-2.6.18-238.19.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-debug-devel-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-debug-devel-2.6.18-238.19.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-devel-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-devel-2.6.18-238.19.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-doc-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-doc-2.6.18-238.19.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-headers-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-headers-2.6.18-238.19.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-xen-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-xen-2.6.18-238.19.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-xen-devel-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-xen-devel-2.6.18-238.19.1.0.1.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:34:03", "description": "Updated kernel packages that fix multiple security issues, address several hundred bugs, and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 5. This is the seventh regular update.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThis update fixes the following security issues :\n\n* A flaw was found in the way the Xen hypervisor implementation handled instruction emulation during virtual machine exits. A malicious user-space process running in an SMP guest could trick the emulator into reading a different instruction than the one that caused the virtual machine to exit. An unprivileged guest user could trigger this flaw to crash the host. This only affects systems with both an AMD x86 processor and the AMD Virtualization (AMD-V) extensions enabled. (CVE-2011-1780, Important)\n\n* A flaw allowed the tc_fill_qdisc() function in the Linux kernel's packet scheduler API implementation to be called on built-in qdisc structures. A local, unprivileged user could use this flaw to trigger a NULL pointer dereference, resulting in a denial of service.\n(CVE-2011-2525, Moderate)\n\n* A flaw was found in the way space was allocated in the Linux kernel's Global File System 2 (GFS2) implementation. If the file system was almost full, and a local, unprivileged user made an fallocate() request, it could result in a denial of service. Note:\nSetting quotas to prevent users from using all available disk space would prevent exploitation of this flaw. (CVE-2011-2689, Moderate)\n\nThese updated kernel packages include a number of bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Refer to the Red Hat Enterprise Linux 5.7 Technical Notes for information about the most significant bug fixes and enhancements included in this update :\n\nhttps://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/ 5.7_Technical_Notes/kernel.html#RHSA-2011-1065\n\nAll Red Hat Enterprise Linux 5 users are advised to install these updated packages, which correct these issues. The system must be rebooted for this update to take effect.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2011-07-22T00:00:00", "type": "nessus", "title": "RHEL 5 : kernel (RHSA-2011:1065)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1780", "CVE-2011-2525", "CVE-2011-2689"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-PAE", "p-cpe:/a:redhat:enterprise_linux:kernel-PAE-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-xen", "p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel", "cpe:/o:redhat:enterprise_linux:5"], "id": "REDHAT-RHSA-2011-1065.NASL", "href": "https://www.tenable.com/plugins/nessus/55645", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1065. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55645);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-1780\", \"CVE-2011-2525\", \"CVE-2011-2689\");\n script_bugtraq_id(48610, 48641, 48677);\n script_xref(name:\"RHSA\", value:\"2011:1065\");\n\n script_name(english:\"RHEL 5 : kernel (RHSA-2011:1065)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix multiple security issues, address\nseveral hundred bugs, and add numerous enhancements are now available\nas part of the ongoing support and maintenance of Red Hat Enterprise\nLinux version 5. This is the seventh regular update.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n* A flaw was found in the way the Xen hypervisor implementation\nhandled instruction emulation during virtual machine exits. A\nmalicious user-space process running in an SMP guest could trick the\nemulator into reading a different instruction than the one that caused\nthe virtual machine to exit. An unprivileged guest user could trigger\nthis flaw to crash the host. This only affects systems with both an\nAMD x86 processor and the AMD Virtualization (AMD-V) extensions\nenabled. (CVE-2011-1780, Important)\n\n* A flaw allowed the tc_fill_qdisc() function in the Linux kernel's\npacket scheduler API implementation to be called on built-in qdisc\nstructures. A local, unprivileged user could use this flaw to trigger\na NULL pointer dereference, resulting in a denial of service.\n(CVE-2011-2525, Moderate)\n\n* A flaw was found in the way space was allocated in the Linux\nkernel's Global File System 2 (GFS2) implementation. If the file\nsystem was almost full, and a local, unprivileged user made an\nfallocate() request, it could result in a denial of service. Note:\nSetting quotas to prevent users from using all available disk space\nwould prevent exploitation of this flaw. (CVE-2011-2689, Moderate)\n\nThese updated kernel packages include a number of bug fixes and\nenhancements. Space precludes documenting all of these changes in this\nadvisory. Refer to the Red Hat Enterprise Linux 5.7 Technical Notes\nfor information about the most significant bug fixes and enhancements\nincluded in this update :\n\nhttps://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/\n5.7_Technical_Notes/kernel.html#RHSA-2011-1065\n\nAll Red Hat Enterprise Linux 5 users are advised to install these\nupdated packages, which correct these issues. The system must be\nrebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1780\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2525\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2689\"\n );\n # https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?056c0c27\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:1065\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-PAE-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/07/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/07/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2011-1780\", \"CVE-2011-2525\", \"CVE-2011-2689\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2011:1065\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:1065\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-2.6.18-274.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-2.6.18-274.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-2.6.18-274.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-PAE-2.6.18-274.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-PAE-devel-2.6.18-274.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-debug-2.6.18-274.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-debug-2.6.18-274.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.18-274.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-debug-devel-2.6.18-274.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-debug-devel-2.6.18-274.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.18-274.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-devel-2.6.18-274.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-devel-2.6.18-274.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.18-274.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"kernel-doc-2.6.18-274.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"kernel-headers-2.6.18-274.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-headers-2.6.18-274.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.18-274.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-kdump-2.6.18-274.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-kdump-devel-2.6.18-274.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-xen-2.6.18-274.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-xen-2.6.18-274.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-xen-devel-2.6.18-274.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-xen-devel-2.6.18-274.el5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-PAE / kernel-PAE-devel / kernel-debug / etc\");\n }\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:35:57", "description": "Updated kernel packages that fix multiple security issues, address several hundred bugs, and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 5. This is the seventh regular update.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThis update fixes the following security issues :\n\n* A flaw was found in the way the Xen hypervisor implementation handled instruction emulation during virtual machine exits. A malicious user-space process running in an SMP guest could trick the emulator into reading a different instruction than the one that caused the virtual machine to exit. An unprivileged guest user could trigger this flaw to crash the host. This only affects systems with both an AMD x86 processor and the AMD Virtualization (AMD-V) extensions enabled. (CVE-2011-1780, Important)\n\n* A flaw allowed the tc_fill_qdisc() function in the Linux kernel's packet scheduler API implementation to be called on built-in qdisc structures. A local, unprivileged user could use this flaw to trigger a NULL pointer dereference, resulting in a denial of service.\n(CVE-2011-2525, Moderate)\n\n* A flaw was found in the way space was allocated in the Linux kernel's Global File System 2 (GFS2) implementation. If the file system was almost full, and a local, unprivileged user made an fallocate() request, it could result in a denial of service. Note:\nSetting quotas to prevent users from using all available disk space would prevent exploitation of this flaw. (CVE-2011-2689, Moderate)\n\nThese updated kernel packages include a number of bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Refer to the Red Hat Enterprise Linux 5.7 Technical Notes for information about the most significant bug fixes and enhancements included in this update :\n\nhttps://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/ 5.7_Technical_Notes/kernel.html#RHSA-2011-1065\n\nAll Red Hat Enterprise Linux 5 users are advised to install these updated packages, which correct these issues. The system must be rebooted for this update to take effect.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2011-09-23T00:00:00", "type": "nessus", "title": "CentOS 5 : kernel (CESA-2011:1065)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1780", "CVE-2011-2525", "CVE-2011-2689"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-PAE", "p-cpe:/a:centos:centos:kernel-PAE-devel", "p-cpe:/a:centos:centos:kernel-debug", "p-cpe:/a:centos:centos:kernel-debug-devel", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel-doc", "p-cpe:/a:centos:centos:kernel-headers", "p-cpe:/a:centos:centos:kernel-xen", "p-cpe:/a:centos:centos:kernel-xen-devel", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2011-1065.NASL", "href": "https://www.tenable.com/plugins/nessus/56265", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1065 and \n# CentOS Errata and Security Advisory 2011:1065 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56265);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2011-1780\", \"CVE-2011-2525\", \"CVE-2011-2689\");\n script_bugtraq_id(48610, 48641, 48677);\n script_xref(name:\"RHSA\", value:\"2011:1065\");\n\n script_name(english:\"CentOS 5 : kernel (CESA-2011:1065)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix multiple security issues, address\nseveral hundred bugs, and add numerous enhancements are now available\nas part of the ongoing support and maintenance of Red Hat Enterprise\nLinux version 5. This is the seventh regular update.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n* A flaw was found in the way the Xen hypervisor implementation\nhandled instruction emulation during virtual machine exits. A\nmalicious user-space process running in an SMP guest could trick the\nemulator into reading a different instruction than the one that caused\nthe virtual machine to exit. An unprivileged guest user could trigger\nthis flaw to crash the host. This only affects systems with both an\nAMD x86 processor and the AMD Virtualization (AMD-V) extensions\nenabled. (CVE-2011-1780, Important)\n\n* A flaw allowed the tc_fill_qdisc() function in the Linux kernel's\npacket scheduler API implementation to be called on built-in qdisc\nstructures. A local, unprivileged user could use this flaw to trigger\na NULL pointer dereference, resulting in a denial of service.\n(CVE-2011-2525, Moderate)\n\n* A flaw was found in the way space was allocated in the Linux\nkernel's Global File System 2 (GFS2) implementation. If the file\nsystem was almost full, and a local, unprivileged user made an\nfallocate() request, it could result in a denial of service. Note:\nSetting quotas to prevent users from using all available disk space\nwould prevent exploitation of this flaw. (CVE-2011-2689, Moderate)\n\nThese updated kernel packages include a number of bug fixes and\nenhancements. Space precludes documenting all of these changes in this\nadvisory. Refer to the Red Hat Enterprise Linux 5.7 Technical Notes\nfor information about the most significant bug fixes and enhancements\nincluded in this update :\n\nhttps://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/\n5.7_Technical_Notes/kernel.html#RHSA-2011-1065\n\nAll Red Hat Enterprise Linux 5 users are advised to install these\nupdated packages, which correct these issues. The system must be\nrebooted for this update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-September/017864.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?45fb7621\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-September/017865.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ce55b577\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2011-September/000066.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f0ccef8a\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2011-September/000067.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?80df715a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-PAE-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/07/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/09/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-2.6.18-274.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", cpu:\"i386\", reference:\"kernel-PAE-2.6.18-274.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", cpu:\"i386\", reference:\"kernel-PAE-devel-2.6.18-274.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-debug-2.6.18-274.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-debug-devel-2.6.18-274.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-devel-2.6.18-274.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-doc-2.6.18-274.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-headers-2.6.18-274.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-xen-2.6.18-274.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-xen-devel-2.6.18-274.el5\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-PAE / kernel-PAE-devel / kernel-debug / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:34:52", "description": "Updated kernel packages that fix several security issues, various bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nSecurity issues :\n\n* Using PCI passthrough without interrupt remapping support allowed KVM guests to generate MSI interrupts and thus potentially inject traps. A privileged guest user could use this flaw to crash the host or possibly escalate their privileges on the host. The fix for this issue can prevent PCI passthrough working and guests starting. Refer to Red Hat Bugzilla bug 715555 for details. (CVE-2011-1898, Important)\n\n* Flaw in the client-side NLM implementation could allow a local, unprivileged user to cause a denial of service. (CVE-2011-2491, Important)\n\n* Integer underflow in the Bluetooth implementation could allow a remote attacker to cause a denial of service or escalate their privileges by sending a specially crafted request to a target system via Bluetooth. (CVE-2011-2497, Important)\n\n* Buffer overflows in the netlink-based wireless configuration interface implementation could allow a local user, who has the CAP_NET_ADMIN capability, to cause a denial of service or escalate their privileges on systems that have an active wireless interface.\n(CVE-2011-2517, Important)\n\n* Flaw in the way the maximum file offset was handled for ext4 file systems could allow a local, unprivileged user to cause a denial of service. (CVE-2011-2695, Important)\n\n* Flaw allowed napi_reuse_skb() to be called on VLAN packets. An attacker on the local network could use this flaw to send crafted packets to a target, possibly causing a denial of service.\n(CVE-2011-1576, Moderate)\n\n* Integer signedness error in next_pidmap() could allow a local, unprivileged user to cause a denial of service. (CVE-2011-1593, Moderate)\n\n* Race condition in the memory merging support (KSM) could allow a local, unprivileged user to cause a denial of service. KSM is off by default, but on systems running VDSM, or on KVM hosts, it is likely turned on by the ksm/ksmtuned services. (CVE-2011-2183, Moderate)\n\n* Flaw in inet_diag_bc_audit() could allow a local, unprivileged user to cause a denial of service. (CVE-2011-2213, Moderate)\n\n* Flaw in the way space was allocated in the Global File System 2 (GFS2) implementation. If the file system was almost full, and a local, unprivileged user made an fallocate() request, it could result in a denial of service. Setting quotas to prevent users from using all available disk space would prevent exploitation of this flaw.\n(CVE-2011-2689, Moderate)\n\n* Local, unprivileged users could send signals via the sigqueueinfo system call, with si_code set to SI_TKILL and with spoofed process and user IDs, to other processes. This flaw does not allow existing permission checks to be bypassed; signals can only be sent if your privileges allow you to already do so. (CVE-2011-1182, Low)\n\n* Heap overflow in the EFI GUID Partition Table (GPT) implementation could allow a local attacker to cause a denial of service by mounting a disk containing crafted partition tables. (CVE-2011-1776, Low)\n\n* Structure padding in two structures in the Bluetooth implementation was not initialized properly before being copied to user-space, possibly allowing local, unprivileged users to leak kernel stack memory to user-space. (CVE-2011-2492, Low)\n\n* /proc/[PID]/io is world-readable by default. Previously, these files could be read without any further restrictions. A local, unprivileged user could read these files, belonging to other, possibly privileged processes to gather confidential information, such as the length of a password used in a process. (CVE-2011-2495, Low)\n\nRed Hat would like to thank Vasily Averin for reporting CVE-2011-2491;\nDan Rosenberg for reporting CVE-2011-2497 and CVE-2011-2213; Ryan Sweat for reporting CVE-2011-1576; Robert Swiecki for reporting CVE-2011-1593; Andrea Righi for reporting CVE-2011-2183; Julien Tinnes of the Google Security Team for reporting CVE-2011-1182; Timo Warns for reporting CVE-2011-1776; Marek Kroemeke and Filip Palian for reporting CVE-2011-2492; and Vasiliy Kulikov of Openwall for reporting CVE-2011-2495.", "cvss3": {"exploitabilityScore": 0.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2011-08-24T00:00:00", "type": "nessus", "title": "RHEL 6 : kernel (RHSA-2011:1189)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1182", "CVE-2011-1576", "CVE-2011-1593", "CVE-2011-1776", "CVE-2011-1898", "CVE-2011-2183", "CVE-2011-2213", "CVE-2011-2491", "CVE-2011-2492", "CVE-2011-2495", "CVE-2011-2497", "CVE-2011-2517", "CVE-2011-2689", "CVE-2011-2695"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-i686", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-firmware", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:perf-debuginfo", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.1"], "id": "REDHAT-RHSA-2011-1189.NASL", "href": "https://www.tenable.com/plugins/nessus/55964", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1189. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55964);\n script_version(\"1.26\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-1182\", \"CVE-2011-1576\", \"CVE-2011-1593\", \"CVE-2011-1776\", \"CVE-2011-1898\", \"CVE-2011-2183\", \"CVE-2011-2213\", \"CVE-2011-2491\", \"CVE-2011-2492\", \"CVE-2011-2495\", \"CVE-2011-2497\", \"CVE-2011-2517\", \"CVE-2011-2689\", \"CVE-2011-2695\");\n script_bugtraq_id(47003, 47497, 47796, 48333, 48441, 48472, 48515, 48538, 48677, 48697, 48907, 49141);\n script_xref(name:\"RHSA\", value:\"2011:1189\");\n\n script_name(english:\"RHEL 6 : kernel (RHSA-2011:1189)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix several security issues, various\nbugs, and add two enhancements are now available for Red Hat\nEnterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nSecurity issues :\n\n* Using PCI passthrough without interrupt remapping support allowed\nKVM guests to generate MSI interrupts and thus potentially inject\ntraps. A privileged guest user could use this flaw to crash the host\nor possibly escalate their privileges on the host. The fix for this\nissue can prevent PCI passthrough working and guests starting. Refer\nto Red Hat Bugzilla bug 715555 for details. (CVE-2011-1898, Important)\n\n* Flaw in the client-side NLM implementation could allow a local,\nunprivileged user to cause a denial of service. (CVE-2011-2491,\nImportant)\n\n* Integer underflow in the Bluetooth implementation could allow a\nremote attacker to cause a denial of service or escalate their\nprivileges by sending a specially crafted request to a target system\nvia Bluetooth. (CVE-2011-2497, Important)\n\n* Buffer overflows in the netlink-based wireless configuration\ninterface implementation could allow a local user, who has the\nCAP_NET_ADMIN capability, to cause a denial of service or escalate\ntheir privileges on systems that have an active wireless interface.\n(CVE-2011-2517, Important)\n\n* Flaw in the way the maximum file offset was handled for ext4 file\nsystems could allow a local, unprivileged user to cause a denial of\nservice. (CVE-2011-2695, Important)\n\n* Flaw allowed napi_reuse_skb() to be called on VLAN packets. An\nattacker on the local network could use this flaw to send crafted\npackets to a target, possibly causing a denial of service.\n(CVE-2011-1576, Moderate)\n\n* Integer signedness error in next_pidmap() could allow a local,\nunprivileged user to cause a denial of service. (CVE-2011-1593,\nModerate)\n\n* Race condition in the memory merging support (KSM) could allow a\nlocal, unprivileged user to cause a denial of service. KSM is off by\ndefault, but on systems running VDSM, or on KVM hosts, it is likely\nturned on by the ksm/ksmtuned services. (CVE-2011-2183, Moderate)\n\n* Flaw in inet_diag_bc_audit() could allow a local, unprivileged user\nto cause a denial of service. (CVE-2011-2213, Moderate)\n\n* Flaw in the way space was allocated in the Global File System 2\n(GFS2) implementation. If the file system was almost full, and a\nlocal, unprivileged user made an fallocate() request, it could result\nin a denial of service. Setting quotas to prevent users from using all\navailable disk space would prevent exploitation of this flaw.\n(CVE-2011-2689, Moderate)\n\n* Local, unprivileged users could send signals via the sigqueueinfo\nsystem call, with si_code set to SI_TKILL and with spoofed process and\nuser IDs, to other processes. This flaw does not allow existing\npermission checks to be bypassed; signals can only be sent if your\nprivileges allow you to already do so. (CVE-2011-1182, Low)\n\n* Heap overflow in the EFI GUID Partition Table (GPT) implementation\ncould allow a local attacker to cause a denial of service by mounting\na disk containing crafted partition tables. (CVE-2011-1776, Low)\n\n* Structure padding in two structures in the Bluetooth implementation\nwas not initialized properly before being copied to user-space,\npossibly allowing local, unprivileged users to leak kernel stack\nmemory to user-space. (CVE-2011-2492, Low)\n\n* /proc/[PID]/io is world-readable by default. Previously, these files\ncould be read without any further restrictions. A local, unprivileged\nuser could read these files, belonging to other, possibly privileged\nprocesses to gather confidential information, such as the length of a\npassword used in a process. (CVE-2011-2495, Low)\n\nRed Hat would like to thank Vasily Averin for reporting CVE-2011-2491;\nDan Rosenberg for reporting CVE-2011-2497 and CVE-2011-2213; Ryan\nSweat for reporting CVE-2011-1576; Robert Swiecki for reporting\nCVE-2011-1593; Andrea Righi for reporting CVE-2011-2183; Julien Tinnes\nof the Google Security Team for reporting CVE-2011-1182; Timo Warns\nfor reporting CVE-2011-1776; Marek Kroemeke and Filip Palian for\nreporting CVE-2011-2492; and Vasiliy Kulikov of Openwall for reporting\nCVE-2011-2495.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1182\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1576\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1593\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1776\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1898\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2183\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2213\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2491\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2492\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2495\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2497\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2517\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2689\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2695\"\n );\n # https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?056c0c27\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=715555\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:1189\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/05/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2011-1182\", \"CVE-2011-1576\", \"CVE-2011-1593\", \"CVE-2011-1776\", \"CVE-2011-1898\", \"CVE-2011-2183\", \"CVE-2011-2213\", \"CVE-2011-2491\", \"CVE-2011-2492\", \"CVE-2011-2495\", \"CVE-2011-2497\", \"CVE-2011-2517\", \"CVE-2011-2689\", \"CVE-2011-2695\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2011:1189\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:1189\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-debuginfo-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-debuginfo-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-devel-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-devel-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debuginfo-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debuginfo-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debuginfo-common-i686-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debuginfo-common-s390x-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-devel-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-devel-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-doc-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-firmware-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-headers-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-headers-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-debuginfo-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-devel-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perf-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perf-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perf-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perf-debuginfo-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perf-debuginfo-2.6.32-131.12.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perf-debuginfo-2.6.32-131.12.1.el6\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debug / kernel-debug-debuginfo / kernel-debug-devel / etc\");\n }\n}\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:26:51", "description": "Security issues :\n\n - Using PCI passthrough without interrupt remapping support allowed KVM guests to generate MSI interrupts and thus potentially inject traps. A privileged guest user could use this flaw to crash the host or possibly escalate their privileges on the host. The fix for this issue can prevent PCI passthrough working and guests starting. (CVE-2011-1898, Important)\n\n - Flaw in the client-side NLM implementation could allow a local, unprivileged user to cause a denial of service.\n (CVE-2011-2491, Important)\n\n - Integer underflow in the Bluetooth implementation could allow a remote attacker to cause a denial of service or escalate their privileges by sending a specially crafted request to a target system via Bluetooth.\n (CVE-2011-2497, Important)\n\n - Buffer overflows in the netlink-based wireless configuration interface implementation could allow a local user, who has the CAP_NET_ADMIN capability, to cause a denial of service or escalate their privileges on systems that have an active wireless interface.\n (CVE-2011-2517, Important)\n\n - Flaw in the way the maximum file offset was handled for ext4 file systems could allow a local, unprivileged user to cause a denial of service. (CVE-2011-2695, Important)\n\n - Flaw allowed napi_reuse_skb() to be called on VLAN packets. An attacker on the local network could use this flaw to send crafted packets to a target, possibly causing a denial of service. (CVE-2011-1576, Moderate)\n\n - Integer signedness error in next_pidmap() could allow a local, unprivileged user to cause a denial of service.\n (CVE-2011-1593, Moderate)\n\n - Race condition in the memory merging support (KSM) could allow a local, unprivileged user to cause a denial of service. KSM is off by default, but on systems running VDSM, or on KVM hosts, it is likely turned on by the ksm/ksmtuned services. (CVE-2011-2183, Moderate)\n\n - Flaw in inet_diag_bc_audit() could allow a local, unprivileged user to cause a denial of service.\n (CVE-2011-2213, Moderate)\n\n - Flaw in the way space was allocated in the Global File System 2 (GFS2) implementation. If the file system was almost full, and a local, unprivileged user made an fallocate() request, it could result in a denial of service. Setting quotas to prevent users from using all available disk space would prevent exploitation of this flaw. (CVE-2011-2689, Moderate)\n\n - Local, unprivileged users could send signals via the sigqueueinfo system call, with si_code set to SI_TKILL and with spoofed process and user IDs, to other processes. This flaw does not allow existing permission checks to be bypassed; signals can only be sent if your privileges allow you to already do so. (CVE-2011-1182, Low)\n\n - Heap overflow in the EFI GUID Partition Table (GPT) implementation could allow a local attacker to cause a denial of service by mounting a disk containing crafted partition tables. (CVE-2011-1776, Low)\n\n - Structure padding in two structures in the Bluetooth implementation was not initialized properly before being copied to user-space, possibly allowing local, unprivileged users to leak kernel stack memory to user-space. (CVE-2011-2492, Low)\n\n - /proc/[PID]/io is world-readable by default. Previously, these files could be read without any further restrictions. A local, unprivileged user could read these files, belonging to other, possibly privileged processes to gather confidential information, such as the length of a password used in a process.\n (CVE-2011-2495, Low)", "cvss3": {"exploitabilityScore": 0.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : kernel on SL6.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1182", "CVE-2011-1576", "CVE-2011-1593", "CVE-2011-1776", "CVE-2011-1898", "CVE-2011-2183", "CVE-2011-2213", "CVE-2011-2491", "CVE-2011-2492", "CVE-2011-2495", "CVE-2011-2497", "CVE-2011-2517", "CVE-2011-2689", "CVE-2011-2695"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20110823_KERNEL_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61118", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61118);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-1182\", \"CVE-2011-1576\", \"CVE-2011-1593\", \"CVE-2011-1776\", \"CVE-2011-1898\", \"CVE-2011-2183\", \"CVE-2011-2213\", \"CVE-2011-2491\", \"CVE-2011-2492\", \"CVE-2011-2495\", \"CVE-2011-2497\", \"CVE-2011-2517\", \"CVE-2011-2689\", \"CVE-2011-2695\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security issues :\n\n - Using PCI passthrough without interrupt remapping\n support allowed KVM guests to generate MSI interrupts\n and thus potentially inject traps. A privileged guest\n user could use this flaw to crash the host or possibly\n escalate their privileges on the host. The fix for this\n issue can prevent PCI passthrough working and guests\n starting. (CVE-2011-1898, Important)\n\n - Flaw in the client-side NLM implementation could allow a\n local, unprivileged user to cause a denial of service.\n (CVE-2011-2491, Important)\n\n - Integer underflow in the Bluetooth implementation could\n allow a remote attacker to cause a denial of service or\n escalate their privileges by sending a specially crafted\n request to a target system via Bluetooth.\n (CVE-2011-2497, Important)\n\n - Buffer overflows in the netlink-based wireless\n configuration interface implementation could allow a\n local user, who has the CAP_NET_ADMIN capability, to\n cause a denial of service or escalate their privileges\n on systems that have an active wireless interface.\n (CVE-2011-2517, Important)\n\n - Flaw in the way the maximum file offset was handled for\n ext4 file systems could allow a local, unprivileged user\n to cause a denial of service. (CVE-2011-2695, Important)\n\n - Flaw allowed napi_reuse_skb() to be called on VLAN\n packets. An attacker on the local network could use this\n flaw to send crafted packets to a target, possibly\n causing a denial of service. (CVE-2011-1576, Moderate)\n\n - Integer signedness error in next_pidmap() could allow a\n local, unprivileged user to cause a denial of service.\n (CVE-2011-1593, Moderate)\n\n - Race condition in the memory merging support (KSM) could\n allow a local, unprivileged user to cause a denial of\n service. KSM is off by default, but on systems running\n VDSM, or on KVM hosts, it is likely turned on by the\n ksm/ksmtuned services. (CVE-2011-2183, Moderate)\n\n - Flaw in inet_diag_bc_audit() could allow a local,\n unprivileged user to cause a denial of service.\n (CVE-2011-2213, Moderate)\n\n - Flaw in the way space was allocated in the Global File\n System 2 (GFS2) implementation. If the file system was\n almost full, and a local, unprivileged user made an\n fallocate() request, it could result in a denial of\n service. Setting quotas to prevent users from using all\n available disk space would prevent exploitation of this\n flaw. (CVE-2011-2689, Moderate)\n\n - Local, unprivileged users could send signals via the\n sigqueueinfo system call, with si_code set to SI_TKILL\n and with spoofed process and user IDs, to other\n processes. This flaw does not allow existing permission\n checks to be bypassed; signals can only be sent if your\n privileges allow you to already do so. (CVE-2011-1182,\n Low)\n\n - Heap overflow in the EFI GUID Partition Table (GPT)\n implementation could allow a local attacker to cause a\n denial of service by mounting a disk containing crafted\n partition tables. (CVE-2011-1776, Low)\n\n - Structure padding in two structures in the Bluetooth\n implementation was not initialized properly before being\n copied to user-space, possibly allowing local,\n unprivileged users to leak kernel stack memory to\n user-space. (CVE-2011-2492, Low)\n\n - /proc/[PID]/io is world-readable by default. Previously,\n these files could be read without any further\n restrictions. A local, unprivileged user could read\n these files, belonging to other, possibly privileged\n processes to gather confidential information, such as\n the length of a password used in a process.\n (CVE-2011-2495, Low)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1108&L=scientific-linux-errata&T=0&P=3053\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b0e0261b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/05/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"kernel-2.6.32-131.12.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-2.6.32-131.12.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-devel-2.6.32-131.12.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-devel-2.6.32-131.12.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-doc-2.6.32-131.12.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-firmware-2.6.32-131.12.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-headers-2.6.32-131.12.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perf-2.6.32-131.12.1.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:41:08", "description": "Updated kernel packages that fix two security issues and three bugs are now available for Red Hat Enterprise Linux 5.6 Extended Update Support.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThis update includes backported fixes for two security issues. These issues only affected users of Red Hat Enterprise Linux 5.6 Extended Update Support, as they have already been addressed for users of Red Hat Enterprise Linux 5 in the 5.7 update, RHSA-2011:1065.\n\nThis update fixes the following security issues :\n\n* A flaw was found in the way the Xen hypervisor implementation handled instruction emulation during virtual machine exits. A malicious user-space process running in an SMP guest could trick the emulator into reading a different instruction than the one that caused the virtual machine to exit. An unprivileged guest user could trigger this flaw to crash the host. This only affects systems with both an AMD x86 processor and the AMD Virtualization (AMD-V) extensions enabled. (CVE-2011-1780, Important)\n\n* A flaw allowed the tc_fill_qdisc() function in the Linux kernel's packet scheduler API implementation to be called on built-in qdisc structures. A local, unprivileged user could use this flaw to trigger a NULL pointer dereference, resulting in a denial of service.\n(CVE-2011-2525, Moderate)\n\nThis update also fixes the following bugs :\n\n* A bug was found in the way the x86_emulate() function handled the IMUL instruction in the Xen hypervisor. On systems without support for hardware assisted paging (HAP), such as those running CPUs that do not have support for (or those that have it disabled) Intel Extended Page Tables (EPT) or AMD Virtualization (AMD-V) Rapid Virtualization Indexing (RVI), this bug could cause fully-virtualized guests to crash or lead to silent memory corruption. In reported cases, this issue occurred when booting fully-virtualized Red Hat Enterprise Linux 6.1 guests with memory cgroups enabled. (BZ#712884)\n\n* A bug in the way the ibmvscsi driver handled interrupts may have prevented automatic path recovery for multipath devices. This bug only affected 64-bit PowerPC systems. (BZ#720929)\n\n* The RHSA-2009:1243 update introduced a regression in the way file locking on NFS (Network File System) was handled. This caused applications to hang if they made a lock request on a file on an NFS version 2 or 3 file system that was mounted with the 'sec=krb5' option. With this update, the original behavior of using mixed RPC authentication flavors for NFS and locking requests has been restored.\n(BZ#722854)\n\nUsers should upgrade to these updated packages, which contain backported patches to resolve these issues. The system must be rebooted for this update to take effect.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2013-01-24T00:00:00", "type": "nessus", "title": "RHEL 5 : kernel (RHSA-2011:1163)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1780", "CVE-2011-2525"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-PAE", "p-cpe:/a:redhat:enterprise_linux:kernel-PAE-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-xen", "p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel", "cpe:/o:redhat:enterprise_linux:5.6"], "id": "REDHAT-RHSA-2011-1163.NASL", "href": "https://www.tenable.com/plugins/nessus/63996", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1163. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63996);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-1780\", \"CVE-2011-2525\");\n script_bugtraq_id(48610, 48641);\n script_xref(name:\"RHSA\", value:\"2011:1163\");\n\n script_name(english:\"RHEL 5 : kernel (RHSA-2011:1163)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix two security issues and three bugs\nare now available for Red Hat Enterprise Linux 5.6 Extended Update\nSupport.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update includes backported fixes for two security issues. These\nissues only affected users of Red Hat Enterprise Linux 5.6 Extended\nUpdate Support, as they have already been addressed for users of Red\nHat Enterprise Linux 5 in the 5.7 update, RHSA-2011:1065.\n\nThis update fixes the following security issues :\n\n* A flaw was found in the way the Xen hypervisor implementation\nhandled instruction emulation during virtual machine exits. A\nmalicious user-space process running in an SMP guest could trick the\nemulator into reading a different instruction than the one that caused\nthe virtual machine to exit. An unprivileged guest user could trigger\nthis flaw to crash the host. This only affects systems with both an\nAMD x86 processor and the AMD Virtualization (AMD-V) extensions\nenabled. (CVE-2011-1780, Important)\n\n* A flaw allowed the tc_fill_qdisc() function in the Linux kernel's\npacket scheduler API implementation to be called on built-in qdisc\nstructures. A local, unprivileged user could use this flaw to trigger\na NULL pointer dereference, resulting in a denial of service.\n(CVE-2011-2525, Moderate)\n\nThis update also fixes the following bugs :\n\n* A bug was found in the way the x86_emulate() function handled the\nIMUL instruction in the Xen hypervisor. On systems without support for\nhardware assisted paging (HAP), such as those running CPUs that do not\nhave support for (or those that have it disabled) Intel Extended Page\nTables (EPT) or AMD Virtualization (AMD-V) Rapid Virtualization\nIndexing (RVI), this bug could cause fully-virtualized guests to crash\nor lead to silent memory corruption. In reported cases, this issue\noccurred when booting fully-virtualized Red Hat Enterprise Linux 6.1\nguests with memory cgroups enabled. (BZ#712884)\n\n* A bug in the way the ibmvscsi driver handled interrupts may have\nprevented automatic path recovery for multipath devices. This bug only\naffected 64-bit PowerPC systems. (BZ#720929)\n\n* The RHSA-2009:1243 update introduced a regression in the way file\nlocking on NFS (Network File System) was handled. This caused\napplications to hang if they made a lock request on a file on an NFS\nversion 2 or 3 file system that was mounted with the 'sec=krb5'\noption. With this update, the original behavior of using mixed RPC\nauthentication flavors for NFS and locking requests has been restored.\n(BZ#722854)\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. The system must be\nrebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2011-1780.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2011-2525.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://rhn.redhat.com/errata/RHSA-2011-1065.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://rhn.redhat.com/errata/RHSA-2009-1243.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2011-1163.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-PAE-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i686\", reference:\"kernel-2.6.18-238.21.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"s390x\", reference:\"kernel-2.6.18-238.21.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-2.6.18-238.21.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i686\", reference:\"kernel-PAE-2.6.18-238.21.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i686\", reference:\"kernel-PAE-devel-2.6.18-238.21.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i686\", reference:\"kernel-debug-2.6.18-238.21.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"s390x\", reference:\"kernel-debug-2.6.18-238.21.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.18-238.21.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i686\", reference:\"kernel-debug-devel-2.6.18-238.21.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"s390x\", reference:\"kernel-debug-devel-2.6.18-238.21.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.18-238.21.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i686\", reference:\"kernel-devel-2.6.18-238.21.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"s390x\", reference:\"kernel-devel-2.6.18-238.21.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.18-238.21.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", reference:\"kernel-doc-2.6.18-238.21.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"kernel-headers-2.6.18-238.21.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"s390x\", reference:\"kernel-headers-2.6.18-238.21.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.18-238.21.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"s390x\", reference:\"kernel-kdump-2.6.18-238.21.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"s390x\", reference:\"kernel-kdump-devel-2.6.18-238.21.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i686\", reference:\"kernel-xen-2.6.18-238.21.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-xen-2.6.18-238.21.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i686\", reference:\"kernel-xen-devel-2.6.18-238.21.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-xen-devel-2.6.18-238.21.1.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T16:33:50", "description": "The remote VMware ESX / ESXi host is missing a security-related patch.\nIt is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party libraries :\n\n - COS kernel\n - cURL\n - python\n - rpm", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-03-03T00:00:00", "type": "nessus", "title": "VMware ESX / ESXi Service Console and Third-Party Libraries Multiple Vulnerabilities (VMSA-2012-0001) (remote check)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-3560", "CVE-2009-3720", "CVE-2010-0547", "CVE-2010-0787", "CVE-2010-1634", "CVE-2010-2059", "CVE-2010-2089", "CVE-2010-3493", "CVE-2010-4649", "CVE-2011-0695", "CVE-2011-0711", "CVE-2011-0726", "CVE-2011-1015", "CVE-2011-1044", "CVE-2011-1078", "CVE-2011-1079", "CVE-2011-1080", "CVE-2011-1093", "CVE-2011-1163", "CVE-2011-1166", "CVE-2011-1170", "CVE-2011-1171", "CVE-2011-1172", "CVE-2011-1182", "CVE-2011-1494", "CVE-2011-1495", "CVE-2011-1521", "CVE-2011-1573", "CVE-2011-1576", "CVE-2011-1577", "CVE-2011-1593", "CVE-2011-1678", "CVE-2011-1745", "CVE-2011-1746", "CVE-2011-1763", "CVE-2011-1776", "CVE-2011-1780", "CVE-2011-1936", "CVE-2011-2022", "CVE-2011-2192", "CVE-2011-2213", "CVE-2011-2482", "CVE-2011-2491", "CVE-2011-2492", "CVE-2011-2495", "CVE-2011-2517", "CVE-2011-2519", "CVE-2011-2522", "CVE-2011-2525", "CVE-2011-2689", "CVE-2011-2694", "CVE-2011-2901", "CVE-2011-3378"], "modified": "2021-01-06T00:00:00", "cpe": ["cpe:/o:vmware:esx", "cpe:/o:vmware:esxi"], "id": "VMWARE_VMSA-2012-0001_REMOTE.NASL", "href": "https://www.tenable.com/plugins/nessus/89105", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89105);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2009-3560\",\n \"CVE-2009-3720\",\n \"CVE-2010-0547\",\n \"CVE-2010-0787\",\n \"CVE-2010-1634\",\n \"CVE-2010-2059\",\n \"CVE-2010-2089\",\n \"CVE-2010-3493\",\n \"CVE-2010-4649\",\n \"CVE-2011-0695\",\n \"CVE-2011-0711\",\n \"CVE-2011-0726\",\n \"CVE-2011-1015\",\n \"CVE-2011-1044\",\n \"CVE-2011-1078\",\n \"CVE-2011-1079\",\n \"CVE-2011-1080\",\n \"CVE-2011-1093\",\n \"CVE-2011-1163\",\n \"CVE-2011-1166\",\n \"CVE-2011-1170\",\n \"CVE-2011-1171\",\n \"CVE-2011-1172\",\n \"CVE-2011-1182\",\n \"CVE-2011-1494\",\n \"CVE-2011-1495\",\n \"CVE-2011-1521\",\n \"CVE-2011-1573\",\n \"CVE-2011-1576\",\n \"CVE-2011-1577\",\n \"CVE-2011-1593\",\n \"CVE-2011-1678\",\n \"CVE-2011-1745\",\n \"CVE-2011-1746\",\n \"CVE-2011-1763\",\n \"CVE-2011-1776\",\n \"CVE-2011-1780\",\n \"CVE-2011-1936\",\n \"CVE-2011-2022\",\n \"CVE-2011-2192\",\n \"CVE-2011-2213\",\n \"CVE-2011-2482\",\n \"CVE-2011-2491\",\n \"CVE-2011-2492\",\n \"CVE-2011-2495\",\n \"CVE-2011-2517\",\n \"CVE-2011-2519\",\n \"CVE-2011-2522\",\n \"CVE-2011-2525\",\n \"CVE-2011-2689\",\n \"CVE-2011-2694\",\n \"CVE-2011-2901\",\n \"CVE-2011-3378\"\n );\n script_bugtraq_id(\n 36097,\n 37203,\n 37992,\n 38326,\n 40370,\n 40863,\n 44533,\n 46073,\n 46417,\n 46488,\n 46541,\n 46616,\n 46793,\n 46839,\n 46878,\n 46919,\n 47003,\n 47024,\n 47308,\n 47343,\n 47497,\n 47534,\n 47535,\n 47791,\n 47796,\n 47843,\n 48048,\n 48058,\n 48333,\n 48441,\n 48538,\n 48641,\n 48677,\n 48899,\n 48901,\n 49141,\n 49370,\n 49373,\n 49375,\n 49408,\n 49939\n );\n script_xref(name:\"VMSA\", value:\"2012-0001\");\n\n script_name(english:\"VMware ESX / ESXi Service Console and Third-Party Libraries Multiple Vulnerabilities (VMSA-2012-0001) (remote check)\");\n script_summary(english:\"Checks the remote ESX/ESXi host's version and build number.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote VMware ESXi / ESX host is missing a security-related patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote VMware ESX / ESXi host is missing a security-related patch.\nIt is, therefore, affected by multiple vulnerabilities, including\nremote code execution vulnerabilities, in several third-party\nlibraries :\n\n - COS kernel\n - cURL\n - python\n - rpm\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/security/advisories/VMSA-2012-0001.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the vendor advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(20, 59, 119);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/01/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Misc.\");\n\n script_dependencies(\"vmware_vsphere_detect.nbin\");\n script_require_keys(\"Host/VMware/version\", \"Host/VMware/release\");\n script_require_ports(\"Host/VMware/vsphere\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nver = get_kb_item_or_exit(\"Host/VMware/version\");\nrel = get_kb_item_or_exit(\"Host/VMware/release\");\nport = get_kb_item_or_exit(\"Host/VMware/vsphere\");\n\nesx = \"ESX/ESXi\";\n\nextract = eregmatch(pattern:\"^(ESXi?) (\\d\\.\\d).*$\", string:ver);\nif (isnull(extract))\n audit(AUDIT_UNKNOWN_APP_VER, esx);\nelse\n{\n esx = extract[1];\n ver = extract[2];\n}\n\nproduct = \"VMware \" + esx;\n\n# fix builds\nfixes = make_array(\n \"ESX 4.0\", 660575,\n \"ESXi 4.0\", 660575,\n \"ESX 4.1\", 582267,\n \"ESXi 4.1\", 582267,\n \"ESXi 5.0\", 623860\n);\n\n# security-only fix builds\nsec_only_builds = make_array(\n \"ESXi 5.0\", 608089\n);\n\nkey = esx + ' ' + ver;\nfix = NULL;\nfix = fixes[key];\nsec_fix = NULL;\nsec_fix = sec_only_builds[key];\n\nbmatch = eregmatch(pattern:'^VMware ESXi?.*build-([0-9]+)$', string:rel);\nif (empty_or_null(bmatch))\n audit(AUDIT_UNKNOWN_BUILD, product, ver);\n\nbuild = int(bmatch[1]);\n\nif (!fix)\n audit(AUDIT_INST_VER_NOT_VULN, product, ver, build);\n\nif (build < fix && build != sec_fix)\n{\n # if there is a security fix\n if (sec_fix)\n fix = fix + \" / \" + sec_fix;\n\n # properly spaced label\n if (\"ESXi\" >< esx) ver_label = ' version : ';\n else ver_label = ' version : ';\n report = '\\n ' + esx + ver_label + ver +\n '\\n Installed build : ' + build +\n '\\n Fixed build : ' + fix +\n '\\n';\n security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);\n}\nelse\n audit(AUDIT_INST_VER_NOT_VULN, product, ver, build);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:19:39", "description": "a. ESX third-party update for Service Console kernel The ESX Service Console Operating System (COS) kernel is updated to kernel-2.6.18-274.3.1.el5 to fix multiple security issues in the COS kernel.\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2011-0726, CVE-2011-1078, CVE-2011-1079, CVE-2011-1080, CVE-2011-1093, CVE-2011-1163, CVE-2011-1166, CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, CVE-2011-1494, CVE-2011-1495, CVE-2011-1577, CVE-2011-1763, CVE-2010-4649, CVE-2011-0695, CVE-2011-0711, CVE-2011-1044, CVE-2011-1182, CVE-2011-1573, CVE-2011-1576, CVE-2011-1593, CVE-2011-1745, CVE-2011-1746, CVE-2011-1776, CVE-2011-1936, CVE-2011-2022, CVE-2011-2213, CVE-2011-2492, CVE-2011-1780, CVE-2011-2525, CVE-2011-2689, CVE-2011-2482, CVE-2011-2491, CVE-2011-2495, CVE-2011-2517, CVE-2011-2519, CVE-2011-2901 to these issues.\n b. ESX third-party update for Service Console cURL RPM The ESX Service Console (COS) curl RPM is updated to cURL-7.15.5.9 resolving a security issues.\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2011-2192 to this issue.\n c. ESX third-party update for Service Console nspr and nss RPMs The ESX Service Console (COS) nspr and nss RPMs are updated to nspr-4.8.8-1.el5_7 and nss-3.12.10-4.el5_7 respectively resolving a security issues.\n A Certificate Authority (CA) issued fraudulent SSL certificates and Netscape Portable Runtime (NSPR) and Network Security Services (NSS) contain the built-in tokens of this fraudulent Certificate Authority. This update renders all SSL certificates signed by the fraudulent CA as untrusted for all uses.\n d. ESX third-party update for Service Console rpm RPMs The ESX Service Console Operating System (COS) rpm packages are updated to popt-1.10.2.3-22.el5_7.2, rpm-4.4.2.3-22.el5_7.2, rpm-libs-4.4.2.3-22.el5_7.2 and rpm-python-4.4.2.3-22.el5_7.2 which fixes multiple security issues.\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-2059 and CVE-2011-3378 to these issues.\n e. ESX third-party update for Service Console samba RPMs The ESX Service Console Operating System (COS) samba packages are updated to samba-client-3.0.33-3.29.el5_7.4, samba-common-3.0.33-3.29.el5_7.4 and libsmbclient-3.0.33-3.29.el5_7.4 which fixes multiple security issues in the Samba client.\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-0547, CVE-2010-0787, CVE-2011-1678, CVE-2011-2522 and CVE-2011-2694 to these issues.\n Note that ESX does not include the Samba Web Administration Tool (SWAT) and therefore ESX COS is not affected by CVE-2011-2522 and CVE-2011-2694.\n f. ESX third-party update for Service Console python package The ESX Service Console (COS) python package is updated to 2.4.3-44 which fixes multiple security issues.\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-3720, CVE-2010-3493, CVE-2011-1015 and CVE-2011-1521 to these issues.\n g. ESXi update to third-party component python The python third-party library is updated to python 2.5.6 which fixes multiple security issues.\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-3560, CVE-2009-3720, CVE-2010-1634, CVE-2010-2089, and CVE-2011-1521 to these issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2012-01-31T00:00:00", "type": "nessus", "title": "VMSA-2012-0001 : VMware ESXi and ESX updates to third-party library and ESX Service Console", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-3560", "CVE-2009-3720", "CVE-2010-0547", "CVE-2010-0787", "CVE-2010-1634", "CVE-2010-2059", "CVE-2010-2089", "CVE-2010-3493", "CVE-2010-4649", "CVE-2011-0695", "CVE-2011-0711", "CVE-2011-0726", "CVE-2011-1015", "CVE-2011-1044", "CVE-2011-1078", "CVE-2011-1079", "CVE-2011-1080", "CVE-2011-1093", "CVE-2011-1163", "CVE-2011-1166", "CVE-2011-1170", "CVE-2011-1171", "CVE-2011-1172", "CVE-2011-1182", "CVE-2011-1494", "CVE-2011-1495", "CVE-2011-1521", "CVE-2011-1573", "CVE-2011-1576", "CVE-2011-1577", "CVE-2011-1593", "CVE-2011-1678", "CVE-2011-1745", "CVE-2011-1746", "CVE-2011-1763", "CVE-2011-1776", "CVE-2011-1780", "CVE-2011-1936", "CVE-2011-2022", "CVE-2011-2192", "CVE-2011-2213", "CVE-2011-2482", "CVE-2011-2491", "CVE-2011-2492", "CVE-2011-2495", "CVE-2011-2517", "CVE-2011-2519", "CVE-2011-2522", "CVE-2011-2525", "CVE-2011-2689", "CVE-2011-2694", "CVE-2011-2901", "CVE-2011-3378"], "modified": "2021-01-06T00:00:00", "cpe": ["cpe:/o:vmware:esx:4.0", "cpe:/o:vmware:esx:4.1", "cpe:/o:vmware:esxi:4.0", "cpe:/o:vmware:esxi:4.1", "cpe:/o:vmware:esxi:5.0"], "id": "VMWARE_VMSA-2012-0001.NASL", "href": "https://www.tenable.com/plugins/nessus/57749", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from VMware Security Advisory 2012-0001. \n# The text itself is copyright (C) VMware Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57749);\n script_version(\"1.43\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-3560\", \"CVE-2009-3720\", \"CVE-2010-0547\", \"CVE-2010-0787\", \"CVE-2010-1634\", \"CVE-2010-2059\", \"CVE-2010-2089\", \"CVE-2010-3493\", \"CVE-2010-4649\", \"CVE-2011-0695\", \"CVE-2011-0711\", \"CVE-2011-0726\", \"CVE-2011-1015\", \"CVE-2011-1044\", \"CVE-2011-1078\", \"CVE-2011-1079\", \"CVE-2011-1080\", \"CVE-2011-1093\", \"CVE-2011-1163\", \"CVE-2011-1166\", \"CVE-2011-1170\", \"CVE-2011-1171\", \"CVE-2011-1172\", \"CVE-2011-1182\", \"CVE-2011-1494\", \"CVE-2011-1495\", \"CVE-2011-1521\", \"CVE-2011-1573\", \"CVE-2011-1576\", \"CVE-2011-1577\", \"CVE-2011-1593\", \"CVE-2011-1678\", \"CVE-2011-1745\", \"CVE-2011-1746\", \"CVE-2011-1763\", \"CVE-2011-1776\", \"CVE-2011-1780\", \"CVE-2011-1936\", \"CVE-2011-2022\", \"CVE-2011-2192\", \"CVE-2011-2213\", \"CVE-2011-2482\", \"CVE-2011-2491\", \"CVE-2011-2492\", \"CVE-2011-2495\", \"CVE-2011-2517\", \"CVE-2011-2519\", \"CVE-2011-2522\", \"CVE-2011-2525\", \"CVE-2011-2689\", \"CVE-2011-2694\", \"CVE-2011-2901\", \"CVE-2011-3378\");\n script_bugtraq_id(36097, 37203, 37992, 38326, 40370, 40863, 44533, 46073, 46417, 46488, 46541, 46616, 46793, 46839, 46878, 46919, 47003, 47024, 47308, 47343, 47497, 47534, 47535, 47791, 47796, 47843, 48048, 48058, 48333, 48441, 48538, 48641, 48677, 48899, 48901, 49141, 49370, 49373, 49375, 49408, 49939);\n script_xref(name:\"VMSA\", value:\"2012-0001\");\n\n script_name(english:\"VMSA-2012-0001 : VMware ESXi and ESX updates to third-party library and ESX Service Console\");\n script_summary(english:\"Checks esxupdate output for the patches\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote VMware ESXi / ESX host is missing one or more\nsecurity-related patches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"a. ESX third-party update for Service Console kernel\n \n The ESX Service Console Operating System (COS) kernel is updated to\n kernel-2.6.18-274.3.1.el5 to fix multiple security issues in the\n COS kernel.\n \n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n assigned the names CVE-2011-0726, CVE-2011-1078, CVE-2011-1079,\n CVE-2011-1080, CVE-2011-1093, CVE-2011-1163, CVE-2011-1166,\n CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, CVE-2011-1494,\n CVE-2011-1495, CVE-2011-1577, CVE-2011-1763, CVE-2010-4649,\n CVE-2011-0695, CVE-2011-0711, CVE-2011-1044, CVE-2011-1182,\n CVE-2011-1573, CVE-2011-1576, CVE-2011-1593, CVE-2011-1745,\n CVE-2011-1746, CVE-2011-1776, CVE-2011-1936, CVE-2011-2022,\n CVE-2011-2213, CVE-2011-2492, CVE-2011-1780, CVE-2011-2525,\n CVE-2011-2689, CVE-2011-2482, CVE-2011-2491, CVE-2011-2495,\n CVE-2011-2517, CVE-2011-2519, CVE-2011-2901 to these issues.\n \nb. ESX third-party update for Service Console cURL RPM\n \n The ESX Service Console (COS) curl RPM is updated to cURL-7.15.5.9\n resolving a security issues.\n \n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n assigned the name CVE-2011-2192 to this issue.\n \nc. ESX third-party update for Service Console nspr and nss RPMs\n \n The ESX Service Console (COS) nspr and nss RPMs are updated to\n nspr-4.8.8-1.el5_7 and nss-3.12.10-4.el5_7 respectively resolving\n a security issues.\n \n A Certificate Authority (CA) issued fraudulent SSL certificates and\n Netscape Portable Runtime (NSPR) and Network Security Services (NSS)\n contain the built-in tokens of this fraudulent Certificate\n Authority. This update renders all SSL certificates signed by the\n fraudulent CA as untrusted for all uses.\n \nd. ESX third-party update for Service Console rpm RPMs\n \n The ESX Service Console Operating System (COS) rpm packages are\n updated to popt-1.10.2.3-22.el5_7.2, rpm-4.4.2.3-22.el5_7.2,\n rpm-libs-4.4.2.3-22.el5_7.2 and rpm-python-4.4.2.3-22.el5_7.2\n which fixes multiple security issues.\n \n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n assigned the names CVE-2010-2059 and CVE-2011-3378 to these\n issues.\n \ne. ESX third-party update for Service Console samba RPMs\n \n The ESX Service Console Operating System (COS) samba packages are\n updated to samba-client-3.0.33-3.29.el5_7.4,\n samba-common-3.0.33-3.29.el5_7.4 and\n libsmbclient-3.0.33-3.29.el5_7.4 which fixes multiple security\n issues in the Samba client.\n \n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n assigned the names CVE-2010-0547, CVE-2010-0787, CVE-2011-1678,\n CVE-2011-2522 and CVE-2011-2694 to these issues.\n \n Note that ESX does not include the Samba Web Administration Tool\n (SWAT) and therefore ESX COS is not affected by CVE-2011-2522 and\n CVE-2011-2694.\n \nf. ESX third-party update for Service Console python package\n \n The ESX Service Console (COS) python package is updated to\n 2.4.3-44 which fixes multiple security issues.\n \n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n assigned the names CVE-2009-3720, CVE-2010-3493, CVE-2011-1015 and\n CVE-2011-1521 to these issues.\n \ng. ESXi update to third-party component python\n \n The python third-party library is updated to python 2.5.6 which\n fixes multiple security issues.\n \n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n assigned the names CVE-2009-3560, CVE-2009-3720, CVE-2010-1634,\n CVE-2010-2089, and CVE-2011-1521 to these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.vmware.com/pipermail/security-announce/2012/000170.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply the missing patches.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(20, 59, 119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:4.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi:4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi:4.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi:5.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/11/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/31\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"VMware ESX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/VMware/release\", \"Host/VMware/version\");\n script_require_ports(\"Host/VMware/esxupdate\", \"Host/VMware/esxcli_software_vibs\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"vmware_esx_packages.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/VMware/release\")) audit(AUDIT_OS_NOT, \"VMware ESX / ESXi\");\nif (\n !get_kb_item(\"Host/VMware/esxcli_software_vibs\") &&\n !get_kb_item(\"Host/VMware/esxupdate\")\n) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ninit_esx_check(date:\"2012-01-30\");\nflag = 0;\n\n\nif (\n esx_check(\n ver : \"ESX 4.0\",\n patch : \"ESX400-201203401-SG\",\n patch_updates : make_list(\"ESX400-201205401-SG\", \"ESX400-201206401-SG\", \"ESX400-201209401-SG\", \"ESX400-201302401-SG\", \"ESX400-201305401-SG\", \"ESX400-201310401-SG\", \"ESX400-201404401-SG\")\n )\n) flag++;\nif (esx_check(ver:\"ESX 4.0\", patch:\"ESX400-201203402-SG\")) flag++;\nif (esx_check(ver:\"ESX 4.0\", patch:\"ESX400-201203403-SG\")) flag++;\nif (esx_check(ver:\"ESX 4.0\", patch:\"ESX400-201203404-SG\")) flag++;\nif (\n esx_check(\n ver : \"ESX 4.0\",\n patch : \"ESX400-201203405-SG\",\n patch_updates : make_list(\"ESX400-201209404-SG\")\n )\n) flag++;\n\nif (\n esx_check(\n ver : \"ESX 4.1\",\n patch : \"ESX410-201201401-SG\",\n patch_updates : make_list(\"ESX410-201204401-SG\", \"ESX410-201205401-SG\", \"ESX410-201206401-SG\", \"ESX410-201208101-SG\", \"ESX410-201211401-SG\", \"ESX410-201301401-SG\", \"ESX410-201304401-SG\", \"ESX410-201307401-SG\", \"ESX410-201312401-SG\", \"ESX410-201404401-SG\", \"ESX410-Update03\")\n )\n) flag++;\nif (\n esx_check(\n ver : \"ESX 4.1\",\n patch : \"ESX410-201201402-SG\",\n patch_updates : make_list(\"ESX410-Update03\")\n )\n) flag++;\nif (\n esx_check(\n ver : \"ESX 4.1\",\n patch : \"ESX410-201201404-SG\",\n patch_updates : make_list(\"ESX410-201211405-SG\", \"ESX410-201307402-SG\", \"ESX410-201312403-SG\", \"ESX410-Update03\")\n )\n) flag++;\nif (\n esx_check(\n ver : \"ESX 4.1\",\n patch : \"ESX410-201201405-SG\",\n patch_updates : make_list(\"ESX410-201211407-SG\", \"ESX410-Update03\")\n )\n) flag++;\nif (\n esx_check(\n ver : \"ESX 4.1\",\n patch : \"ESX410-201201406-SG\",\n patch_updates : make_list(\"ESX410-201208105-SG\", \"ESX410-Update03\")\n )\n) flag++;\nif (\n esx_check(\n ver : \"ESX 4.1\",\n patch : \"ESX410-201201407-SG\",\n patch_updates : make_list(\"ESX410-Update03\")\n )\n) flag++;\n\nif (\n esx_check(\n ver : \"ESXi 4.0\",\n patch : \"ESXi400-201203401-SG\",\n patch_updates : make_list(\"ESXi400-201205401-SG\", \"ESXi400-201206401-SG\", \"ESXi400-201209401-SG\", \"ESXi400-201302401-SG\", \"ESXi400-201305401-SG\", \"ESXi400-201310401-SG\", \"ESXi400-201404401-SG\")\n )\n) flag++;\n\nif (\n esx_check(\n ver : \"ESXi 4.1\",\n patch : \"ESXi410-201201401-SG\",\n patch_updates : make_list(\"ESXi410-201204401-SG\", \"ESXi410-201205401-SG\", \"ESXi410-201206401-SG\", \"ESXi410-201208101-SG\", \"ESXi410-201211401-SG\", \"ESXi410-201301401-SG\", \"ESXi410-201304401-SG\", \"ESXi410-201307401-SG\", \"ESXi410-201312401-SG\", \"ESXi410-201404401-SG\", \"ESXi410-Update03\")\n )\n) flag++;\n\nif (esx_check(ver:\"ESXi 5.0\", vib:\"VMware:esx-base:5.0.0-0.10.608089\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:esx_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:49:55", "description": "The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2011-1189 advisory.\n\n - kernel/signal.c in the Linux kernel before 2.6.39 allows local users to spoof the uid and pid of a signal sender via a sigqueueinfo system call. (CVE-2011-1182)\n\n - The Generic Receive Offload (GRO) implementation in the Linux kernel 2.6.18 on Red Hat Enterprise Linux 5 and 2.6.32 on Red Hat Enterprise Linux 6, as used in Red Hat Enterprise Virtualization (RHEV) Hypervisor and other products, allows remote attackers to cause a denial of service via crafted VLAN packets that are processed by the napi_reuse_skb function, leading to (1) a memory leak or (2) memory corruption, a different vulnerability than CVE-2011-1478. (CVE-2011-1576)\n\n - Multiple integer overflows in the next_pidmap function in kernel/pid.c in the Linux kernel before 2.6.38.4 allow local users to cause a denial of service (system crash) via a crafted (1) getdents or (2) readdir system call. (CVE-2011-1593)\n\n - The is_gpt_valid function in fs/partitions/efi.c in the Linux kernel before 2.6.39 does not check the size of an Extensible Firmware Interface (EFI) GUID Partition Table (GPT) entry, which allows physically proximate attackers to cause a denial of service (heap-based buffer overflow and OOPS) or obtain sensitive information from kernel heap memory by connecting a crafted GPT storage device, a different vulnerability than CVE-2011-1577. (CVE-2011-1776)\n\n - Xen 4.1 before 4.1.1 and 4.0 before 4.0.2, when using PCI passthrough on Intel VT-d chipsets that do not have interrupt remapping, allows guest OS users to gain host OS privileges by using DMA to generate MSI interrupts by writing to the interrupt injection registers. (CVE-2011-1898)\n\n - Race condition in the scan_get_next_rmap_item function in mm/ksm.c in the Linux kernel before 2.6.39.3, when Kernel SamePage Merging (KSM) is enabled, allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted application. (CVE-2011-2183)\n\n - The inet_diag_bc_audit function in net/ipv4/inet_diag.c in the Linux kernel before 2.6.39.3 does not properly audit INET_DIAG bytecode, which allows local users to cause a denial of service (kernel infinite loop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink message, as demonstrated by an INET_DIAG_BC_JMP instruction with a zero yes value, a different vulnerability than CVE-2010-3880.\n (CVE-2011-2213)\n\n - The Network Lock Manager (NLM) protocol implementation in the NFS client functionality in the Linux kernel before 3.0 allows local users to cause a denial of service (system hang) via a LOCK_UN flock system call.\n (CVE-2011-2491)\n\n - The bluetooth subsystem in the Linux kernel before 3.0-rc4 does not properly initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel memory via a crafted getsockopt system call, related to (1) the l2cap_sock_getsockopt_old function in net/bluetooth/l2cap_sock.c and (2) the rfcomm_sock_getsockopt_old function in net/bluetooth/rfcomm/sock.c.\n (CVE-2011-2492)\n\n - fs/proc/base.c in the Linux kernel before 2.6.39.4 does not properly restrict access to /proc/#####/io files, which allows local users to obtain sensitive I/O statistics by polling a file, as demonstrated by discovering the length of another user's password. (CVE-2011-2495)\n\n - Integer underflow in the l2cap_config_req function in net/bluetooth/l2cap_core.c in the Linux kernel before 3.0 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a small command-size value within the command header of a Logical Link Control and Adaptation Protocol (L2CAP) configuration request, leading to a buffer overflow.\n (CVE-2011-2497)\n\n - Multiple buffer overflows in net/wireless/nl80211.c in the Linux kernel before 2.6.39.2 allow local users to gain privileges by leveraging the CAP_NET_ADMIN capability during scan operations with a long SSID value. (CVE-2011-2517)\n\n - The gfs2_fallocate function in fs/gfs2/file.c in the Linux kernel before 3.0-rc1 does not ensure that the size of a chunk allocation is a multiple of the block size, which allows local users to cause a denial of service (BUG and system crash) by arranging for all resource groups to have too little free space.\n (CVE-2011-2689)\n\n - Multiple off-by-one errors in the ext4 subsystem in the Linux kernel before 3.0-rc5 allow local users to cause a denial of service (BUG_ON and system crash) by accessing a sparse file in extent format with a write operation involving a block number corresponding to the largest possible 32-bit unsigned integer.\n (CVE-2011-2695)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 0.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : kernel (ELSA-2011-1189)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-3880", "CVE-2011-1182", "CVE-2011-1478", "CVE-2011-1576", "CVE-2011-1577", "CVE-2011-1593", "CVE-2011-1776", "CVE-2011-1898", "CVE-2011-2183", "CVE-2011-2213", "CVE-2011-2491", "CVE-2011-2492", "CVE-2011-2495", "CVE-2011-2497", "CVE-2011-2517", "CVE-2011-2689", "CVE-2011-2695"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-firmware", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:perf"], "id": "ORACLELINUX_ELSA-2011-1189.NASL", "href": "https://www.tenable.com/plugins/nessus/68331", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2011-1189.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68331);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2011-1182\",\n \"CVE-2011-1576\",\n \"CVE-2011-1593\",\n \"CVE-2011-1776\",\n \"CVE-2011-1898\",\n \"CVE-2011-2183\",\n \"CVE-2011-2213\",\n \"CVE-2011-2491\",\n \"CVE-2011-2492\",\n \"CVE-2011-2495\",\n \"CVE-2011-2497\",\n \"CVE-2011-2517\",\n \"CVE-2011-2689\",\n \"CVE-2011-2695\"\n );\n script_bugtraq_id(\n 47003,\n 47497,\n 47796,\n 48333,\n 48441,\n 48472,\n 48515,\n 48538,\n 48677,\n 48697,\n 48907,\n 49141\n );\n script_xref(name:\"RHSA\", value:\"2011:1189\");\n\n script_name(english:\"Oracle Linux 6 : kernel (ELSA-2011-1189)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2011-1189 advisory.\n\n - kernel/signal.c in the Linux kernel before 2.6.39 allows local users to spoof the uid and pid of a signal\n sender via a sigqueueinfo system call. (CVE-2011-1182)\n\n - The Generic Receive Offload (GRO) implementation in the Linux kernel 2.6.18 on Red Hat Enterprise Linux 5\n and 2.6.32 on Red Hat Enterprise Linux 6, as used in Red Hat Enterprise Virtualization (RHEV) Hypervisor\n and other products, allows remote attackers to cause a denial of service via crafted VLAN packets that are\n processed by the napi_reuse_skb function, leading to (1) a memory leak or (2) memory corruption, a\n different vulnerability than CVE-2011-1478. (CVE-2011-1576)\n\n - Multiple integer overflows in the next_pidmap function in kernel/pid.c in the Linux kernel before 2.6.38.4\n allow local users to cause a denial of service (system crash) via a crafted (1) getdents or (2) readdir\n system call. (CVE-2011-1593)\n\n - The is_gpt_valid function in fs/partitions/efi.c in the Linux kernel before 2.6.39 does not check the size\n of an Extensible Firmware Interface (EFI) GUID Partition Table (GPT) entry, which allows physically\n proximate attackers to cause a denial of service (heap-based buffer overflow and OOPS) or obtain sensitive\n information from kernel heap memory by connecting a crafted GPT storage device, a different vulnerability\n than CVE-2011-1577. (CVE-2011-1776)\n\n - Xen 4.1 before 4.1.1 and 4.0 before 4.0.2, when using PCI passthrough on Intel VT-d chipsets that do not\n have interrupt remapping, allows guest OS users to gain host OS privileges by using DMA to generate MSI\n interrupts by writing to the interrupt injection registers. (CVE-2011-1898)\n\n - Race condition in the scan_get_next_rmap_item function in mm/ksm.c in the Linux kernel before 2.6.39.3,\n when Kernel SamePage Merging (KSM) is enabled, allows local users to cause a denial of service (NULL\n pointer dereference) or possibly have unspecified other impact via a crafted application. (CVE-2011-2183)\n\n - The inet_diag_bc_audit function in net/ipv4/inet_diag.c in the Linux kernel before 2.6.39.3 does not\n properly audit INET_DIAG bytecode, which allows local users to cause a denial of service (kernel infinite\n loop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink message, as demonstrated by an\n INET_DIAG_BC_JMP instruction with a zero yes value, a different vulnerability than CVE-2010-3880.\n (CVE-2011-2213)\n\n - The Network Lock Manager (NLM) protocol implementation in the NFS client functionality in the Linux kernel\n before 3.0 allows local users to cause a denial of service (system hang) via a LOCK_UN flock system call.\n (CVE-2011-2491)\n\n - The bluetooth subsystem in the Linux kernel before 3.0-rc4 does not properly initialize certain data\n structures, which allows local users to obtain potentially sensitive information from kernel memory via a\n crafted getsockopt system call, related to (1) the l2cap_sock_getsockopt_old function in\n net/bluetooth/l2cap_sock.c and (2) the rfcomm_sock_getsockopt_old function in net/bluetooth/rfcomm/sock.c.\n (CVE-2011-2492)\n\n - fs/proc/base.c in the Linux kernel before 2.6.39.4 does not properly restrict access to /proc/#####/io\n files, which allows local users to obtain sensitive I/O statistics by polling a file, as demonstrated by\n discovering the length of another user's password. (CVE-2011-2495)\n\n - Integer underflow in the l2cap_config_req function in net/bluetooth/l2cap_core.c in the Linux kernel\n before 3.0 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have\n unspecified other impact via a small command-size value within the command header of a Logical Link\n Control and Adaptation Protocol (L2CAP) configuration request, leading to a buffer overflow.\n (CVE-2011-2497)\n\n - Multiple buffer overflows in net/wireless/nl80211.c in the Linux kernel before 2.6.39.2 allow local users\n to gain privileges by leveraging the CAP_NET_ADMIN capability during scan operations with a long SSID\n value. (CVE-2011-2517)\n\n - The gfs2_fallocate function in fs/gfs2/file.c in the Linux kernel before 3.0-rc1 does not ensure that the\n size of a chunk allocation is a multiple of the block size, which allows local users to cause a denial of\n service (BUG and system crash) by arranging for all resource groups to have too little free space.\n (CVE-2011-2689)\n\n - Multiple off-by-one errors in the ext4 subsystem in the Linux kernel before 3.0-rc5 allow local users to\n cause a denial of service (BUG_ON and system crash) by accessing a sparse file in extent format with a\n write operation involving a block number corresponding to the largest possible 32-bit unsigned integer.\n (CVE-2011-2695)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2011-1189.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2011-2497\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/03/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['2.6.32-131.12.1.el6'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2011-1189');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '2.6';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-2.6.32-131.12.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-2.6.32'},\n {'reference':'kernel-2.6.32-131.12.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-2.6.32'},\n {'reference':'kernel-debug-2.6.32-131.12.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-2.6.32'},\n {'reference':'kernel-debug-2.6.32-131.12.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-2.6.32'},\n {'reference':'kernel-debug-devel-2.6.32-131.12.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-2.6.32'},\n {'reference':'kernel-debug-devel-2.6.32-131.12.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-2.6.32'},\n {'reference':'kernel-devel-2.6.32-131.12.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-2.6.32'},\n {'reference':'kernel-devel-2.6.32-131.12.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-2.6.32'},\n {'reference':'kernel-firmware-2.6.32-131.12.1.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-firmware-2.6.32'},\n {'reference':'kernel-headers-2.6.32-131.12.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-2.6.32'},\n {'reference':'kernel-headers-2.6.32-131.12.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-2.6.32'},\n {'reference':'perf-2.6.32-131.12.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-2.6.32-131.12.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel / kernel-debug / kernel-debug-devel / etc');\n}\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:35:56", "description": "An updated rsync package that fixes one security issue, several bugs, and adds enhancements is now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nrsync is a program for synchronizing files over a network.\n\nA flaw was found in the way the rsync daemon handled the 'filter', 'exclude', and 'exclude from' options, used for hiding files and preventing access to them from rsync clients. A remote attacker could use this flaw to bypass those restrictions by using certain command line options and symbolic links, allowing the attacker to overwrite those files if they knew their file names and had write access to them. (CVE-2007-6200)\n\nNote: This issue only affected users running rsync as a writable daemon: 'read only' set to 'false' in the rsync configuration file (for example, '/etc/rsyncd.conf'). By default, this option is set to 'true'.\n\nThis update also fixes the following bugs :\n\n* The rsync package has been upgraded to upstream version 3.0.6, which provides a number of bug fixes and enhancements over the previous version. (BZ#339971)\n\n* When running an rsync daemon that was receiving files, a deferred info, error or log message could have been sent directly to the sender instead of being handled by the 'rwrite()' function in the generator.\nAlso, under certain circumstances, a deferred info or error message from the receiver could have bypassed the log file and could have been sent only to the client process. As a result, an 'unexpected tag 3' fatal error could have been displayed. These problems have been fixed in this update so that an rsync daemon receiving files now works as expected. (BZ#471182)\n\n* Prior to this update, the rsync daemon called a number of timezone-using functions after doing a chroot. As a result, certain C libraries were unable to generate proper timestamps from inside a chrooted daemon. This bug has been fixed in this update so that the rsync daemon now calls the respective timezone-using functions prior to doing a chroot, and proper timestamps are now generated as expected. (BZ#575022)\n\n* When running rsync under a non-root user with the '-A' ('--acls') option and without using the '--numeric-ids' option, if there was an Access Control List (ACL) that included a group entry for a group that the respective user was not a member of on the receiving side, the 'acl_set_file()' function returned an invalid argument value ('EINVAL'). This was caused by rsync mistakenly mapping the group name to the Group ID 'GID_NONE' ('-1'), which failed. The bug has been fixed in this update so that no invalid argument is returned and rsync works as expected. (BZ#616093)\n\n* When creating a sparse file that was zero blocks long, the 'rsync\n--sparse' command did not properly truncate the sparse file at the end of the copy transaction. As a result, the file size was bigger than expected. This bug has been fixed in this update by properly truncating the file so that rsync now copies such files as expected.\n(BZ#530866)\n\n* Under certain circumstances, when using rsync in daemon mode, rsync generator instances could have entered an infinitive loop, trying to write an error message for the receiver to an invalid socket. This problem has been fixed in this update by adding a new sibling message:\nwhen the receiver is reporting a socket-read error, the generator will notice this fact and avoid writing an error message down the socket, allowing it to close down gracefully when the pipe from the receiver closes. (BZ#690148)\n\n* Prior to this update, there were missing deallocations found in the 'start_client()' function. This bug has been fixed in this update and no longer occurs. (BZ#700450)\n\nAll users of rsync are advised to upgrade to this updated package, which resolves these issues and adds enhancements.", "cvss3": {}, "published": "2011-09-23T00:00:00", "type": "nessus", "title": "CentOS 5 : rsync (CESA-2011:0999)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6200"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:rsync", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2011-0999.NASL", "href": "https://www.tenable.com/plugins/nessus/56261", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:0999 and \n# CentOS Errata and Security Advisory 2011:0999 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56261);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2007-6200\");\n script_bugtraq_id(26639);\n script_xref(name:\"RHSA\", value:\"2011:0999\");\n\n script_name(english:\"CentOS 5 : rsync (CESA-2011:0999)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated rsync package that fixes one security issue, several bugs,\nand adds enhancements is now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nrsync is a program for synchronizing files over a network.\n\nA flaw was found in the way the rsync daemon handled the 'filter',\n'exclude', and 'exclude from' options, used for hiding files and\npreventing access to them from rsync clients. A remote attacker could\nuse this flaw to bypass those restrictions by using certain command\nline options and symbolic links, allowing the attacker to overwrite\nthose files if they knew their file names and had write access to\nthem. (CVE-2007-6200)\n\nNote: This issue only affected users running rsync as a writable\ndaemon: 'read only' set to 'false' in the rsync configuration file\n(for example, '/etc/rsyncd.conf'). By default, this option is set to\n'true'.\n\nThis update also fixes the following bugs :\n\n* The rsync package has been upgraded to upstream version 3.0.6, which\nprovides a number of bug fixes and enhancements over the previous\nversion. (BZ#339971)\n\n* When running an rsync daemon that was receiving files, a deferred\ninfo, error or log message could have been sent directly to the sender\ninstead of being handled by the 'rwrite()' function in the generator.\nAlso, under certain circumstances, a deferred info or error message\nfrom the receiver could have bypassed the log file and could have been\nsent only to the client process. As a result, an 'unexpected tag 3'\nfatal error could have been displayed. These problems have been fixed\nin this update so that an rsync daemon receiving files now works as\nexpected. (BZ#471182)\n\n* Prior to this update, the rsync daemon called a number of\ntimezone-using functions after doing a chroot. As a result, certain C\nlibraries were unable to generate proper timestamps from inside a\nchrooted daemon. This bug has been fixed in this update so that the\nrsync daemon now calls the respective timezone-using functions prior\nto doing a chroot, and proper timestamps are now generated as\nexpected. (BZ#575022)\n\n* When running rsync under a non-root user with the '-A' ('--acls')\noption and without using the '--numeric-ids' option, if there was an\nAccess Control List (ACL) that included a group entry for a group that\nthe respective user was not a member of on the receiving side, the\n'acl_set_file()' function returned an invalid argument value\n('EINVAL'). This was caused by rsync mistakenly mapping the group name\nto the Group ID 'GID_NONE' ('-1'), which failed. The bug has been\nfixed in this update so that no invalid argument is returned and rsync\nworks as expected. (BZ#616093)\n\n* When creating a sparse file that was zero blocks long, the 'rsync\n--sparse' command did not properly truncate the sparse file at the end\nof the copy transaction. As a result, the file size was bigger than\nexpected. This bug has been fixed in this update by properly\ntruncating the file so that rsync now copies such files as expected.\n(BZ#530866)\n\n* Under certain circumstances, when using rsync in daemon mode, rsync\ngenerator instances could have entered an infinitive loop, trying to\nwrite an error message for the receiver to an invalid socket. This\nproblem has been fixed in this update by adding a new sibling message:\nwhen the receiver is reporting a socket-read error, the generator will\nnotice this fact and avoid writing an error message down the socket,\nallowing it to close down gracefully when the pipe from the receiver\ncloses. (BZ#690148)\n\n* Prior to this update, there were missing deallocations found in the\n'start_client()' function. This bug has been fixed in this update and\nno longer occurs. (BZ#700450)\n\nAll users of rsync are advised to upgrade to this updated package,\nwhich resolves these issues and adds enhancements.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-September/017960.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0c1131eb\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-September/017961.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?25a5e3d0\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2011-September/000134.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a84b8fee\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2011-September/000135.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6ab3d854\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected rsync package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rsync\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/12/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/09/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"rsync-3.0.6-4.el5\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rsync\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:34:21", "description": "An updated rsync package that fixes one security issue, several bugs, and adds enhancements is now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nrsync is a program for synchronizing files over a network.\n\nA flaw was found in the way the rsync daemon handled the 'filter', 'exclude', and 'exclude from' options, used for hiding files and preventing access to them from rsync clients. A remote attacker could use this flaw to bypass those restrictions by using certain command line options and symbolic links, allowing the attacker to overwrite those files if they knew their file names and had write access to them. (CVE-2007-6200)\n\nNote: This issue only affected users running rsync as a writable daemon: 'read only' set to 'false' in the rsync configuration file (for example, '/etc/rsyncd.conf'). By default, this option is set to 'true'.\n\nThis update also fixes the following bugs :\n\n* The rsync package has been upgraded to upstream version 3.0.6, which provides a number of bug fixes and enhancements over the previous version. (BZ#339971)\n\n* When running an rsync daemon that was receiving files, a deferred info, error or log message could have been sent directly to the sender instead of being handled by the 'rwrite()' function in the generator.\nAlso, under certain circumstances, a deferred info or error message from the receiver could have bypassed the log file and could have been sent only to the client process. As a result, an 'unexpected tag 3' fatal error could have been displayed. These problems have been fixed in this update so that an rsync daemon receiving files now works as expected. (BZ#471182)\n\n* Prior to this update, the rsync daemon called a number of timezone-using functions after doing a chroot. As a result, certain C libraries were unable to generate proper timestamps from inside a chrooted daemon. This bug has been fixed in this update so that the rsync daemon now calls the respective timezone-using functions prior to doing a chroot, and proper timestamps are now generated as expected. (BZ#575022)\n\n* When running rsync under a non-root user with the '-A' ('--acls') option and without using the '--numeric-ids' option, if there was an Access Control List (ACL) that included a group entry for a group that the respective user was not a member of on the receiving side, the 'acl_set_file()' function returned an invalid argument value ('EINVAL'). This was caused by rsync mistakenly mapping the group name to the Group ID 'GID_NONE' ('-1'), which failed. The bug has been fixed in this update so that no invalid argument is returned and rsync works as expected. (BZ#616093)\n\n* When creating a sparse file that was zero blocks long, the 'rsync\n--sparse' command did not properly truncate the sparse file at the end of the copy transaction. As a result, the file size was bigger than expected. This bug has been fixed in this update by properly truncating the file so that rsync now copies such files as expected.\n(BZ#530866)\n\n* Under certain circumstances, when using rsync in daemon mode, rsync generator instances could have entered an infinitive loop, trying to write an error message for the receiver to an invalid socket. This problem has been fixed in this update by adding a new sibling message:\nwhen the receiver is reporting a socket-read error, the generator will notice this fact and avoid writing an error message down the socket, allowing it to close down gracefully when the pipe from the receiver closes. (BZ#690148)\n\n* Prior to this update, there were missing deallocations found in the 'start_client()' function. This bug has been fixed in this update and no longer occurs. (BZ#700450)\n\nAll users of rsync are advised to upgrade to this updated package, which resolves these issues and adds enhancements.", "cvss3": {}, "published": "2011-07-22T00:00:00", "type": "nessus", "title": "RHEL 5 : rsync (RHSA-2011:0999)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6200"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:rsync", "cpe:/o:redhat:enterprise_linux:5"], "id": "REDHAT-RHSA-2011-0999.NASL", "href": "https://www.tenable.com/plugins/nessus/55643", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:0999. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55643);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-6200\");\n script_bugtraq_id(26639);\n script_xref(name:\"RHSA\", value:\"2011:0999\");\n\n script_name(english:\"RHEL 5 : rsync (RHSA-2011:0999)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated rsync package that fixes one security issue, several bugs,\nand adds enhancements is now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nrsync is a program for synchronizing files over a network.\n\nA flaw was found in the way the rsync daemon handled the 'filter',\n'exclude', and 'exclude from' options, used for hiding files and\npreventing access to them from rsync clients. A remote attacker could\nuse this flaw to bypass those restrictions by using certain command\nline options and symbolic links, allowing the attacker to overwrite\nthose files if they knew their file names and had write access to\nthem. (CVE-2007-6200)\n\nNote: This issue only affected users running rsync as a writable\ndaemon: 'read only' set to 'false' in the rsync configuration file\n(for example, '/etc/rsyncd.conf'). By default, this option is set to\n'true'.\n\nThis update also fixes the following bugs :\n\n* The rsync package has been upgraded to upstream version 3.0.6, which\nprovides a number of bug fixes and enhancements over the previous\nversion. (BZ#339971)\n\n* When running an rsync daemon that was receiving files, a deferred\ninfo, error or log message could have been sent directly to the sender\ninstead of being handled by the 'rwrite()' function in the generator.\nAlso, under certain circumstances, a deferred info or error message\nfrom the receiver could have bypassed the log file and could have been\nsent only to the client process. As a result, an 'unexpected tag 3'\nfatal error could have been displayed. These problems have been fixed\nin this update so that an rsync daemon receiving files now works as\nexpected. (BZ#471182)\n\n* Prior to this update, the rsync daemon called a number of\ntimezone-using functions after doing a chroot. As a result, certain C\nlibraries were unable to generate proper timestamps from inside a\nchrooted daemon. This bug has been fixed in this update so that the\nrsync daemon now calls the respective timezone-using functions prior\nto doing a chroot, and proper timestamps are now generated as\nexpected. (BZ#575022)\n\n* When running rsync under a non-root user with the '-A' ('--acls')\noption and without using the '--numeric-ids' option, if there was an\nAccess Control List (ACL) that included a group entry for a group that\nthe respective user was not a member of on the receiving side, the\n'acl_set_file()' function returned an invalid argument value\n('EINVAL'). This was caused by rsync mistakenly mapping the group name\nto the Group ID 'GID_NONE' ('-1'), which failed. The bug has been\nfixed in this update so that no invalid argument is returned and rsync\nworks as expected. (BZ#616093)\n\n* When creating a sparse file that was zero blocks long, the 'rsync\n--sparse' command did not properly truncate the sparse file at the end\nof the copy transaction. As a result, the file size was bigger than\nexpected. This bug has been fixed in this update by properly\ntruncating the file so that rsync now copies such files as expected.\n(BZ#530866)\n\n* Under certain circumstances, when using rsync in daemon mode, rsync\ngenerator instances could have entered an infinitive loop, trying to\nwrite an error message for the receiver to an invalid socket. This\nproblem has been fixed in this update by adding a new sibling message:\nwhen the receiver is reporting a socket-read error, the generator will\nnotice this fact and avoid writing an error message down the socket,\nallowing it to close down gracefully when the pipe from the receiver\ncloses. (BZ#690148)\n\n* Prior to this update, there were missing deallocations found in the\n'start_client()' function. This bug has been fixed in this update and\nno longer occurs. (BZ#700450)\n\nAll users of rsync are advised to upgrade to this updated package,\nwhich resolves these issues and adds enhancements.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-6200\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rsync.samba.org/security.html#s3_0_0\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:0999\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected rsync package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rsync\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/12/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/07/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:0999\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"rsync-3.0.6-4.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"rsync-3.0.6-4.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"rsync-3.0.6-4.el5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rsync\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:26:20", "description": "rsync is a program for synchronizing files over a network.\n\nA flaw was found in the way the rsync daemon handled the 'filter', 'exclude', and 'exclude from' options, used for hiding files and preventing access to them from rsync clients. A remote attacker could use this flaw to bypass those restrictions by using certain command line options and symbolic links, allowing the attacker to overwrite those files if they knew their file names and had write access to them. (CVE-2007-6200)\n\nNote: This issue only affected users running rsync as a writable daemon: 'read only' set to 'false' in the rsync configuration file (for example, '/etc/rsyncd.conf'). By default, this option is set to 'true'.\n\nThis update also fixes the following bugs :\n\n - The rsync package has been upgraded to upstream version 3.0.6, which provides a number of bug fixes and enhancements over the previous version.\n\n - When running an rsync daemon that was receiving files, a deferred info, error or log message could have been sent directly to the sender instead of being handled by the 'rwrite()' function in the generator. Also, under certain circumstances, a deferred info or error message from the receiver could have bypassed the log file and could have been sent only to the client process. As a result, an 'unexpected tag 3' fatal error could have been displayed. These problems have been fixed in this update so that an rsync daemon receiving files now works as expected.\n\n - Prior to this update, the rsync daemon called a number of timezone-using functions after doing a chroot. As a result, certain C libraries were unable to generate proper timestamps from inside a chrooted daemon. This bug has been fixed in this update so that the rsync daemon now calls the respective timezone-using functions prior to doing a chroot, and proper timestamps are now generated as expected.\n\n - When running rsync under a non-root user with the '-A' ('--acls') option and without using the '--numeric-ids' option, if there was an Access Control List (ACL) that included a group entry for a group that the respective user was not a member of on the receiving side, the 'acl_set_file()' function returned an invalid argument value ('EINVAL'). This was caused by rsync mistakenly mapping the group name to the Group ID 'GID_NONE' ('-1'), which failed. The bug has been fixed in this update so that no invalid argument is returned and rsync works as expected.\n\n - When creating a sparse file that was zero blocks long, the 'rsync\n\n - --sparse' command did not properly truncate the sparse file at the end of the copy transaction. As a result, the file size was bigger than expected. This bug has been fixed in this update by properly truncating the file so that rsync now copies such files as expected.\n\n - Under certain circumstances, when using rsync in daemon mode, rsync generator instances could have entered an infinitive loop, trying to write an error message for the receiver to an invalid socket. This problem has been fixed in this update by adding a new sibling message:\n when the receiver is reporting a socket-read error, the generator will notice this fact and avoid writing an error message down the socket, allowing it to close down gracefully when the pipe from the receiver closes.\n\n - Prior to this update, there were missing deallocations found in the 'start_client()' function. This bug has been fixed in this update and no longer occurs.\n\nAll users of rsync are advised to upgrade to this updated package, which resolves these issues and adds enhancements.", "cvss3": {}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : rsync on SL5.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6200"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20110721_RSYNC_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61092", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61092);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-6200\");\n\n script_name(english:\"Scientific Linux Security Update : rsync on SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"rsync is a program for synchronizing files over a network.\n\nA flaw was found in the way the rsync daemon handled the 'filter',\n'exclude', and 'exclude from' options, used for hiding files and\npreventing access to them from rsync clients. A remote attacker could\nuse this flaw to bypass those restrictions by using certain command\nline options and symbolic links, allowing the attacker to overwrite\nthose files if they knew their file names and had write access to\nthem. (CVE-2007-6200)\n\nNote: This issue only affected users running rsync as a writable\ndaemon: 'read only' set to 'false' in the rsync configuration file\n(for example, '/etc/rsyncd.conf'). By default, this option is set to\n'true'.\n\nThis update also fixes the following bugs :\n\n - The rsync package has been upgraded to upstream version\n 3.0.6, which provides a number of bug fixes and\n enhancements over the previous version.\n\n - When running an rsync daemon that was receiving files, a\n deferred info, error or log message could have been sent\n directly to the sender instead of being handled by the\n 'rwrite()' function in the generator. Also, under\n certain circumstances, a deferred info or error message\n from the receiver could have bypassed the log file and\n could have been sent only to the client process. As a\n result, an 'unexpected tag 3' fatal error could have\n been displayed. These problems have been fixed in this\n update so that an rsync daemon receiving files now works\n as expected.\n\n - Prior to this update, the rsync daemon called a number\n of timezone-using functions after doing a chroot. As a\n result, certain C libraries were unable to generate\n proper timestamps from inside a chrooted daemon. This\n bug has been fixed in this update so that the rsync\n daemon now calls the respective timezone-using functions\n prior to doing a chroot, and proper timestamps are now\n generated as expected.\n\n - When running rsync under a non-root user with the '-A'\n ('--acls') option and without using the '--numeric-ids'\n option, if there was an Access Control List (ACL) that\n included a group entry for a group that the respective\n user was not a member of on the receiving side, the\n 'acl_set_file()' function returned an invalid argument\n value ('EINVAL'). This was caused by rsync mistakenly\n mapping the group name to the Group ID 'GID_NONE'\n ('-1'), which failed. The bug has been fixed in this\n update so that no invalid argument is returned and rsync\n works as expected.\n\n - When creating a sparse file that was zero blocks long,\n the 'rsync\n\n - --sparse' command did not properly truncate the sparse\n file at the end of the copy transaction. As a result,\n the file size was bigger than expected. This bug has\n been fixed in this update by properly truncating the\n file so that rsync now copies such files as expected.\n\n - Under certain circumstances, when using rsync in daemon\n mode, rsync generator instances could have entered an\n infinitive loop, trying to write an error message for\n the receiver to an invalid socket. This problem has been\n fixed in this update by adding a new sibling message:\n when the receiver is reporting a socket-read error, the\n generator will notice this fact and avoid writing an\n error message down the socket, allowing it to close down\n gracefully when the pipe from the receiver closes.\n\n - Prior to this update, there were missing deallocations\n found in the 'start_client()' function. This bug has\n been fixed in this update and no longer occurs.\n\nAll users of rsync are advised to upgrade to this updated package,\nwhich resolves these issues and adds enhancements.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1107&L=scientific-linux-errata&T=0&P=2064\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d9971531\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected rsync and / or rsync-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/12/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"rsync-3.0.6-4.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"rsync-debuginfo-3.0.6-4.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-20T14:19:36", "description": "Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service.\n(CVE-2011-1576)\n\nTimo Warns discovered that the EFI GUID partition table was not correctly parsed. A physically local attacker that could insert mountable devices could exploit this to crash the system or possibly gain root privileges. (CVE-2011-1776)\n\nDan Rosenberg discovered that the IPv4 diagnostic routines did not correctly validate certain requests. A local attacker could exploit this to consume CPU resources, leading to a denial of service.\n(CVE-2011-2213)\n\nDan Rosenberg discovered that the Bluetooth stack incorrectly handled certain L2CAP requests. If a system was using Bluetooth, a remote attacker could send specially crafted traffic to crash the system or gain root privileges. (CVE-2011-2497)\n\nMauro Carvalho Chehab discovered that the si4713 radio driver did not correctly check the length of memory copies. If this hardware was available, a local attacker could exploit this to crash the system or gain root privileges. (CVE-2011-2700)\n\nHerbert Xu discovered that certain fields were incorrectly handled when Generic Receive Offload (CVE-2011-2723)\n\nTime Warns discovered that long symlinks were incorrectly handled on Be filesystems. A local attacker could exploit this with a malformed Be filesystem and crash the system, leading to a denial of service.\n(CVE-2011-2928)\n\nDan Kaminsky discovered that the kernel incorrectly handled random sequence number generation. An attacker could use this flaw to possibly predict sequence numbers and inject packets. (CVE-2011-3188)\n\nDarren Lavender discovered that the CIFS client incorrectly handled certain large values. A remote attacker with a malicious server could exploit this to crash the system or possibly execute arbitrary code as the root user. (CVE-2011-3191)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2011-09-30T00:00:00", "type": "nessus", "title": "USN-1220-1 : linux-ti-omap4 vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1576", "CVE-2011-1776", "CVE-2011-2213", "CVE-2011-2497", "CVE-2011-2700", "CVE-2011-2723", "CVE-2011-2928", "CVE-2011-3188", "CVE-2011-3191"], "modified": "2016-12-01T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux"], "id": "UBUNTU_USN-1220-1.NASL", "href": "https://www.tenable.com/plugins/nessus/56345", "sourceData": "# This script was automatically generated from Ubuntu Security\n# Notice USN-1220-1. It is released under the Nessus Script \n# Licence.\n#\n# Ubuntu Security Notices are (C) Canonical, Inc.\n# See http://www.ubuntu.com/usn/\n# Ubuntu(R) is a registered trademark of Canonical, Inc.\n\nif (!defined_func(\"bn_random\")) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56345);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2016/12/01 20:56:51 $\");\n\n script_cve_id(\"CVE-2011-1576\", \"CVE-2011-1776\", \"CVE-2011-2213\", \"CVE-2011-2497\", \"CVE-2011-2700\", \"CVE-2011-2723\", \"CVE-2011-2928\", \"CVE-2011-3188\", \"CVE-2011-3191\");\n script_xref(name:\"USN\", value:\"1220-1\");\n\n script_name(english:\"USN-1220-1 : linux-ti-omap4 vulnerabilities\");\n script_summary(english:\"Checks dpkg output for updated package(s)\");\n\n script_set_attribute(attribute:\"synopsis\", value: \n\"The remote Ubuntu host is missing one or more security-related\npatches.\");\n script_set_attribute(attribute:\"description\", value:\n\"Ryan Sweat discovered that the kernel incorrectly handled certain\nVLAN packets. On some systems, a remote attacker could send specially\ncrafted traffic to crash the system, leading to a denial of service.\n(CVE-2011-1576)\n\nTimo Warns discovered that the EFI GUID partition table was not\ncorrectly parsed. A physically local attacker that could insert\nmountable devices could exploit this to crash the system or possibly\ngain root privileges. (CVE-2011-1776)\n\nDan Rosenberg discovered that the IPv4 diagnostic routines did not\ncorrectly validate certain requests. A local attacker could exploit\nthis to consume CPU resources, leading to a denial of service.\n(CVE-2011-2213)\n\nDan Rosenberg discovered that the Bluetooth stack incorrectly handled\ncertain L2CAP requests. If a system was using Bluetooth, a remote\nattacker could send specially crafted traffic to crash the system or\ngain root privileges. (CVE-2011-2497)\n\nMauro Carvalho Chehab discovered that the si4713 radio driver did not\ncorrectly check the length of memory copies. If this hardware was\navailable, a local attacker could exploit this to crash the system or\ngain root privileges. (CVE-2011-2700)\n\nHerbert Xu discovered that certain fields were incorrectly handled\nwhen Generic Receive Offload (CVE-2011-2723)\n\nTime Warns discovered that long symlinks were incorrectly handled on\nBe filesystems. A local attacker could exploit this with a malformed\nBe filesystem and crash the system, leading to a denial of service.\n(CVE-2011-2928)\n\nDan Kaminsky discovered that the kernel incorrectly handled random\nsequence number generation. An attacker could use this flaw to\npossibly predict sequence numbers and inject packets. (CVE-2011-3188)\n\nDarren Lavender discovered that the CIFS client incorrectly handled\ncertain large values. A remote attacker with a malicious server could\nexploit this to crash the system or possibly execute arbitrary code\nas the root user. (CVE-2011-3191)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.ubuntu.com/usn/usn-1220-1/\");\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package(s).\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/29\");\n\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2011/09/30\");\n script_end_attributes();\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(\"Ubuntu Security Notice (C) 2011 Canonical, Inc. / NASL script (C) 2011-2016 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude(\"ubuntu.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/Ubuntu/release\")) exit(0, \"The host is not running Ubuntu.\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) exit(1, \"Could not obtain the list of installed packages.\");\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.10\", pkgname:\"linux-image-2.6.35-903-omap4\", pkgver:\"2.6.35-903.25\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:ubuntu_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:52:06", "description": "From Red Hat Security Advisory 2011:0261 :\n\nUpdated bash packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nBash (Bourne-again shell) is the default shell for Red Hat Enterprise Linux.\n\nIt was found that certain scripts bundled with the Bash documentation created temporary files in an insecure way. A malicious, local user could use this flaw to conduct a symbolic link attack, allowing them to overwrite the contents of arbitrary files accessible to the victim running the scripts. (CVE-2008-5374)\n\nThis update also fixes the following bugs :\n\n* If a child process's PID was the same as the PID of a previously ended child process, Bash did not wait for that child process. In some cases this caused 'Resource temporarily unavailable' errors. With this update, Bash recycles PIDs and waits for processes with recycled PIDs.\n(BZ#521134)\n\n* Bash's built-in 'read' command had a memory leak when 'read' failed due to no input (pipe for stdin). With this update, the memory is correctly freed. (BZ#537029)\n\n* Bash did not correctly check for a valid multi-byte string when setting the IFS value, causing Bash to crash. With this update, Bash checks the multi-byte string and no longer crashes. (BZ#539536)\n\n* Bash incorrectly set locale settings when using the built-in 'export' command and setting the locale on the same line (for example, with 'LC_ALL=C export LC_ALL'). With this update, Bash correctly sets locale settings. (BZ#539538)\n\nAll bash users should upgrade to these updated packages, which contain backported patches to correct these issues.", "cvss3": {}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 4 : bash (ELSA-2011-0261)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5374"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:bash", "cpe:/o:oracle:linux:4"], "id": "ORACLELINUX_ELSA-2011-0261.NASL", "href": "https://www.tenable.com/plugins/nessus/68202", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2011:0261 and \n# Oracle Linux Security Advisory ELSA-2011-0261 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68202);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-5374\");\n script_bugtraq_id(32733);\n script_xref(name:\"RHSA\", value:\"2011:0261\");\n\n script_name(english:\"Oracle Linux 4 : bash (ELSA-2011-0261)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2011:0261 :\n\nUpdated bash packages that fix one security issue and several bugs are\nnow available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nBash (Bourne-again shell) is the default shell for Red Hat Enterprise\nLinux.\n\nIt was found that certain scripts bundled with the Bash documentation\ncreated temporary files in an insecure way. A malicious, local user\ncould use this flaw to conduct a symbolic link attack, allowing them\nto overwrite the contents of arbitrary files accessible to the victim\nrunning the scripts. (CVE-2008-5374)\n\nThis update also fixes the following bugs :\n\n* If a child process's PID was the same as the PID of a previously\nended child process, Bash did not wait for that child process. In some\ncases this caused 'Resource temporarily unavailable' errors. With this\nupdate, Bash recycles PIDs and waits for processes with recycled PIDs.\n(BZ#521134)\n\n* Bash's built-in 'read' command had a memory leak when 'read' failed\ndue to no input (pipe for stdin). With this update, the memory is\ncorrectly freed. (BZ#537029)\n\n* Bash did not correctly check for a valid multi-byte string when\nsetting the IFS value, causing Bash to crash. With this update, Bash\nchecks the multi-byte string and no longer crashes. (BZ#539536)\n\n* Bash incorrectly set locale settings when using the built-in\n'export' command and setting the locale on the same line (for example,\nwith 'LC_ALL=C export LC_ALL'). With this update, Bash correctly sets\nlocale settings. (BZ#539538)\n\nAll bash users should upgrade to these updated packages, which contain\nbackported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-February/001947.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected bash package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(59);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/02/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", reference:\"bash-3.0-27.el4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bash\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:34:27", "description": "An updated bash package that fixes one security issue, several bugs, and adds one enhancement is now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nBash is the default shell for Red Hat Enterprise Linux.\n\nIt was found that certain scripts bundled with the Bash documentation created temporary files in an insecure way. A malicious, local user could use this flaw to conduct a symbolic link attack, allowing them to overwrite the contents of arbitrary files accessible to the victim running the scripts. (CVE-2008-5374)\n\nThis update fixes the following bugs :\n\n* When using the source builtin at location '.', occasionally, bash opted to preserve internal consistency and abort scripts. This caused bash to abort scripts that assigned values to read-only variables.\nThis is now fixed to ensure that such scripts are now executed as written and not aborted. (BZ#448508)\n\n* When the tab key was pressed for auto-completion options for the typed text, the cursor moved to an unexpected position on a previous line if the prompt contained characters that cannot be viewed and a '\\]'. This is now fixed to retain the cursor at the expected position at the end of the target line after autocomplete options correctly display. (BZ#463880)\n\n* Bash attempted to interpret the NOBITS .dynamic section of the ELF header. This resulted in a '^D: bad ELF interpreter: No such file or directory' message. This is fixed to ensure that the invalid '^D' does not appear in the error message. (BZ#484809)\n\n* The $RANDOM variable in Bash carried over values from a previous execution for later jobs. This is fixed and the $RANDOM variable generates a new random number for each use. (BZ#492908)\n\n* When Bash ran a shell script with an embedded null character, bash's source builtin parsed the script incorrectly. This is fixed and bash's source builtin correctly parses shell script null characters.\n(BZ#503701)\n\n* The bash manual page for 'trap' did not mention that signals ignored upon entry cannot be listed later. The manual page was updated for this update and now specifically notes that 'Signals ignored upon entry to the shell cannot be trapped, reset or listed'. (BZ#504904)\n\n* Bash's readline incorrectly displayed additional text when resizing the terminal window when text spanned more than one line, which caused incorrect display output. This is now fixed to ensure that text in more than one line in a resized window displays as expected.\n(BZ#525474)\n\n* Previously, bash incorrectly displayed 'Broken pipe' messages for builtins like 'echo' and 'printf' when output did not succeed due to EPIPE. This is fixed to ensure that the unnecessary 'Broken pipe' messages no longer display. (BZ#546529)\n\n* Inserts with the repeat function were not possible after a deletion in vi-mode. This has been corrected and, with this update, the repeat function works as expected after a deletion. (BZ#575076)\n\n* In some situations, bash incorrectly appended '/' to files instead of just directories during tab-completion, causing incorrect auto-completions. This is fixed and auto-complete appends '/' only to directories. (BZ#583919)\n\n* Bash had a memory leak in the 'read' builtin when the number of fields being read was not equal to the number of variables passed as arguments, causing a shell script crash. This is fixed to prevent a memory leak and shell script crash. (BZ#618393)\n\n* /usr/share/doc/bash-3.2/loadables in the bash package contained source files which would not build due to missing C header files. With this update, the unusable (and unbuildable) source files were removed from the package. (BZ#663656)\n\nThis update also adds the following enhancement :\n\n* The system-wide '/etc/bash.bash_logout' bash logout file is now enabled. This allows administrators to write system-wide logout actions for all users. (BZ#592979)\n\nUsers of bash are advised to upgrade to this updated package, which contains backported patches to resolve these issues and add this enhancement.", "cvss3": {}, "published": "2011-07-22T00:00:00", "type": "nessus", "title": "RHEL 5 : bash (RHSA-2011:1073)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5374"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:bash", "cpe:/o:redhat:enterprise_linux:5"], "id": "REDHAT-RHSA-2011-1073.NASL", "href": "https://www.tenable.com/plugins/nessus/55646", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1073. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55646);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-5374\");\n script_bugtraq_id(32733);\n script_xref(name:\"RHSA\", value:\"2011:1073\");\n\n script_name(english:\"RHEL 5 : bash (RHSA-2011:1073)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated bash package that fixes one security issue, several bugs,\nand adds one enhancement is now available for Red Hat Enterprise Linux\n5.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nBash is the default shell for Red Hat Enterprise Linux.\n\nIt was found that certain scripts bundled with the Bash documentation\ncreated temporary files in an insecure way. A malicious, local user\ncould use this flaw to conduct a symbolic link attack, allowing them\nto overwrite the contents of arbitrary files accessible to the victim\nrunning the scripts. (CVE-2008-5374)\n\nThis update fixes the following bugs :\n\n* When using the source builtin at location '.', occasionally, bash\nopted to preserve internal consistency and abort scripts. This caused\nbash to abort scripts that assigned values to read-only variables.\nThis is now fixed to ensure that such scripts are now executed as\nwritten and not aborted. (BZ#448508)\n\n* When the tab key was pressed for auto-completion options for the\ntyped text, the cursor moved to an unexpected position on a previous\nline if the prompt contained characters that cannot be viewed and a\n'\\]'. This is now fixed to retain the cursor at the expected position\nat the end of the target line after autocomplete options correctly\ndisplay. (BZ#463880)\n\n* Bash attempted to interpret the NOBITS .dynamic section of the ELF\nheader. This resulted in a '^D: bad ELF interpreter: No such file or\ndirectory' message. This is fixed to ensure that the invalid '^D' does\nnot appear in the error message. (BZ#484809)\n\n* The $RANDOM variable in Bash carried over values from a previous\nexecution for later jobs. This is fixed and the $RANDOM variable\ngenerates a new random number for each use. (BZ#492908)\n\n* When Bash ran a shell script with an embedded null character, bash's\nsource builtin parsed the script incorrectly. This is fixed and bash's\nsource builtin correctly parses shell script null characters.\n(BZ#503701)\n\n* The bash manual page for 'trap' did not mention that signals ignored\nupon entry cannot be listed later. The manual page was updated for\nthis update and now specifically notes that 'Signals ignored upon\nentry to the shell cannot be trapped, reset or listed'. (BZ#504904)\n\n* Bash's readline incorrectly displayed additional text when resizing\nthe terminal window when text spanned more than one line, which caused\nincorrect display output. This is now fixed to ensure that text in\nmore than one line in a resized window displays as expected.\n(BZ#525474)\n\n* Previously, bash incorrectly displayed 'Broken pipe' messages for\nbuiltins like 'echo' and 'printf' when output did not succeed due to\nEPIPE. This is fixed to ensure that the unnecessary 'Broken pipe'\nmessages no longer display. (BZ#546529)\n\n* Inserts with the repeat function were not possible after a deletion\nin vi-mode. This has been corrected and, with this update, the repeat\nfunction works as expected after a deletion. (BZ#575076)\n\n* In some situations, bash incorrectly appended '/' to files instead\nof just directories during tab-completion, causing incorrect\nauto-completions. This is fixed and auto-complete appends '/' only to\ndirectories. (BZ#583919)\n\n* Bash had a memory leak in the 'read' builtin when the number of\nfields being read was not equal to the number of variables passed as\narguments, causing a shell script crash. This is fixed to prevent a\nmemory leak and shell script crash. (BZ#618393)\n\n* /usr/share/doc/bash-3.2/loadables in the bash package contained\nsource files which would not build due to missing C header files. With\nthis update, the unusable (and unbuildable) source files were removed\nfrom the package. (BZ#663656)\n\nThis update also adds the following enhancement :\n\n* The system-wide '/etc/bash.bash_logout' bash logout file is now\nenabled. This allows administrators to write system-wide logout\nactions for all users. (BZ#592979)\n\nUsers of bash are advised to upgrade to this updated package, which\ncontains backported patches to resolve these issues and add this\nenhancement.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5374\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:1073\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected bash package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(59);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/07/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:1073\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"bash-3.2-32.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"bash-3.2-32.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"bash-3.2-32.el5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bash\");\n }\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:26:27", "description": "It was found that certain scripts bundled with the Bash documentation created temporary files in an insecure way. A malicious, local user could use this flaw to conduct a symbolic link attack, allowing them to overwrite the contents of arbitrary files accessible to the victim running the scripts. (CVE-2008-5374)\n\nThis update also fixes the following bugs :\n\n - If a child process's PID was the same as the PID of a previously ended child process, Bash did not wait for that child process. In some cases this caused 'Resource temporarily unavailable' errors. With this update, Bash recycles PIDs and waits for processes with recycled PIDs. (BZ#521134)\n\n - Bash's built-in 'read' command had a memory leak when 'read' failed due to no input (pipe for stdin). With this update, the memory is correctly freed. (BZ#537029)\n\n - Bash did not correctly check for a valid multi-byte string when setting the IFS value, causing Bash to crash. With this update, Bash checks the multi-byte string and no longer crashes. (BZ#539536)\n\n - Bash incorrectly set locale settings when using the built-in 'export' command and setting the locale on the same line (for example, with 'LC_ALL=C export LC_ALL').\n With this update, Bash correctly sets locale settings.\n (BZ#539538)", "cvss3": {}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : bash on SL4.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5374"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20110216_BASH_ON_SL4_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60956", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60956);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-5374\");\n\n script_name(english:\"Scientific Linux Security Update : bash on SL4.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Scientific Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was found that certain scripts bundled with the Bash documentation\ncreated temporary files in an insecure way. A malicious, local user\ncould use this flaw to conduct a symbolic link attack, allowing them\nto overwrite the contents of arbitrary files accessible to the victim\nrunning the scripts. (CVE-2008-5374)\n\nThis update also fixes the following bugs :\n\n - If a child process's PID was the same as the PID of a\n previously ended child process, Bash did not wait for\n that child process. In some cases this caused 'Resource\n temporarily unavailable' errors. With this update, Bash\n recycles PIDs and waits for processes with recycled\n PIDs. (BZ#521134)\n\n - Bash's built-in 'read' command had a memory leak when\n 'read' failed due to no input (pipe for stdin). With\n this update, the memory is correctly freed. (BZ#537029)\n\n - Bash did not correctly check for a valid multi-byte\n string when setting the IFS value, causing Bash to\n crash. With this update, Bash checks the multi-byte\n string and no longer crashes. (BZ#539536)\n\n - Bash incorrectly set locale settings when using the\n built-in 'export' command and setting the locale on the\n same line (for example, with 'LC_ALL=C export LC_ALL').\n With this update, Bash correctly sets locale settings.\n (BZ#539538)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=521134\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=537029\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=539536\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=539538\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1102&L=scientific-linux-errata&T=0&P=2085\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?83b1fe0c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected bash package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(59);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"bash-3.0-27.el4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:25:34", "description": "Bash is the default shell for Scientific Linux.\n\nIt was found that certain scripts bundled with the Bash documentation created temporary files in an insecure way. A malicious, local user could use this flaw to conduct a symbolic link attack, allowing them to overwrite the contents of arbitrary files accessible to the victim running the scripts. (CVE-2008-5374)\n\nThis update fixes the following bugs :\n\n - When using the source builtin at location '.', occasionally, bash opted to preserve internal consistency and abort scripts. This caused bash to abort scripts that assigned values to read-only variables.\n This is now fixed to ensure that such scripts are now executed as written and not aborted.\n\n - When the tab key was pressed for auto-completion options for the typed text, the cursor moved to an unexpected position on a previous line if the prompt contained characters that cannot be viewed and a '\\]'. This is now fixed to retain the cursor at the expected position at the end of the target line after autocomplete options correctly display.\n\n - Bash attempted to interpret the NOBITS .dynamic section of the ELF header. This resulted in a '^D: bad ELF interpreter: No such file or directory' message. This is fixed to ensure that the invalid '^D' does not appear in the error message.\n\n - The $RANDOM variable in Bash carried over values from a previous execution for later jobs. This is fixed and the $RANDOM variable generates a new random number for each use.\n\n - When Bash ran a shell script with an embedded null character, bash's source builtin parsed the script incorrectly. This is fixed and bash's source builtin correctly parses shell script null characters.\n\n - The bash manual page for 'trap' did not mention that signals ignored upon entry cannot be listed later. The manual page was updated for this update and now specifically notes that 'Signals ignored upon entry to the shell cannot be trapped, reset or listed'.\n\n - Bash's readline incorrectly displayed additional text when resizing the terminal window when text spanned more than one line, which caused incorrect display output.\n This is now fixed to ensure that text in more than one line in a resized window displays as expected.\n\n - Previously, bash incorrectly displayed 'Broken pipe' messages for builtins like 'echo' and 'printf' when output did not succeed due to EPIPE. This is fixed to ensure that the unnecessary 'Broken pipe' messages no longer display.\n\n - Inserts with the repeat function were not possible after a deletion in vi-mode. This has been corrected and, with this update, the repeat function works as expected after a deletion.\n\n - In some situations, bash incorrectly appended '/' to files instead of just directories during tab-completion, causing incorrect auto-completions. This is fixed and auto-complete appends '/' only to directories.\n\n - Bash had a memory leak in the 'read' builtin when the number of fields being read was not equal to the number of variables passed as arguments, causing a shell script crash. This is fixed to prevent a memory leak and shell script crash.\n\n - /usr/share/doc/bash-3.2/loadables in the bash package contained source files which would not build due to missing C header files. With this update, the unusable (and unbuildable) source files were removed from the package.\n\nThis update also adds the following enhancement :\n\n - The system-wide '/etc/bash.bash_logout' bash logout file is now enabled. This allows administrators to write system-wide logout actions for all users.\n\nUsers of bash are advised to upgrade to this updated package, which contains backported patches to resolve these issues and add this enhancement.", "cvss3": {}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : bash on SL5.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5374"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20110721_BASH_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61088", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61088);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-5374\");\n\n script_name(english:\"Scientific Linux Security Update : bash on SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Scientific Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Bash is the default shell for Scientific Linux.\n\nIt was found that certain scripts bundled with the Bash documentation\ncreated temporary files in an insecure way. A malicious, local user\ncould use this flaw to conduct a symbolic link attack, allowing them\nto overwrite the contents of arbitrary files accessible to the victim\nrunning the scripts. (CVE-2008-5374)\n\nThis update fixes the following bugs :\n\n - When using the source builtin at location '.',\n occasionally, bash opted to preserve internal\n consistency and abort scripts. This caused bash to abort\n scripts that assigned values to read-only variables.\n This is now fixed to ensure that such scripts are now\n executed as written and not aborted.\n\n - When the tab key was pressed for auto-completion options\n for the typed text, the cursor moved to an unexpected\n position on a previous line if the prompt contained\n characters that cannot be viewed and a '\\]'. This is now\n fixed to retain the cursor at the expected position at\n the end of the target line after autocomplete options\n correctly display.\n\n - Bash attempted to interpret the NOBITS .dynamic section\n of the ELF header. This resulted in a '^D: bad ELF\n interpreter: No such file or directory' message. This is\n fixed to ensure that the invalid '^D' does not appear in\n the error message.\n\n - The $RANDOM variable in Bash carried over values from a\n previous execution for later jobs. This is fixed and the\n $RANDOM variable generates a new random number for each\n use.\n\n - When Bash ran a shell script with an embedded null\n character, bash's source builtin parsed the script\n incorrectly. This is fixed and bash's source builtin\n correctly parses shell script null characters.\n\n - The bash manual page for 'trap' did not mention that\n signals ignored upon entry cannot be listed later. The\n manual page was updated for this update and now\n specifically notes that 'Signals ignored upon entry to\n the shell cannot be trapped, reset or listed'.\n\n - Bash's readline incorrectly displayed additional text\n when resizing the terminal window when text spanned more\n than one line, which caused incorrect display output.\n This is now fixed to ensure that text in more than one\n line in a resized window displays as expected.\n\n - Previously, bash incorrectly displayed 'Broken pipe'\n messages for builtins like 'echo' and 'printf' when\n output did not succeed due to EPIPE. This is fixed to\n ensure that the unnecessary 'Broken pipe' messages no\n longer display.\n\n - Inserts with the repeat function were not possible after\n a deletion in vi-mode. This has been corrected and, with\n this update, the repeat function works as expected after\n a deletion.\n\n - In some situations, bash incorrectly appended '/' to\n files instead of just directories during tab-completion,\n causing incorrect auto-completions. This is fixed and\n auto-complete appends '/' only to directories.\n\n - Bash had a memory leak in the 'read' builtin when the\n number of fields being read was not equal to the number\n of variables passed as arguments, causing a shell script\n crash. This is fixed to prevent a memory leak and shell\n script crash.\n\n - /usr/share/doc/bash-3.2/loadables in the bash package\n contained source files which would not build due to\n missing C header files. With this update, the unusable\n (and unbuildable) source files were removed from the\n package.\n\nThis update also adds the following enhancement :\n\n - The system-wide '/etc/bash.bash_logout' bash logout file\n is now enabled. This allows administrators to write\n system-wide logout actions for all users.\n\nUsers of bash are advised to upgrade to this updated package, which\ncontains backported patches to resolve these issues and add this\nenhancement.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1108&L=scientific-linux-errata&T=0&P=673\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?20be3010\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected bash package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(59);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"bash-3.2-32.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:24:36", "description": "Updated bash packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nBash (Bourne-again shell) is the default shell for Red Hat Enterprise Linux.\n\nIt was found that certain scripts bundled with the Bash documentation created temporary files in an insecure way. A malicious, local user could use this flaw to conduct a symbolic link attack, allowing them to overwrite the contents of arbitrary files accessible to the victim running the scripts. (CVE-2008-5374)\n\nThis update also fixes the following bugs :\n\n* If a child process's PID was the same as the PID of a previously ended child process, Bash did not wait for that child process. In some cases this caused 'Resource temporarily unavailable' errors. With this update, Bash recycles PIDs and waits for processes with recycled PIDs.\n(BZ#521134)\n\n* Bash's built-in 'read' command had a memory leak when 'read' failed due to no input (pipe for stdin). With this update, the memory is correctly freed. (BZ#537029)\n\n* Bash did not correctly check for a valid multi-byte string when setting the IFS value, causing Bash to crash. With this update, Bash checks the multi-byte string and no longer crashes. (BZ#539536)\n\n* Bash incorrectly set locale settings when using the built-in 'export' command and setting the locale on the same line (for example, with 'LC_ALL=C export LC_ALL'). With this update, Bash correctly sets locale settings. (BZ#539538)\n\nAll bash users should upgrade to these updated packages, which contain backported patches to correct these issues.", "cvss3": {}, "published": "2011-02-17T00:00:00", "type": "nessus", "title": "RHEL 4 : bash (RHSA-2011:0261)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5374"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:bash", "cpe:/o:redhat:enterprise_linux:4"], "id": "REDHAT-RHSA-2011-0261.NASL", "href": "https://www.tenable.com/plugins/nessus/52008", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:0261. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(52008);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-5374\");\n script_bugtraq_id(32733);\n script_xref(name:\"RHSA\", value:\"2011:0261\");\n\n script_name(english:\"RHEL 4 : bash (RHSA-2011:0261)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated bash packages that fix one security issue and several bugs are\nnow available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nBash (Bourne-again shell) is the default shell for Red Hat Enterprise\nLinux.\n\nIt was found that certain scripts bundled with the Bash documentation\ncreated temporary files in an insecure way. A malicious, local user\ncould use this flaw to conduct a symbolic link attack, allowing them\nto overwrite the contents of arbitrary files accessible to the victim\nrunning the scripts. (CVE-2008-5374)\n\nThis update also fixes the following bugs :\n\n* If a child process's PID was the same as the PID of a previously\nended child process, Bash did not wait for that child process. In some\ncases this caused 'Resource temporarily unavailable' errors. With this\nupdate, Bash recycles PIDs and waits for processes with recycled PIDs.\n(BZ#521134)\n\n* Bash's built-in 'read' command had a memory leak when 'read' failed\ndue to no input (pipe for stdin). With this update, the memory is\ncorrectly freed. (BZ#537029)\n\n* Bash did not correctly check for a valid multi-byte string when\nsetting the IFS value, causing Bash to crash. With this update, Bash\nchecks the multi-byte string and no longer crashes. (BZ#539536)\n\n* Bash incorrectly set locale settings when using the built-in\n'export' command and setting the locale on the same line (for example,\nwith 'LC_ALL=C export LC_ALL'). With this update, Bash correctly sets\nlocale settings. (BZ#539538)\n\nAll bash users should upgrade to these updated packages, which contain\nbackported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5374\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:0261\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected bash package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(59);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/02/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:0261\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"bash-3.0-27.el4\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bash\");\n }\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:35:51", "description": "An updated bash package that fixes one security issue, several bugs, and adds one enhancement is now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nBash is the default shell for Red Hat Enterprise Linux.\n\nIt was found that certain scripts bundled with the Bash documentation created temporary files in an insecure way. A malicious, local user could use this flaw to conduct a symbolic link attack, allowing them to overwrite the contents of arbitrary files accessible to the victim running the scripts. (CVE-2008-5374)\n\nThis update fixes the following bugs :\n\n* When using the source builtin at location '.', occasionally, bash opted to preserve internal consistency and abort scripts. This caused bash to abort scripts that assigned values to read-only variables.\nThis is now fixed to ensure that such scripts are now executed as written and not aborted. (BZ#448508)\n\n* When the tab key was pressed for auto-completion options for the typed text, the cursor moved to an unexpected position on a previous line if the prompt contained characters that cannot be viewed and a '\\]'. This is now fixed to retain the cursor at the expected position at the end of the target line after autocomplete options correctly display. (BZ#463880)\n\n* Bash attempted to interpret the NOBITS .dynamic section of the ELF header. This resulted in a '^D: bad ELF interpreter: No such file or directory' message. This is fixed to ensure that the invalid '^D' does not appear in the error message. (BZ#484809)\n\n* The $RANDOM variable in Bash carried over values from a previous execution for later jobs. This is fixed and the $RANDOM variable generates a new random number for each use. (BZ#492908)\n\n* When Bash ran a shell script with an embedded null character, bash's source builtin parsed the script incorrectly. This is fixed and bash's source builtin correctly parses shell script null characters.\n(BZ#503701)\n\n* The bash manual page for 'trap' did not mention that signals ignored upon entry cannot be listed later. The manual page was updated for this update and now specifically notes that 'Signals ignored upon entry to the shell cannot be trapped, reset or listed'. (BZ#504904)\n\n* Bash's readline incorrectly displayed additional text when resizing the terminal window when text spanned more than one line, which caused incorrect display output. This is now fixed to ensure that text in more than one line in a resized window displays as expected.\n(BZ#525474)\n\n* Previously, bash incorrectly displayed 'Broken pipe' messages for builtins like 'echo' and 'printf' when output did not succeed due to EPIPE. This is fixed to ensure that the unnecessary 'Broken pipe' messages no longer display. (BZ#546529)\n\n* Inserts with the repeat function were not possible after a deletion in vi-mode. This has been corrected and, with this update, the repeat function works as expected after a deletion. (BZ#575076)\n\n* In some situations, bash incorrectly appended '/' to files instead of just directories during tab-completion, causing incorrect auto-completions. This is fixed and auto-complete appends '/' only to directories. (BZ#583919)\n\n* Bash had a memory leak in the 'read' builtin when the number of fields being read was not equal to the number of variables passed as arguments, causing a shell script crash. This is fixed to prevent a memory leak and shell script crash. (BZ#618393)\n\n* /usr/share/doc/bash-3.2/loadables in the bash package contained source files which would not build due to missing C header files. With this update, the unusable (and unbuildable) source files were removed from the package. (BZ#663656)\n\nThis update also adds the following enhancement :\n\n* The system-wide '/etc/bash.bash_logout' bash logout file is now enabled. This allows administrators to write system-wide logout actions for all users. (BZ#592979)\n\nUsers of bash are advised to upgrade to this updated package, which contains backported patches to resolve these issues and add this enhancement.", "cvss3": {}, "published": "2011-09-23T00:00:00", "type": "nessus", "title": "CentOS 5 : bash (CESA-2011:1073)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5374"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:bash", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2011-1073.NASL", "href": "https://www.tenable.com/plugins/nessus/56266", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1073 and \n# CentOS Errata and Security Advisory 2011:1073 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56266);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2008-5374\");\n script_bugtraq_id(32733);\n script_xref(name:\"RHSA\", value:\"2011:1073\");\n\n script_name(english:\"CentOS 5 : bash (CESA-2011:1073)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated bash package that fixes one security issue, several bugs,\nand adds one enhancement is now available for Red Hat Enterprise Linux\n5.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nBash is the default shell for Red Hat Enterprise Linux.\n\nIt was found that certain scripts bundled with the Bash documentation\ncreated temporary files in an insecure way. A malicious, local user\ncould use this flaw to conduct a symbolic link attack, allowing them\nto overwrite the contents of arbitrary files accessible to the victim\nrunning the scripts. (CVE-2008-5374)\n\nThis update fixes the following bugs :\n\n* When using the source builtin at location '.', occasionally, bash\nopted to preserve internal consistency and abort scripts. This caused\nbash to abort scripts that assigned values to read-only variables.\nThis is now fixed to ensure that such scripts are now executed as\nwritten and not aborted. (BZ#448508)\n\n* When the tab key was pressed for auto-completion options for the\ntyped text, the cursor moved to an unexpected position on a previous\nline if the prompt contained characters that cannot be viewed and a\n'\\]'. This is now fixed to retain the cursor at the expected position\nat the end of the target line after autocomplete options correctly\ndisplay. (BZ#463880)\n\n* Bash attempted to interpret the NOBITS .dynamic section of the ELF\nheader. This resulted in a '^D: bad ELF interpreter: No such file or\ndirectory' message. This is fixed to ensure that the invalid '^D' does\nnot appear in the error message. (BZ#484809)\n\n* The $RANDOM variable in Bash carried over values from a previous\nexecution for later jobs. This is fixed and the $RANDOM variable\ngenerates a new random number for each use. (BZ#492908)\n\n* When Bash ran a shell script with an embedded null character, bash's\nsource builtin parsed the script incorrectly. This is fixed and bash's\nsource builtin correctly parses shell script null characters.\n(BZ#503701)\n\n* The bash manual page for 'trap' did not mention that signals ignored\nupon entry cannot be listed later. The manual page was updated for\nthis update and now specifically notes that 'Signals ignored upon\nentry to the shell cannot be trapped, reset or listed'. (BZ#504904)\n\n* Bash's readline incorrectly displayed additional text when resizing\nthe terminal window when text spanned more than one line, which caused\nincorrect display output. This is now fixed to ensure that text in\nmore than one line in a resized window displays as expected.\n(BZ#525474)\n\n* Previously, bash incorrectly displayed 'Broken pipe' messages for\nbuiltins like 'echo' and 'printf' when output did not succeed due to\nEPIPE. This is fixed to ensure that the unnecessary 'Broken pipe'\nmessages no longer display. (BZ#546529)\n\n* Inserts with the repeat function were not possible after a deletion\nin vi-mode. This has been corrected and, with this update, the repeat\nfunction works as expected after a deletion. (BZ#575076)\n\n* In some situations, bash incorrectly appended '/' to files instead\nof just directories during tab-completion, causing incorrect\nauto-completions. This is fixed and auto-complete appends '/' only to\ndirectories. (BZ#583919)\n\n* Bash had a memory leak in the 'read' builtin when the number of\nfields being read was not equal to the number of variables passed as\narguments, causing a shell script crash. This is fixed to prevent a\nmemory leak and shell script crash. (BZ#618393)\n\n* /usr/share/doc/bash-3.2/loadables in the bash package contained\nsource files which would not build due to missing C header files. With\nthis update, the unusable (and unbuildable) source files were removed\nfrom the package. (BZ#663656)\n\nThis update also adds the following enhancement :\n\n* The system-wide '/etc/bash.bash_logout' bash logout file is now\nenabled. This allows administrators to write system-wide logout\nactions for all users. (BZ#592979)\n\nUsers of bash are advised to upgrade to this updated package, which\ncontains backported patches to resolve these issues and add this\nenhancement.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-September/017760.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?374d8eac\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-September/017767.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3a4b63d2\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2011-September/000004.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5a942937\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2011-September/000005.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d6cdeb89\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected bash package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(59);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/09/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"bash-3.2-32.el5\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bash\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:48:57", "description": "The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2011-2015 advisory.\n\n - The bcm_connect function in net/can/bcm.c (aka the Broadcast Manager) in the Controller Area Network (CAN) implementation in the Linux kernel 2.6.36 and earlier creates a publicly accessible file with a filename containing a kernel memory address, which allows local users to obtain potentially sensitive information about kernel memory use by listing this filename. (CVE-2010-4565)\n\n - Integer overflow in the ib_uverbs_poll_cq function in drivers/infiniband/core/uverbs_cmd.c in the Linux kernel before 2.6.37 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a large value of a certain structure member. (CVE-2010-4649)\n\n - The ima_lsm_rule_init function in security/integrity/ima/ima_policy.c in the Linux kernel before 2.6.37, when the Linux Security Modules (LSM) framework is disabled, allows local users to bypass Integrity Measurement Architecture (IMA) rules in opportunistic circumstances by leveraging an administrator's addition of an IMA rule for LSM. (CVE-2011-0006)\n\n - The xfs_fs_geometry function in fs/xfs/xfs_fsops.c in the Linux kernel before 2.6.38-rc6-git3 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an FSGEOMETRY_V1 ioctl call. (CVE-2011-0711)\n\n - Multiple buffer overflows in the caiaq Native Instruments USB audio functionality in the Linux kernel before 2.6.38-rc4-next-20110215 might allow attackers to cause a denial of service or possibly have unspecified other impact via a long USB device name, related to (1) the snd_usb_caiaq_audio_init function in sound/usb/caiaq/audio.c and (2) the snd_usb_caiaq_midi_init function in sound/usb/caiaq/midi.c.\n (CVE-2011-0712)\n\n - The do_task_stat function in fs/proc/array.c in the Linux kernel before 2.6.39-rc1 does not perform an expected uid check, which makes it easier for local users to defeat the ASLR protection mechanism by reading the start_code and end_code fields in the /proc/#####/stat file for a process executing a PIE binary. (CVE-2011-0726)\n\n - Integer signedness error in the drm_modeset_ctl function in (1) drivers/gpu/drm/drm_irq.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 2.6.38 and (2) sys/dev/pci/drm/drm_irq.c in the kernel in OpenBSD before 4.9 allows local users to trigger out-of-bounds write operations, and consequently cause a denial of service (system crash) or possibly have unspecified other impact, via a crafted num_crtcs (aka vb_num) structure member in an ioctl argument. (CVE-2011-1013)\n\n - The Radeon GPU drivers in the Linux kernel before 2.6.38-rc5 do not properly validate data related to the AA resolve registers, which allows local users to write to arbitrary memory locations associated with (1) Video RAM (aka VRAM) or (2) the Graphics Translation Table (GTT) via crafted values. (CVE-2011-1016)\n\n - The dev_load function in net/core/dev.c in the Linux kernel before 2.6.38 allows local users to bypass an intended CAP_SYS_MODULE capability requirement and load arbitrary modules by leveraging the CAP_NET_ADMIN capability. (CVE-2011-1019)\n\n - The ib_uverbs_poll_cq function in drivers/infiniband/core/uverbs_cmd.c in the Linux kernel before 2.6.37 does not initialize a certain response buffer, which allows local users to obtain potentially sensitive information from kernel memory via vectors that cause this buffer to be only partially filled, a different vulnerability than CVE-2010-4649. (CVE-2011-1044)\n\n - The bnep_sock_ioctl function in net/bluetooth/bnep/sock.c in the Linux kernel before 2.6.39 does not ensure that a certain device field ends with a '\\0' character, which allows local users to obtain potentially sensitive information from kernel stack memory, or cause a denial of service (BUG and system crash), via a BNEPCONNADD command. (CVE-2011-1079)\n\n - The do_replace function in net/bridge/netfilter/ebtables.c in the Linux kernel before 2.6.39 does not ensure that a certain name field ends with a '\\0' character, which allows local users to obtain potentially sensitive information from kernel stack memory by leveraging the CAP_NET_ADMIN capability to replace a table, and then reading a modprobe command line. (CVE-2011-1080)\n\n - The dccp_rcv_state_process function in net/dccp/input.c in the Datagram Congestion Control Protocol (DCCP) implementation in the Linux kernel before 2.6.38 does not properly handle packets for a CLOSED endpoint, which allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by sending a DCCP-Close packet followed by a DCCP-Reset packet. (CVE-2011-1093)\n\n - net/sctp/sm_make_chunk.c in the Linux kernel before 2.6.34, when addip_enable and auth_enable are used, does not consider the amount of zero padding during calculation of chunk lengths for (1) INIT and (2) INIT ACK chunks, which allows remote attackers to cause a denial of service (OOPS) via crafted packet data.\n (CVE-2011-1573)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2011-2015)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-4565", "CVE-2010-4649", "CVE-2011-0006", "CVE-2011-0711", "CVE-2011-0712", "CVE-2011-0726", "CVE-2011-1013", "CVE-2011-1016", "CVE-2011-1019", "CVE-2011-1044", "CVE-2011-1079", "CVE-2011-1080", "CVE-2011-1093", "CVE-2011-1573"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware", "p-cpe:/a:oracle:linux:kernel-uek-headers", "p-cpe:/a:oracle:linux:ofa-2.6.32-100.28.15.el5", "p-cpe:/a:oracle:linux:ofa-2.6.32-100.28.15.el5debug"], "id": "ORACLELINUX_ELSA-2011-2015.NASL", "href": "https://www.tenable.com/plugins/nessus/68416", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2011-2015.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68416);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2010-4565\",\n \"CVE-2010-4649\",\n \"CVE-2011-0006\",\n \"CVE-2011-0711\",\n \"CVE-2011-0712\",\n \"CVE-2011-0726\",\n \"CVE-2011-1013\",\n \"CVE-2011-1016\",\n \"CVE-2011-1019\",\n \"CVE-2011-1044\",\n \"CVE-2011-1080\",\n \"CVE-2011-1093\",\n \"CVE-2011-1573\"\n );\n\n script_name(english:\"Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2011-2015)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2011-2015 advisory.\n\n - The bcm_connect function in net/can/bcm.c (aka the Broadcast Manager) in the Controller Area Network (CAN)\n implementation in the Linux kernel 2.6.36 and earlier creates a publicly accessible file with a filename\n containing a kernel memory address, which allows local users to obtain potentially sensitive information\n about kernel memory use by listing this filename. (CVE-2010-4565)\n\n - Integer overflow in the ib_uverbs_poll_cq function in drivers/infiniband/core/uverbs_cmd.c in the Linux\n kernel before 2.6.37 allows local users to cause a denial of service (memory corruption) or possibly have\n unspecified other impact via a large value of a certain structure member. (CVE-2010-4649)\n\n - The ima_lsm_rule_init function in security/integrity/ima/ima_policy.c in the Linux kernel before 2.6.37,\n when the Linux Security Modules (LSM) framework is disabled, allows local users to bypass Integrity\n Measurement Architecture (IMA) rules in opportunistic circumstances by leveraging an administrator's\n addition of an IMA rule for LSM. (CVE-2011-0006)\n\n - The xfs_fs_geometry function in fs/xfs/xfs_fsops.c in the Linux kernel before 2.6.38-rc6-git3 does not\n initialize a certain structure member, which allows local users to obtain potentially sensitive\n information from kernel stack memory via an FSGEOMETRY_V1 ioctl call. (CVE-2011-0711)\n\n - Multiple buffer overflows in the caiaq Native Instruments USB audio functionality in the Linux kernel\n before 2.6.38-rc4-next-20110215 might allow attackers to cause a denial of service or possibly have\n unspecified other impact via a long USB device name, related to (1) the snd_usb_caiaq_audio_init function\n in sound/usb/caiaq/audio.c and (2) the snd_usb_caiaq_midi_init function in sound/usb/caiaq/midi.c.\n (CVE-2011-0712)\n\n - The do_task_stat function in fs/proc/array.c in the Linux kernel before 2.6.39-rc1 does not perform an\n expected uid check, which makes it easier for local users to defeat the ASLR protection mechanism by\n reading the start_code and end_code fields in the /proc/#####/stat file for a process executing a PIE\n binary. (CVE-2011-0726)\n\n - Integer signedness error in the drm_modeset_ctl function in (1) drivers/gpu/drm/drm_irq.c in the Direct\n Rendering Manager (DRM) subsystem in the Linux kernel before 2.6.38 and (2) sys/dev/pci/drm/drm_irq.c in\n the kernel in OpenBSD before 4.9 allows local users to trigger out-of-bounds write operations, and\n consequently cause a denial of service (system crash) or possibly have unspecified other impact, via a\n crafted num_crtcs (aka vb_num) structure member in an ioctl argument. (CVE-2011-1013)\n\n - The Radeon GPU drivers in the Linux kernel before 2.6.38-rc5 do not properly validate data related to the\n AA resolve registers, which allows local users to write to arbitrary memory locations associated with (1)\n Video RAM (aka VRAM) or (2) the Graphics Translation Table (GTT) via crafted values. (CVE-2011-1016)\n\n - The dev_load function in net/core/dev.c in the Linux kernel before 2.6.38 allows local users to bypass an\n intended CAP_SYS_MODULE capability requirement and load arbitrary modules by leveraging the CAP_NET_ADMIN\n capability. (CVE-2011-1019)\n\n - The ib_uverbs_poll_cq function in drivers/infiniband/core/uverbs_cmd.c in the Linux kernel before 2.6.37\n does not initialize a certain response buffer, which allows local users to obtain potentially sensitive\n information from kernel memory via vectors that cause this buffer to be only partially filled, a different\n vulnerability than CVE-2010-4649. (CVE-2011-1044)\n\n - The bnep_sock_ioctl function in net/bluetooth/bnep/sock.c in the Linux kernel before 2.6.39 does not\n ensure that a certain device field ends with a '\\0' character, which allows local users to obtain\n potentially sensitive information from kernel stack memory, or cause a denial of service (BUG and system\n crash), via a BNEPCONNADD command. (CVE-2011-1079)\n\n - The do_replace function in net/bridge/netfilter/ebtables.c in the Linux kernel before 2.6.39 does not\n ensure that a certain name field ends with a '\\0' character, which allows local users to obtain\n potentially sensitive information from kernel stack memory by leveraging the CAP_NET_ADMIN capability to\n replace a table, and then reading a modprobe command line. (CVE-2011-1080)\n\n - The dccp_rcv_state_process function in net/dccp/input.c in the Datagram Congestion Control Protocol (DCCP)\n implementation in the Linux kernel before 2.6.38 does not properly handle packets for a CLOSED endpoint,\n which allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by sending\n a DCCP-Close packet followed by a DCCP-Reset packet. (CVE-2011-1093)\n\n - net/sctp/sm_make_chunk.c in the Linux kernel before 2.6.34, when addip_enable and auth_enable are used,\n does not consider the amount of zero padding during calculation of chunk lengths for (1) INIT and (2) INIT\n ACK chunks, which allows remote attackers to cause a denial of service (OOPS) via crafted packet data.\n (CVE-2011-1573)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2011-2015.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2011-1013\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/11/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ofa-2.6.32-100.28.15.el5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ofa-2.6.32-100.28.15.el5debug\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 5 / 6', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['2.6.32-100.28.15.el5', '2.6.32-100.28.15.el6'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2011-2015');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '2.6';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-2.6.32-100.28.15.el5', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.32'},\n {'reference':'kernel-uek-debug-2.6.32-100.28.15.el5', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.32'},\n {'reference':'kernel-uek-debug-devel-2.6.32-100.28.15.el5', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.32'},\n {'reference':'kernel-uek-devel-2.6.32-100.28.15.el5', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.32'},\n {'reference':'kernel-uek-doc-2.6.32-100.28.15.el5', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-2.6.32'},\n {'reference':'kernel-uek-firmware-2.6.32-100.28.15.el5', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-2.6.32'},\n {'reference':'kernel-uek-headers-2.6.32-100.28.15.el5', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-headers-2.6.32'},\n {'reference':'ofa-2.6.32-100.28.15.el5-1.5.1-4.0.28', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ofa-2.6.32-100.28.15.el5debug-1.5.1-4.0.28', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-2.6.32-100.28.15.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.32'},\n {'reference':'kernel-uek-debug-2.6.32-100.28.15.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.32'},\n {'reference':'kernel-uek-debug-devel-2.6.32-100.28.15.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.32'},\n {'reference':'kernel-uek-devel-2.6.32-100.28.15.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.32'},\n {'reference':'kernel-uek-doc-2.6.32-100.28.15.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-2.6.32'},\n {'reference':'kernel-uek-firmware-2.6.32-100.28.15.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-2.6.32'},\n {'reference':'kernel-uek-headers-2.6.32-100.28.15.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-headers-2.6.32'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-18T14:27:41", "description": "It was discovered that the Stream Control Transmission Protocol (SCTP) implementation incorrectly calculated lengths. If the net.sctp.addip_enable variable was turned on, a remote attacker could send specially crafted traffic to crash the system. (CVE-2011-1573)\n\nRyan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service.\n(CVE-2011-1576)\n\nTimo Warns discovered that the EFI GUID partition table was not correctly parsed. A physically local attacker that could insert mountable devices could exploit this to crash the system or possibly gain root privileges. (CVE-2011-1776)\n\nDan Rosenberg discovered that the IPv4 diagnostic routines did not correctly validate certain requests. A local attacker could exploit this to consume CPU resources, leading to a denial of service.\n(CVE-2011-2213)\n\nVasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. (CVE-2011-2494)\n\nVasiliy Kulikov discovered that /proc/PID/io did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. (CVE-2011-2495)\n\nRobert Swiecki discovered that mapping extensions were incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2496)\n\nDan Rosenberg discovered that the Bluetooth stack incorrectly handled certain L2CAP requests. If a system was using Bluetooth, a remote attacker could send specially crafted traffic to crash the system or gain root privileges. (CVE-2011-2497)\n\nIt was discovered that the wireless stack incorrectly verified SSID lengths. A local attacker could exploit this to cause a denial of service or gain root privileges. (CVE-2011-2517)\n\nBen Pfaff discovered that Classless Queuing Disciplines (qdiscs) were being incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2525)\n\nIt was discovered that the EXT4 filesystem contained multiple off-by-one flaws. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2695)\n\nHerbert Xu discovered that certain fields were incorrectly handled when Generic Receive Offload (CVE-2011-2723)\n\nChristian Ohm discovered that the perf command looks for configuration files in the current directory. If a privileged user were tricked into running perf in a directory containing a malicious configuration file, an attacker could run arbitrary commands and possibly gain privileges. (CVE-2011-2905)\n\nVasiliy Kulikov discovered that the Comedi driver did not correctly clear memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2011-2909)\n\nTime Warns discovered that long symlinks were incorrectly handled on Be filesystems. A local attacker could exploit this with a malformed Be filesystem and crash the system, leading to a denial of service.\n(CVE-2011-2928)\n\nDan Kaminsky discovered that the kernel incorrectly handled random sequence number generation. An attacker could use this flaw to possibly predict sequence numbers and inject packets. (CVE-2011-3188)\n\nDarren Lavender discovered that the CIFS client incorrectly handled certain large values. A remote attacker with a malicious server could exploit this to crash the system or possibly execute arbitrary code as the root user. (CVE-2011-3191)\n\nYogesh Sharma discovered that CIFS did not correctly handle UNCs that had no prefixpaths. A local attacker with access to a CIFS partition could exploit this to crash the system, leading to a denial of service. (CVE-2011-3363)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2011-10-26T00:00:00", "type": "nessus", "title": "USN-1241-1 : linux-fsl-imx51 vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1573", "CVE-2011-1576", "CVE-2011-1776", "CVE-2011-2213", "CVE-2011-2494", "CVE-2011-2495", "CVE-2011-2496", "CVE-2011-2497", "CVE-2011-2517", "CVE-2011-2525", "CVE-2011-2695", "CVE-2011-2723", "CVE-2011-2905", "CVE-2011-2909", "CVE-2011-2928", "CVE-2011-3188", "CVE-2011-3191", "CVE-2011-3363"], "modified": "2016-12-01T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux"], "id": "UBUNTU_USN-1241-1.NASL", "href": "https://www.tenable.com/plugins/nessus/56640", "sourceData": "# This script was automatically generated from Ubuntu Security\n# Notice USN-1241-1. It is released under the Nessus Script \n# Licence.\n#\n# Ubuntu Security Notices are (C) Canonical, Inc.\n# See http://www.ubuntu.com/usn/\n# Ubuntu(R) is a registered trademark of Canonical, Inc.\n\nif (!defined_func(\"bn_random\")) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56640);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2016/12/01 20:56:51 $\");\n\n script_cve_id(\"CVE-2011-1573\", \"CVE-2011-1576\", \"CVE-2011-1776\", \"CVE-2011-2213\", \"CVE-2011-2494\", \"CVE-2011-2495\", \"CVE-2011-2496\", \"CVE-2011-2497\", \"CVE-2011-2517\", \"CVE-2011-2525\", \"CVE-2011-2695\", \"CVE-2011-2723\", \"CVE-2011-2905\", \"CVE-2011-2909\", \"CVE-2011-2928\", \"CVE-2011-3188\", \"CVE-2011-3191\", \"CVE-2011-3363\");\n script_xref(name:\"USN\", value:\"1241-1\");\n\n script_name(english:\"USN-1241-1 : linux-fsl-imx51 vulnerabilities\");\n script_summary(english:\"Checks dpkg output for updated package(s)\");\n\n script_set_attribute(attribute:\"synopsis\", value: \n\"The remote Ubuntu host is missing one or more security-related\npatches.\");\n script_set_attribute(attribute:\"description\", value:\n\"It was discovered that the Stream Control Transmission Protocol\n(SCTP) implementation incorrectly calculated lengths. If the\nnet.sctp.addip_enable variable was turned on, a remote attacker could\nsend specially crafted traffic to crash the system. (CVE-2011-1573)\n\nRyan Sweat discovered that the kernel incorrectly handled certain\nVLAN packets. On some systems, a remote attacker could send specially\ncrafted traffic to crash the system, leading to a denial of service.\n(CVE-2011-1576)\n\nTimo Warns discovered that the EFI GUID partition table was not\ncorrectly parsed. A physically local attacker that could insert\nmountable devices could exploit this to crash the system or possibly\ngain root privileges. (CVE-2011-1776)\n\nDan Rosenberg discovered that the IPv4 diagnostic routines did not\ncorrectly validate certain requests. A local attacker could exploit\nthis to consume CPU resources, leading to a denial of service.\n(CVE-2011-2213)\n\nVasiliy Kulikov discovered that taskstats did not enforce access\nrestrictions. A local attacker could exploit this to read certain\ninformation, leading to a loss of privacy. (CVE-2011-2494)\n\nVasiliy Kulikov discovered that /proc/PID/io did not enforce access\nrestrictions. A local attacker could exploit this to read certain\ninformation, leading to a loss of privacy. (CVE-2011-2495)\n\nRobert Swiecki discovered that mapping extensions were incorrectly\nhandled. A local attacker could exploit this to crash the system,\nleading to a denial of service. (CVE-2011-2496)\n\nDan Rosenberg discovered that the Bluetooth stack incorrectly handled\ncertain L2CAP requests. If a system was using Bluetooth, a remote\nattacker could send specially crafted traffic to crash the system or\ngain root privileges. (CVE-2011-2497)\n\nIt was discovered that the wireless stack incorrectly verified SSID\nlengths. A local attacker could exploit this to cause a denial of\nservice or gain root privileges. (CVE-2011-2517)\n\nBen Pfaff discovered that Classless Queuing Disciplines (qdiscs) were\nbeing incorrectly handled. A local attacker could exploit this to\ncrash the system, leading to a denial of service. (CVE-2011-2525)\n\nIt was discovered that the EXT4 filesystem contained multiple\noff-by-one flaws. A local attacker could exploit this to crash the\nsystem, leading to a denial of service. (CVE-2011-2695)\n\nHerbert Xu discovered that certain fields were incorrectly handled\nwhen Generic Receive Offload (CVE-2011-2723)\n\nChristian Ohm discovered that the perf command looks for\nconfiguration files in the current directory. If a privileged user\nwere tricked into running perf in a directory containing a malicious\nconfiguration file, an attacker could run arbitrary commands and\npossibly gain privileges. (CVE-2011-2905)\n\nVasiliy Kulikov discovered that the Comedi driver did not correctly\nclear memory. A local attacker could exploit this to read kernel\nstack memory, leading to a loss of privacy. (CVE-2011-2909)\n\nTime Warns discovered that long symlinks were incorrectly handled on\nBe filesystems. A local attacker could exploit this with a malformed\nBe filesystem and crash the system, leading to a denial of service.\n(CVE-2011-2928)\n\nDan Kaminsky discovered that the kernel incorrectly handled random\nsequence number generation. An attacker could use this flaw to\npossibly predict sequence numbers and inject packets. (CVE-2011-3188)\n\nDarren Lavender discovered that the CIFS client incorrectly handled\ncertain large values. A remote attacker with a malicious server could\nexploit this to crash the system or possibly execute arbitrary code\nas the root user. (CVE-2011-3191)\n\nYogesh Sharma discovered that CIFS did not correctly handle UNCs that\nhad no prefixpaths. A local attacker with access to a CIFS partition\ncould exploit this to crash the system, leading to a denial of\nservice. (CVE-2011-3363)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.ubuntu.com/usn/usn-1241-1/\");\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package(s).\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/25\");\n\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/26\");\n script_end_attributes();\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(\"Ubuntu Security Notice (C) 2011 Canonical, Inc. / NASL script (C) 2011-2016 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude(\"ubuntu.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/Ubuntu/release\")) exit(0, \"The host is not running Ubuntu.\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) exit(1, \"Could not obtain the list of installed packages.\");\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.31-611-imx51\", pkgver:\"2.6.31-611.29\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:ubuntu_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:51:08", "description": "From Red Hat Security Advisory 2011:0918 :\n\nUpdated curl packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\ncURL provides the libcurl library and a command line tool for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.\n\nIt was found that cURL always performed credential delegation when authenticating with GSSAPI. A rogue server could use this flaw to obtain the client's credentials and impersonate that client to other servers that are using GSSAPI. (CVE-2011-2192)\n\nUsers of curl should upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using libcurl must be restarted for the update to take effect.", "cvss3": {}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 4 / 5 / 6 : curl (ELSA-2011-0918)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2192"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:curl", "p-cpe:/a:oracle:linux:curl-devel", "p-cpe:/a:oracle:linux:libcurl", "p-cpe:/a:oracle:linux:libcurl-devel", "cpe:/o:oracle:linux:4", "cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2011-0918.NASL", "href": "https://www.tenable.com/plugins/nessus/68300", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2011:0918 and \n# Oracle Linux Security Advisory ELSA-2011-0918 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68300);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-2192\");\n script_bugtraq_id(48434);\n script_xref(name:\"RHSA\", value:\"2011:0918\");\n\n script_name(english:\"Oracle Linux 4 / 5 / 6 : curl (ELSA-2011-0918)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2011:0918 :\n\nUpdated curl packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 4, 5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\ncURL provides the libcurl library and a command line tool for\ndownloading files from servers using various protocols, including\nHTTP, FTP, and LDAP.\n\nIt was found that cURL always performed credential delegation when\nauthenticating with GSSAPI. A rogue server could use this flaw to\nobtain the client's credentials and impersonate that client to other\nservers that are using GSSAPI. (CVE-2011-2192)\n\nUsers of curl should upgrade to these updated packages, which contain\na backported patch to correct this issue. All running applications\nusing libcurl must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-July/002218.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-July/002219.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-July/002220.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:curl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/07/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4 / 5 / 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", reference:\"curl-7.12.1-17.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"curl-devel-7.12.1-17.el4\")) flag++;\n\nif (rpm_check(release:\"EL5\", reference:\"curl-7.15.5-9.el5_6.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"curl-devel-7.15.5-9.el5_6.3\")) flag++;\n\nif (rpm_check(release:\"EL6\", reference:\"curl-7.19.7-26.el6_1.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"libcurl-7.19.7-26.el6_1.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"libcurl-devel-7.19.7-26.el6_1.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl / curl-devel / libcurl / libcurl-devel\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T14:33:51", "description": "Updated curl packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\ncURL provides the libcurl library and a command line tool for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.\n\nIt was found that cURL always performed credential delegation when authenticating with GSSAPI. A rogue server could use this flaw to obtain the client's credentials and impersonate that client to other servers that are using GSSAPI. (CVE-2011-2192)\n\nUsers of curl should upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using libcurl must be restarted for the update to take effect.", "cvss3": {}, "published": "2011-07-06T00:00:00", "type": "nessus", "title": "CentOS 4 / 5 : curl (CESA-2011:0918)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2192"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:curl", "p-cpe:/a:centos:centos:curl-devel", "cpe:/o:centos:centos:4", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2011-0918.NASL", "href": "https://www.tenable.com/plugins/nessus/55515", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:0918 and \n# CentOS Errata and Security Advisory 2011:0918 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55515);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2011-2192\");\n script_bugtraq_id(48434);\n script_xref(name:\"RHSA\", value:\"2011:0918\");\n\n script_name(english:\"CentOS 4 / 5 : curl (CESA-2011:0918)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated curl packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 4, 5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\ncURL provides the libcurl library and a command line tool for\ndownloading files from servers using various protocols, including\nHTTP, FTP, and LDAP.\n\nIt was found that cURL always performed credential delegation when\nauthenticating with GSSAPI. A rogue server could use this flaw to\nobtain the client's credentials and impersonate that client to other\nservers that are using GSSAPI. (CVE-2011-2192)\n\nUsers of curl should upgrade to these updated packages, which contain\na backported patch to correct this issue. All running applications\nusing libcurl must be restarted for the update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-August/017669.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e0125226\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-August/017670.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9bd496c4\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-July/017641.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d738b6a8\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-July/017642.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?28ddfee8\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:curl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/07/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/07/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x / 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"curl-7.12.1-17.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"curl-7.12.1-17.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"curl-devel-7.12.1-17.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"curl-devel-7.12.1-17.el4\")) flag++;\n\nif (rpm_check(release:\"CentOS-5\", reference:\"curl-7.15.5-9.el5_6.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"curl-devel-7.15.5-9.el5_6.3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl / curl-devel\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T14:34:09", "description": "do not delegate GSSAPI credentials (CVE-2011-2192)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2011-07-05T00:00:00", "type": "nessus", "title": "Fedora 14 : curl-7.21.0-8.fc14 (2011-8640)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2192"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:curl", "cpe:/o:fedoraproject:fedora:14"], "id": "FEDORA_2011-8640.NASL", "href": "https://www.tenable.com/plugins/nessus/55497", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-8640.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55497);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-2192\");\n script_bugtraq_id(48434);\n script_xref(name:\"FEDORA\", value:\"2011-8640\");\n\n script_name(english:\"Fedora 14 : curl-7.21.0-8.fc14 (2011-8640)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"do not delegate GSSAPI credentials (CVE-2011-2192)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=711454\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-July/062287.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d367cf90\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:14\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/06/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/07/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^14([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 14.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC14\", reference:\"curl-7.21.0-8.fc14\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T14:34:05", "description": "Updated curl packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\ncURL provides the libcurl library and a command line tool for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.\n\nIt was found that cURL always performed credential delegation when authenticating with GSSAPI. A rogue server could use this flaw to obtain the client's credentials and impersonate that client to other servers that are using GSSAPI. (CVE-2011-2192)\n\nUsers of curl should upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using libcurl must be restarted for the update to take effect.", "cvss3": {}, "published": "2011-07-06T00:00:00", "type": "nessus", "title": "RHEL 4 / 5 / 6 : curl (RHSA-2011:0918)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2192"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:curl", "p-cpe:/a:redhat:enterprise_linux:curl-debuginfo", "p-cpe:/a:redhat:enterprise_linux:curl-devel", "p-cpe:/a:redhat:enterprise_linux:libcurl", "p-cpe:/a:redhat:enterprise_linux:libcurl-devel", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:4.8", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:5.6", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.1"], "id": "REDHAT-RHSA-2011-0918.NASL", "href": "https://www.tenable.com/plugins/nessus/55519", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:0918. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55519);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-2192\");\n script_bugtraq_id(48434);\n script_xref(name:\"RHSA\", value:\"2011:0918\");\n\n script_name(english:\"RHEL 4 / 5 / 6 : curl (RHSA-2011:0918)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated curl packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 4, 5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\ncURL provides the libcurl library and a command line tool for\ndownloading files from servers using various protocols, including\nHTTP, FTP, and LDAP.\n\nIt was found that cURL always performed credential delegation when\nauthenticating with GSSAPI. A rogue server could use this flaw to\nobtain the client's credentials and impersonate that client to other\nservers that are using GSSAPI. (CVE-2011-2192)\n\nUsers of curl should upgrade to these updated packages, which contain\na backported patch to correct this issue. All running applications\nusing libcurl must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2192\"\n );\n # http://curl.haxx.se/docs/adv_20110623.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://curl.haxx.se/docs/CVE-2011-2192.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:0918\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:curl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/07/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/07/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:0918\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"curl-7.12.1-17.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"curl-devel-7.12.1-17.el4\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", reference:\"curl-7.15.5-9.el5_6.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"curl-devel-7.15.5-9.el5_6.3\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"curl-7.19.7-26.el6_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"curl-7.19.7-26.el6_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"curl-7.19.7-26.el6_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"curl-debuginfo-7.19.7-26.el6_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"libcurl-7.19.7-26.el6_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"libcurl-devel-7.19.7-26.el6_1.1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl / curl-debuginfo / curl-devel / libcurl / libcurl-devel\");\n }\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T14:34:22", "description": "A vulnerability was discovered and corrected in curl :\n\nThe Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests (CVE-2011-2192).\n\nPackages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149 products_id=490\n\nThe updated packages have been patched to correct this issue.", "cvss3": {}, "published": "2011-07-25T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : curl (MDVSA-2011:116)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2192"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:curl", "p-cpe:/a:mandriva:linux:curl-examples", "p-cpe:/a:mandriva:linux:lib64curl-devel", "p-cpe:/a:mandriva:linux:lib64curl4", "p-cpe:/a:mandriva:linux:libcurl-devel", "p-cpe:/a:mandriva:linux:libcurl4", "cpe:/o:mandriva:linux:2009.0", "cpe:/o:mandriva:linux:2010.1"], "id": "MANDRIVA_MDVSA-2011-116.NASL", "href": "https://www.tenable.com/plugins/nessus/55664", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2011:116. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55664);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2011-2192\");\n script_bugtraq_id(48434);\n script_xref(name:\"MDVSA\", value:\"2011:116\");\n\n script_name(english:\"Mandriva Linux Security Advisory : curl (MDVSA-2011:116)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability was discovered and corrected in curl :\n\nThe Curl_input_negotiate function in http_negotiate.c in libcurl\n7.10.6 through 7.21.6, as used in curl and other products, always\nperforms credential delegation during GSSAPI authentication, which\nallows remote servers to impersonate clients via GSSAPI requests\n(CVE-2011-2192).\n\nPackages for 2009.0 are provided as of the Extended Maintenance\nProgram. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149 products_id=490\n\nThe updated packages have been patched to correct this issue.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:curl-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64curl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64curl4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libcurl4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/07/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2009.0\", reference:\"curl-7.19.0-2.5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"curl-examples-7.19.0-2.5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64curl-devel-7.19.0-2.5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64curl4-7.19.0-2.5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libcurl-devel-7.19.0-2.5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libcurl4-7.19.0-2.5mdv2009.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.1\", reference:\"curl-7.20.1-2.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"curl-examples-7.20.1-2.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64curl-devel-7.20.1-2.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64curl4-7.20.1-2.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libcurl-devel-7.20.1-2.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libcurl4-7.20.1-2.1mdv2010.2\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T14:34:28", "description": "Richard Silverman discovered that when doing GSSAPI authentication, libcurl unconditionally performs credential delegation. This hands the server a copy of the client's security credentials, allowing the server to impersonate the client to any other using the same GSSAPI mechanism. This is obviously a very sensitive operation, which should only be done when the user explicitly so directs.", "cvss3": {}, "published": "2011-07-05T00:00:00", "type": "nessus", "title": "Debian DSA-2271-1 : curl - improper delegation of client credentials", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2192"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:curl", "cpe:/o:debian:debian_linux:5.0", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DSA-2271.NASL", "href": "https://www.tenable.com/plugins/nessus/55491", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2271. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55491);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2011-2192\");\n script_xref(name:\"DSA\", value:\"2271\");\n\n script_name(english:\"Debian DSA-2271-1 : curl - improper delegation of client credentials\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Richard Silverman discovered that when doing GSSAPI authentication,\nlibcurl unconditionally performs credential delegation. This hands the\nserver a copy of the client's security credentials, allowing the\nserver to impersonate the client to any other using the same GSSAPI\nmechanism. This is obviously a very sensitive operation, which should\nonly be done when the user explicitly so directs.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/curl\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2011/dsa-2271\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the curl packages.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 7.18.2-8lenny5.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 7.21.0-2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/07/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"curl\", reference:\"7.18.2-8lenny5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"curl\", reference:\"7.21.0-2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libcurl3\", reference:\"7.21.0-2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libcurl3-dbg\", reference:\"7.21.0-2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libcurl3-gnutls\", reference:\"7.21.0-2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libcurl4-gnutls-dev\", reference:\"7.21.0-2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libcurl4-openssl-dev\", reference:\"7.21.0-2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T14:33:23", "description": "do not delegate GSSAPI credentials (CVE-2011-2192)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2011-06-27T00:00:00", "type": "nessus", "title": "Fedora 15 : curl-7.21.3-8.fc15 (2011-8586)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2192"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:curl", "cpe:/o:fedoraproject:fedora:15"], "id": "FEDORA_2011-8586.NASL", "href": "https://www.tenable.com/plugins/nessus/55426", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-8586.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55426);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-2192\");\n script_xref(name:\"FEDORA\", value:\"2011-8586\");\n\n script_name(english:\"Fedora 15 : curl-7.21.3-8.fc15 (2011-8586)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"do not delegate GSSAPI credentials (CVE-2011-2192)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=711454\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-June/061992.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1105ec23\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/06/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/06/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"curl-7.21.3-8.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-18T14:31:24", "description": "This update of curl disables GSSAPI to workaround CVE-2011-2192 (bnc#698796).", "cvss3": {}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : curl (openSUSE-SU-2012:0199-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2192"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:curl", "p-cpe:/a:novell:opensuse:curl-debuginfo", "p-cpe:/a:novell:opensuse:libcurl-devel", "p-cpe:/a:novell:opensuse:libcurl4", "p-cpe:/a:novell:opensuse:libcurl4-32bit", "p-cpe:/a:novell:opensuse:libcurl4-debuginfo", "p-cpe:/a:novell:opensuse:libcurl4-debuginfo-32bit", "cpe:/o:novell:opensuse:11.4"], "id": "SUSE_11_4_CURL-120131.NASL", "href": "https://www.tenable.com/plugins/nessus/75807", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update curl-5737.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75807);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-2192\");\n\n script_name(english:\"openSUSE Security Update : curl (openSUSE-SU-2012:0199-1)\");\n script_summary(english:\"Check for the curl-5737 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of curl disables GSSAPI to workaround CVE-2011-2192\n(bnc#698796).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=698796\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2012-02/msg00001.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"curl-7.21.2-10.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"curl-debuginfo-7.21.2-10.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libcurl-devel-7.21.2-10.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libcurl4-7.21.2-10.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libcurl4-debuginfo-7.21.2-10.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libcurl4-32bit-7.21.2-10.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libcurl4-debuginfo-32bit-7.21.2-10.13.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl / libcurl-devel / libcurl4 / libcurl4-32bit / curl-debuginfo / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-18T14:29:30", "description": "cURL reports :\n\nWhen doing GSSAPI authentication, libcurl unconditionally performs credential delegation. This hands the server a copy of the client's security credentials, allowing the server to impersonate the client to any other using the same GSSAPI mechanism.", "cvss3": {}, "published": "2014-04-16T00:00:00", "type": "nessus", "title": "FreeBSD : cURL -- inappropriate GSSAPI delegation (9aecb94c-c1ad-11e3-a5ac-001b21614864)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2192"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:curl", "p-cpe:/a:freebsd:freebsd:linux-f10-curl", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_9AECB94CC1AD11E3A5AC001B21614864.NASL", "href": "https://www.tenable.com/plugins/nessus/73551", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73551);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2011-2192\");\n\n script_name(english:\"FreeBSD : cURL -- inappropriate GSSAPI delegation (9aecb94c-c1ad-11e3-a5ac-001b21614864)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"cURL reports :\n\nWhen doing GSSAPI authentication, libcurl unconditionally performs\ncredential delegation. This hands the server a copy of the client's\nsecurity credentials, allowing the server to impersonate the client to\nany other using the same GSSAPI mechanism.\"\n );\n # http://curl.haxx.se/docs/adv_20110623.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://curl.haxx.se/docs/CVE-2011-2192.html\"\n );\n # https://vuxml.freebsd.org/freebsd/9aecb94c-c1ad-11e3-a5ac-001b21614864.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?930c9c70\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-f10-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/06/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"curl>=7.10.6<=7.21.6\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-f10-curl>=7.10.6<=7.21.6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T14:47:59", "description": "It was reported that the application always performs credential delegation when authenticating with GSSAPI. A rouge server could use this flaw to obtain the client's credentials and impersonate that client to other servers that are using GSSAPI. (CVE-2011-2192)\n\nAffected versions include versions 7.10.6 through 7.21.6.\n \nIAVA Reference : 2012-A-0020\nSTIG Finding Severity : Category I", "cvss3": {}, "published": "2013-07-03T00:00:00", "type": "nessus", "title": "cURL/libcURL GSS/Negotiate Feature Spoofing Security Vulnerability", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2192"], "modified": "2013-07-03T00:00:00", "cpe": [], "id": "801392.PRM", "href": "https://www.tenable.com/plugins/lce/801392", "sourceData": "Binary data 801392.prm", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T14:27:03", "description": "cURL provides the libcurl library and a command line tool for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.\n\nIt was found that cURL always performed credential delegation when authenticating with GSSAPI. A rogue server could use this flaw to obtain the client's credentials and impersonate that client to other servers that are using GSSAPI. (CVE-2011-2192)\n\nAll running applications using libcurl must be restarted for the update to take effect.", "cvss3": {}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : curl on SL4.x, SL5.x, SL6.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2192"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20110705_CURL_ON_SL4_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61078", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61078);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-2192\");\n\n script_name(english:\"Scientific Linux Security Update : curl on SL4.x, SL5.x, SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"cURL provides the libcurl library and a command line tool for\ndownloading files from servers using various protocols, including\nHTTP, FTP, and LDAP.\n\nIt was found that cURL always performed credential delegation when\nauthenticating with GSSAPI. A rogue server could use this flaw to\nobtain the client's credentials and impersonate that client to other\nservers that are using GSSAPI. (CVE-2011-2192)\n\nAll running applications using libcurl must be restarted for the\nupdate to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1107&L=scientific-linux-errata&T=0&P=296\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?63bba701\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"curl-7.12.1-17.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"curl-devel-7.12.1-17.el4\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"curl-7.15.5-9.el5_6.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"curl-devel-7.15.5-9.el5_6.3\")) flag++;\n\nif (rpm_check(release:\"SL6\", reference:\"curl-7.19.7-26.el6_1.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libcurl-7.19.7-26.el6_1.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libcurl-devel-7.19.7-26.el6_1.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T14:47:59", "description": "It was reported that the application always performs credential delegation when authenticating with GSSAPI. A rouge server could use this flaw to obtain the client's credentials and impersonate that client to other servers that are using GSSAPI. (CVE-2011-2192)\n\nAffected versions include versions 7.10.6 through 7.21.6.", "cvss3": {}, "published": "2013-07-03T00:00:00", "type": "nessus", "title": "cURL/libcURL GSS/Negotiate Feature Spoofing", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2192"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:curl:curl:*:*:*:*:*:*:*:*"], "id": "6904.PRM", "href": "https://www.tenable.com/plugins/nnm/6904", "sourceData": "Binary data 6904.prm", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-16T14:36:01", "description": "Timo Warns discovered that the LDM disk partition handling code did not correctly handle certain values. By inserting a specially crafted disk device, a local attacker could exploit this to gain root privileges. (CVE-2011-1017)\n\nNeil Horman discovered that NFSv4 did not correctly handle certain orders of operation with ACL data. A remote attacker with access to an NFSv4 mount could exploit this to crash the system, leading to a denial of service. (CVE-2011-1090)\n\nTimo Warns discovered that OSF partition parsing routines did not correctly clear memory. A local attacker with physical access could plug in a specially crafted block device to read kernel memory, leading to a loss of privacy. (CVE-2011-1163)\n\nDan Rosenberg discovered that MPT devices did not correctly validate certain values in ioctl calls. If these drivers were loaded, a local attacker could exploit this to read arbitrary kernel memory, leading to a loss of privacy. (CVE-2011-1494, CVE-2011-1495)\n\nTavis Ormandy discovered that the pidmap function did not correctly handle large requests. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-1593)\n\nOliver Hartkopp and Dave Jones discovered that the CAN network driver did not correctly validate certain socket structures. If this driver was loaded, a local attacker could crash the system, leading to a denial of service. (CVE-2011-1598, CVE-2011-1748)\n\nVasiliy Kulikov discovered that the AGP driver did not check certain ioctl values. A local attacker with access to the video subsystem could exploit this to crash the system, leading to a denial of service, or possibly gain root privileges. (CVE-2011-1745, CVE-2011-2022)\n\nVasiliy Kulikov discovered that the AGP driver did not check the size of certain memory allocations. A local attacker with access to the video subsystem could exploit this to run the system out of memory, leading to a denial of service. (CVE-2011-1746)\n\nDan Rosenberg reported an error in the old ABI compatibility layer of ARM kernels. A local attacker could exploit this flaw to cause a denial of service or gain root privileges. (CVE-2011-1759)\n\nDan Rosenberg discovered that the DCCP stack did not correctly handle certain packet structures. A remote attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-1770)\n\nTimo Warns discovered that the EFI GUID partition table was not correctly parsed. A physically local attacker that could insert mountable devices could exploit this to crash the system or possibly gain root privileges. (CVE-2011-1776)\n\nYogesh Sharma discovered that CIFS did not correctly handle UNCs that had no prefixpaths. A local attacker with access to a CIFS partition could exploit this to crash the system, leading to a denial of service. (CVE-2011-3363).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2011-07-18T00:00:00", "type": "nessus", "title": "Ubuntu 10.04 LTS : linux vulnerabilities (USN-1168-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1017", "CVE-2011-1090", "CVE-2011-1163", "CVE-2011-1494", "CVE-2011-1495", "CVE-2011-1593", "CVE-2011-1598", "CVE-2011-1745", "CVE-2011-1746", "CVE-2011-1747", "CVE-2011-1748", "CVE-2011-1759", "CVE-2011-1770", "CVE-2011-1776", "CVE-2011-2022", "CVE-2011-3363"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpia", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-preempt", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-versatile", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts"], "id": "UBUNTU_USN-1168-1.NASL", "href": "https://www.tenable.com/plugins/nessus/55606", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1168-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55606);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2011-1017\", \"CVE-2011-1090\", \"CVE-2011-1163\", \"CVE-2011-1494\", \"CVE-2011-1495\", \"CVE-2011-1593\", \"CVE-2011-1598\", \"CVE-2011-1745\", \"CVE-2011-1746\", \"CVE-2011-1747\", \"CVE-2011-1748\", \"CVE-2011-1759\", \"CVE-2011-1770\", \"CVE-2011-1776\", \"CVE-2011-2022\", \"CVE-2011-3363\");\n script_bugtraq_id(46512, 46766, 46878, 47185, 47497, 47503, 47534, 47535, 47769, 47832, 47835, 47843);\n script_xref(name:\"USN\", value:\"1168-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS : linux vulnerabilities (USN-1168-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Timo Warns discovered that the LDM disk partition handling code did\nnot correctly handle certain values. By inserting a specially crafted\ndisk device, a local attacker could exploit this to gain root\nprivileges. (CVE-2011-1017)\n\nNeil Horman discovered that NFSv4 did not correctly handle certain\norders of operation with ACL data. A remote attacker with access to an\nNFSv4 mount could exploit this to crash the system, leading to a\ndenial of service. (CVE-2011-1090)\n\nTimo Warns discovered that OSF partition parsing routines did not\ncorrectly clear memory. A local attacker with physical access could\nplug in a specially crafted block device to read kernel memory,\nleading to a loss of privacy. (CVE-2011-1163)\n\nDan Rosenberg discovered that MPT devices did not correctly validate\ncertain values in ioctl calls. If these drivers were loaded, a local\nattacker could exploit this to read arbitrary kernel memory, leading\nto a loss of privacy. (CVE-2011-1494, CVE-2011-1495)\n\nTavis Ormandy discovered that the pidmap function did not correctly\nhandle large requests. A local attacker could exploit this to crash\nthe system, leading to a denial of service. (CVE-2011-1593)\n\nOliver Hartkopp and Dave Jones discovered that the CAN network driver\ndid not correctly validate certain socket structures. If this driver\nwas loaded, a local attacker could crash the system, leading to a\ndenial of service. (CVE-2011-1598, CVE-2011-1748)\n\nVasiliy Kulikov discovered that the AGP driver did not check certain\nioctl values. A local attacker with access to the video subsystem\ncould exploit this to crash the system, leading to a denial of\nservice, or possibly gain root privileges. (CVE-2011-1745,\nCVE-2011-2022)\n\nVasiliy Kulikov discovered that the AGP driver did not check the size\nof certain memory allocations. A local attacker with access to the\nvideo subsystem could exploit this to run the system out of memory,\nleading to a denial of service. (CVE-2011-1746)\n\nDan Rosenberg reported an error in the old ABI compatibility layer of\nARM kernels. A local attacker could exploit this flaw to cause a\ndenial of service or gain root privileges. (CVE-2011-1759)\n\nDan Rosenberg discovered that the DCCP stack did not correctly handle\ncertain packet structures. A remote attacker could exploit this to\ncrash the system, leading to a denial of service. (CVE-2011-1770)\n\nTimo Warns discovered that the EFI GUID partition table was not\ncorrectly parsed. A physically local attacker that could insert\nmountable devices could exploit this to crash the system or possibly\ngain root privileges. (CVE-2011-1776)\n\nYogesh Sharma discovered that CIFS did not correctly handle UNCs that\nhad no prefixpaths. A local attacker with access to a CIFS partition\ncould exploit this to crash the system, leading to a denial of\nservice. (CVE-2011-3363).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1168-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpia\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-versatile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/03/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/07/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2011-1017\", \"CVE-2011-1090\", \"CVE-2011-1163\", \"CVE-2011-1494\", \"CVE-2011-1495\", \"CVE-2011-1593\", \"CVE-2011-1598\", \"CVE-2011-1745\", \"CVE-2011-1746\", \"CVE-2011-1747\", \"CVE-2011-1748\", \"CVE-2011-1759\", \"CVE-2011-1770\", \"CVE-2011-1776\", \"CVE-2011-2022\", \"CVE-2011-3363\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-1168-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-33-386\", pkgver:\"2.6.32-33.70\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-33-generic\", pkgver:\"2.6.32-33.70\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-33-generic-pae\", pkgver:\"2.6.32-33.70\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-33-lpia\", pkgver:\"2.6.32-33.70\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-33-preempt\", pkgver:\"2.6.32-33.70\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-33-server\", pkgver:\"2.6.32-33.70\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-33-versatile\", pkgver:\"2.6.32-33.70\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-33-virtual\", pkgver:\"2.6.32-33.70\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-2.6-386 / linux-image-2.6-generic / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-11T14:35:50", "description": "Updated libvirt packages that fix one security issue, several bugs and add various enhancements are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems.\n\nAn integer overflow flaw was found in libvirtd's RPC call handling. An attacker able to establish read-only connections to libvirtd could trigger this flaw by calling virDomainGetVcpus() with specially crafted parameters, causing libvirtd to crash. (CVE-2011-2511)\n\nThis update fixes the following bugs :\n\n* libvirt was rebased from version 0.6.3 to version 0.8.2 in Red Hat Enterprise Linux 5.6. A code audit found a minor API change that effected error messages seen by libvirt 0.8.2 clients talking to libvirt 0.7.1 - 0.7.7 (0.7.x) servers. A libvirt 0.7.x server could send VIR_ERR_BUILD_FIREWALL errors where a libvirt 0.8.2 client expected VIR_ERR_CONFIG_UNSUPPORTED errors. In other circumstances, a libvirt 0.8.2 client saw a 'Timed out during operation' message where it should see an 'Invalid network filter' error. This update adds a backported patch that allows libvirt 0.8.2 clients to interoperate with the API as used by libvirt 0.7.x servers, ensuring correct error messages are sent. (BZ#665075)\n\n* libvirt could crash if the maximum number of open file descriptors (_SC_OPEN_MAX) grew larger than the FD_SETSIZE value because it accessed file descriptors outside the bounds of the set. With this update the maximum number of open file descriptors can no longer grow larger than the FD_SETSIZE value. (BZ#665549)\n\n* A libvirt race condition was found. An array in the libvirt event handlers was accessed with a lock temporarily released. In rare cases, if one thread attempted to access this array but a second thread reallocated the array before the first thread reacquired a lock, it could lead to the first thread attempting to access freed memory, potentially causing libvirt to crash. With this update libvirt no longer refers to the old array and, consequently, behaves as expected.\n(BZ#671569)\n\n* Guests connected to a passthrough NIC would kernel panic if a system_reset signal was sent through the QEMU monitor. With this update you can reset such guests as expected. (BZ#689880)\n\n* When using the Xen kernel, the rpmbuild command failed on the xencapstest test. With this update you can run rpmbuild successfully when using the Xen kernel. (BZ#690459)\n\n* When a disk was hot unplugged, 'ret >= 0' was passed to the qemuAuditDisk calls in disk hotunplug operations before ret was, in fact, set to 0. As well, the error path jumped to the 'cleanup' label prematurely. As a consequence, hotunplug failures were not audited and hotunplug successes were audited as failures. This was corrected and hot unplugging checks now behave as expected. (BZ#710151)\n\n* A conflict existed between filter update locking sequences and virtual machine startup locking sequences. When a filter update occurred on one or more virtual machines, a deadlock could consequently occur if a virtual machine referencing a filter was started. This update changes and makes more flexible several qemu locking sequences ensuring this deadlock no longer occurs. (BZ#697749)\n\n* qemudDomainSaveImageStartVM closed some incoming file descriptor (fd) arguments without informing the caller. The consequent double-closes could cause Domain restoration failure. This update alters the qemudDomainSaveImageStartVM signature to prevent the double-closes. (BZ#681623)\n\nThis update also adds the following enhancements :\n\n* The libvirt Xen driver now supports more than one serial port.\n(BZ#670789)\n\n* Enabling and disabling the High Precision Event Timer (HPET) in Xen domains is now possible. (BZ#703193)\n\nAll libvirt users should install this update which addresses this vulnerability, fixes these bugs and adds these enhancements. After installing the updated packages, libvirtd must be restarted ('service libvirtd restart') for this update to take effect.", "cvss3": {}, "published": "2011-09-23T00:00:00", "type": "nessus", "title": "CentOS 5 : libvirt (CESA-2011:1019)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2511"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:libvirt", "p-cpe:/a:centos:centos:libvirt-devel", "p-cpe:/a:centos:centos:libvirt-python", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2011-1019.NASL", "href": "https://www.tenable.com/plugins/nessus/56264", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1019 and \n# CentOS Errata and Security Advisory 2011:1019 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56264);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2011-2511\");\n script_bugtraq_id(48478);\n script_xref(name:\"RHSA\", value:\"2011:1019\");\n\n script_name(english:\"CentOS 5 : libvirt (CESA-2011:1019)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated libvirt packages that fix one security issue, several bugs and\nadd various enhancements are now available for Red Hat Enterprise\nLinux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe libvirt library is a C API for managing and interacting with the\nvirtualization capabilities of Linux and other operating systems.\n\nAn integer overflow flaw was found in libvirtd's RPC call handling. An\nattacker able to establish read-only connections to libvirtd could\ntrigger this flaw by calling virDomainGetVcpus() with specially\ncrafted parameters, causing libvirtd to crash. (CVE-2011-2511)\n\nThis update fixes the following bugs :\n\n* libvirt was rebased from version 0.6.3 to version 0.8.2 in Red Hat\nEnterprise Linux 5.6. A code audit found a minor API change that\neffected error messages seen by libvirt 0.8.2 clients talking to\nlibvirt 0.7.1 - 0.7.7 (0.7.x) servers. A libvirt 0.7.x server could\nsend VIR_ERR_BUILD_FIREWALL errors where a libvirt 0.8.2 client\nexpected VIR_ERR_CONFIG_UNSUPPORTED errors. In other circumstances, a\nlibvirt 0.8.2 client saw a 'Timed out during operation' message where\nit should see an 'Invalid network filter' error. This update adds a\nbackported patch that allows libvirt 0.8.2 clients to interoperate\nwith the API as used by libvirt 0.7.x servers, ensuring correct error\nmessages are sent. (BZ#665075)\n\n* libvirt could crash if the maximum number of open file descriptors\n(_SC_OPEN_MAX) grew larger than the FD_SETSIZE value because it\naccessed file descriptors outside the bounds of the set. With this\nupdate the maximum number of open file descriptors can no longer grow\nlarger than the FD_SETSIZE value. (BZ#665549)\n\n* A libvirt race condition was found. An array in the libvirt event\nhandlers was accessed with a lock temporarily released. In rare cases,\nif one thread attempted to access this array but a second thread\nreallocated the array before the first thread reacquired a lock, it\ncould lead to the first thread attempting to access freed memory,\npotentially causing libvirt to crash. With this update libvirt no\nlonger refers to the old array and, consequently, behaves as expected.\n(BZ#671569)\n\n* Guests connected to a passthrough NIC would kernel panic if a\nsystem_reset signal was sent through the QEMU monitor. With this\nupdate you can reset such guests as expected. (BZ#689880)\n\n* When using the Xen kernel, the rpmbuild command failed on the\nxencapstest test. With this update you can run rpmbuild successfully\nwhen using the Xen kernel. (BZ#690459)\n\n* When a disk was hot unplugged, 'ret >= 0' was passed to the\nqemuAuditDisk calls in disk hotunplug operations before ret was, in\nfact, set to 0. As well, the error path jumped to the 'cleanup' label\nprematurely. As a consequence, hotunplug failures were not audited and\nhotunplug successes were audited as failures. This was corrected and\nhot unplugging checks now behave as expected. (BZ#710151)\n\n* A conflict existed between filter update locking sequences and\nvirtual machine startup locking sequences. When a filter update\noccurred on one or more virtual machines, a deadlock could\nconsequently occur if a virtual machine referencing a filter was\nstarted. This update changes and makes more flexible several qemu\nlocking sequences ensuring this deadlock no longer occurs. (BZ#697749)\n\n* qemudDomainSaveImageStartVM closed some incoming file descriptor\n(fd) arguments without informing the caller. The consequent\ndouble-closes could cause Domain restoration failure. This update\nalters the qemudDomainSaveImageStartVM signature to prevent the\ndouble-closes. (BZ#681623)\n\nThis update also adds the following enhancements :\n\n* The libvirt Xen driver now supports more than one serial port.\n(BZ#670789)\n\n* Enabling and disabling the High Precision Event Timer (HPET) in Xen\ndomains is now possible. (BZ#703193)\n\nAll libvirt users should install this update which addresses this\nvulnerability, fixes these bugs and adds these enhancements. After\ninstalling the updated packages, libvirtd must be restarted ('service\nlibvirtd restart') for this update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-September/017880.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c493068e\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-September/017881.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a4748c16\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2011-September/000078.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4dae684f\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2011-September/000079.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3e1882ef\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libvirt packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/08/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/09/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"libvirt-0.8.2-22.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"libvirt-devel-0.8.2-22.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"libvirt-python-0.8.2-22.el5\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvirt / libvirt-devel / libvirt-python\");\n}\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:38:01", "description": "Updated libvirt packages that fix one security issue, several bugs and add various enhancements are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems.\n\nAn integer overflow flaw was found in libvirtd's RPC call handling. An attacker able to establish read-only connections to libvirtd could trigger this flaw by calling virDomainGetVcpus() with specially crafted parameters, causing libvirtd to crash. (CVE-2011-2511)\n\nThis update fixes the following bugs :\n\n* libvirt was rebased from version 0.6.3 to version 0.8.2 in Red Hat Enterprise Linux 5.6. A code audit found a minor API change that effected error messages seen by libvirt 0.8.2 clients talking to libvirt 0.7.1 - 0.7.7 (0.7.x) servers. A libvirt 0.7.x server could send VIR_ERR_BUILD_FIREWALL errors where a libvirt 0.8.2 client expected VIR_ERR_CONFIG_UNSUPPORTED errors. In other circumstances, a libvirt 0.8.2 client saw a 'Timed out during operation' message where it should see an 'Invalid network filter' error. This update adds a backported patch that allows libvirt 0.8.2 clients to interoperate with the API as used by libvirt 0.7.x servers, ensuring correct error messages are sent. (BZ#665075)\n\n* libvirt could crash if the maximum number of open file descriptors (_SC_OPEN_MAX) grew larger than the FD_SETSIZE value because it accessed file descriptors outside the bounds of the set. With this update the maximum number of open file descriptors can no longer grow larger than the FD_SETSIZE value. (BZ#665549)\n\n* A libvirt race condition was found. An array in the libvirt event handlers was accessed with a lock temporarily released. In rare cases, if one thread attempted to access this array but a second thread reallocated the array before the first thread reacquired a lock, it could lead to the first thread attempting to access freed memory, potentially causing libvirt to crash. With this update libvirt no longer refers to the old array and, consequently, behaves as expected.\n(BZ#671569)\n\n* Guests connected to a passthrough NIC would kernel panic if a system_reset signal was sent through the QEMU monitor. With this update you can reset such guests as expected. (BZ#689880)\n\n* When using the Xen kernel, the rpmbuild command failed on the xencapstest test. With this update you can run rpmbuild successfully when using the Xen kernel. (BZ#690459)\n\n* When a disk was hot unplugged, 'ret >= 0' was passed to the qemuAuditDisk calls in disk hotunplug operations before ret was, in fact, set to 0. As well, the error path jumped to the 'cleanup' label prematurely. As a consequence, hotunplug failures were not audited and hotunplug successes were audited as failures. This was corrected and hot unplugging checks now behave as expected. (BZ#710151)\n\n* A conflict existed between filter update locking sequences and virtual machine startup locking sequences. When a filter update occurred on one or more virtual machines, a deadlock could consequently occur if a virtual machine referencing a filter was started. This update changes and makes more flexible several qemu locking sequences ensuring this deadlock no longer occurs. (BZ#697749)\n\n* qemudDomainSaveImageStartVM closed some incoming file descriptor (fd) arguments without informing the caller. The consequent double-closes could cause Domain restoration failure. This update alters the qemudDomainSaveImageStartVM signature to prevent the double-closes. (BZ#681623)\n\nThis update also adds the following enhancements :\n\n* The libvirt Xen driver now supports more than one serial port.\n(BZ#670789)\n\n* Enabling and disabling the High Precision Event Timer (HPET) in Xen domains is now possible. (BZ#703193)\n\nAll libvirt users should install this update which addresses this vulnerability, fixes these bugs and adds these enhancements. After installing the updated packages, libvirtd must be restarted ('service libvirtd restart') for this update to take effect.", "cvss3": {}, "published": "2013-01-24T00:00:00", "type": "nessus", "title": "RHEL 5 : libvirt (RHSA-2011:1019)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2511"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:libvirt", "p-cpe:/a:redhat:enterprise_linux:libvirt-devel", "p-cpe:/a:redhat:enterprise_linux:libvirt-python", "cpe:/o:redhat:enterprise_linux:5"], "id": "REDHAT-RHSA-2011-1019.NASL", "href": "https://www.tenable.com/plugins/nessus/63993", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1019. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63993);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-2511\");\n script_bugtraq_id(48478);\n script_xref(name:\"RHSA\", value:\"2011:1019\");\n\n script_name(english:\"RHEL 5 : libvirt (RHSA-2011:1019)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated libvirt packages that fix one security issue, several bugs and\nadd various enhancements are now available for Red Hat Enterprise\nLinux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe libvirt library is a C API for managing and interacting with the\nvirtualization capabilities of Linux and other operating systems.\n\nAn integer overflow flaw was found in libvirtd's RPC call handling. An\nattacker able to establish read-only connections to libvirtd could\ntrigger this flaw by calling virDomainGetVcpus() with specially\ncrafted parameters, causing libvirtd to crash. (CVE-2011-2511)\n\nThis update fixes the following bugs :\n\n* libvirt was rebased from version 0.6.3 to version 0.8.2 in Red Hat\nEnterprise Linux 5.6. A code audit found a minor API change that\neffected error messages seen by libvirt 0.8.2 clients talking to\nlibvirt 0.7.1 - 0.7.7 (0.7.x) servers. A libvirt 0.7.x server could\nsend VIR_ERR_BUILD_FIREWALL errors where a libvirt 0.8.2 client\nexpected VIR_ERR_CONFIG_UNSUPPORTED errors. In other circumstances, a\nlibvirt 0.8.2 client saw a 'Timed out during operation' message where\nit should see an 'Invalid network filter' error. This update adds a\nbackported patch that allows libvirt 0.8.2 clients to interoperate\nwith the API as used by libvirt 0.7.x servers, ensuring correct error\nmessages are sent. (BZ#665075)\n\n* libvirt could crash if the maximum number of open file descriptors\n(_SC_OPEN_MAX) grew larger than the FD_SETSIZE value because it\naccessed file descriptors outside the bounds of the set. With this\nupdate the maximum number of open file descriptors can no longer grow\nlarger than the FD_SETSIZE value. (BZ#665549)\n\n* A libvirt race condition was found. An array in the libvirt event\nhandlers was accessed with a lock temporarily released. In rare cases,\nif one thread attempted to access this array but a second thread\nreallocated the array before the first thread reacquired a lock, it\ncould lead to the first thread attempting to access freed memory,\npotentially causing libvirt to crash. With this update libvirt no\nlonger refers to the old array and, consequently, behaves as expected.\n(BZ#671569)\n\n* Guests connected to a passthrough NIC would kernel panic if a\nsystem_reset signal was sent through the QEMU monitor. With this\nupdate you can reset such guests as expected. (BZ#689880)\n\n* When using the Xen kernel, the rpmbuild command failed on the\nxencapstest test. With this update you can run rpmbuild successfully\nwhen using the Xen kernel. (BZ#690459)\n\n* When a disk was hot unplugged, 'ret >= 0' was passed to the\nqemuAuditDisk calls in disk hotunplug operations before ret was, in\nfact, set to 0. As well, the error path jumped to the 'cleanup' label\nprematurely. As a consequence, hotunplug failures were not audited and\nhotunplug successes were audited as failures. This was corrected and\nhot unplugging checks now behave as expected. (BZ#710151)\n\n* A conflict existed between filter update locking sequences and\nvirtual machine startup locking sequences. When a filter update\noccurred on one or more virtual machines, a deadlock could\nconsequently occur if a virtual machine referencing a filter was\nstarted. This update changes and makes more flexible several qemu\nlocking sequences ensuring this deadlock no longer occurs. (BZ#697749)\n\n* qemudDomainSaveImageStartVM closed some incoming file descriptor\n(fd) arguments without informing the caller. The consequent\ndouble-closes could cause Domain restoration failure. This update\nalters the qemudDomainSaveImageStartVM signature to prevent the\ndouble-closes. (BZ#681623)\n\nThis update also adds the following enhancements :\n\n* The libvirt Xen driver now supports more than one serial port.\n(BZ#670789)\n\n* Enabling and disabling the High Precision Event Timer (HPET) in Xen\ndomains is now possible. (BZ#703193)\n\nAll libvirt users should install this update which addresses this\nvulnerability, fixes these bugs and adds these enhancements. After\ninstalling the updated packages, libvirtd must be restarted ('service\nlibvirtd restart') for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2511\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:1019\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected libvirt, libvirt-devel and / or libvirt-python\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/08/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:1019\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"libvirt-0.8.2-22.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"libvirt-0.8.2-22.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"libvirt-devel-0.8.2-22.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"libvirt-devel-0.8.2-22.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"libvirt-python-0.8.2-22.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"libvirt-python-0.8.2-22.el5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvirt / libvirt-devel / libvirt-python\");\n }\n}\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:39:46", "description": "libvirtd could crash if bogus parameters where passed to the VirDomainGetVcpus call. (CVE-2011-2511)", "cvss3": {}, "published": "2011-12-13T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : libvirt (ZYPP Patch Number 7616)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2511"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_LIBVIRT-7616.NASL", "href": "https://www.tenable.com/plugins/nessus/57222", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57222);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-2511\");\n\n script_name(english:\"SuSE 10 Security Update : libvirt (ZYPP Patch Number 7616)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"libvirtd could crash if bogus parameters where passed to the\nVirDomainGetVcpus call. (CVE-2011-2511)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2511.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7616.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"libvirt-0.3.3-18.22.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"libvirt-python-0.3.3-18.22.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"libvirt-0.3.3-18.22.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"libvirt-devel-0.3.3-18.22.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"libvirt-python-0.3.3-18.22.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:34:56", "description": "Updated libvirt packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remotely managing virtualized systems.\n\nAn integer overflow flaw was found in libvirtd's RPC call handling. An attacker able to establish read-only connections to libvirtd could trigger this flaw by calling virDomainGetVcpus() with specially crafted parameters, causing libvirtd to crash. (CVE-2011-2511)\n\nThis update also fixes the following bugs :\n\n* Previously, when the 'virsh vol-create-from' command was run on an LVM (Logical Volume Manager) storage pool, performance of the command was very low and the operation consumed an excessive amount of time.\nThis bug has been fixed in the virStorageVolCreateXMLFrom() function, and the performance problem of the command no longer occurs.\n\n* Due to a regression, libvirt used undocumented command line options, instead of the recommended ones. Consequently, the qemu-img utility used an invalid argument while creating an encrypted volume, and the process eventually failed. With this update, the bug in the backing format of the storage back end has been fixed, and encrypted volumes can now be created as expected. (BZ#726617)\n\n* Due to a bug in the qemuAuditDisk() function, hot unplug failures were never audited, and a hot unplug success was audited as a failure.\nThis bug has been fixed, and auditing of disk hot unplug operations now works as expected. (BZ#728516)\n\n* Previously, when a debug process was being activated, the act of preparing a debug message ended up with dereferencing a UUID (universally unique identifier) prior to the NULL argument check.\nConsequently, an API running the debug process sometimes terminated with a segmentation fault. With this update, a patch has been provided to address this issue, and the crashes no longer occur in the described scenario. (BZ#728546)\n\n* The libvirt library uses the 'boot=on' option to mark which disk is bootable but it only uses that option if Qemu advertises its support.\nThe qemu-kvm utility in Red Hat Enterprise Linux 6.1 removed support for that option and libvirt could not use it. As a consequence, when an IDE disk was added as the second storage with a virtio disk being set up as the first one by default, the operating system tried to boot from the IDE disk rather than the virtio disk and either failed to boot with the 'No bootable disk' error message returned, or the system booted whatever operating system was on the IDE disk. With this update, the boot configuration is translated into bootindex, which provides control over which device is used for booting a guest operating system, thus fixing this bug.\n\nAll users of libvirt are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, libvirtd must be restarted ('service libvirtd restart') for this update to take effect.", "cvss3": {}, "published": "2011-08-24T00:00:00", "type": "nessus", "title": "RHEL 6 : libvirt (RHSA-2011:1197)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2511"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:libvirt", "p-cpe:/a:redhat:enterprise_linux:libvirt-client", "p-cpe:/a:redhat:enterprise_linux:libvirt-debuginfo", "p-cpe:/a:redhat:enterprise_linux:libvirt-devel", "p-cpe:/a:redhat:enterprise_linux:libvirt-python", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.1"], "id": "REDHAT-RHSA-2011-1197.NASL", "href": "https://www.tenable.com/plugins/nessus/55966", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1197. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55966);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-2511\");\n script_bugtraq_id(48478);\n script_xref(name:\"RHSA\", value:\"2011:1197\");\n\n script_name(english:\"RHEL 6 : libvirt (RHSA-2011:1197)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated libvirt packages that fix one security issue and several bugs\nare now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe libvirt library is a C API for managing and interacting with the\nvirtualization capabilities of Linux and other operating systems. In\naddition, libvirt provides tools for remotely managing virtualized\nsystems.\n\nAn integer overflow flaw was found in libvirtd's RPC call handling. An\nattacker able to establish read-only connections to libvirtd could\ntrigger this flaw by calling virDomainGetVcpus() with specially\ncrafted parameters, causing libvirtd to crash. (CVE-2011-2511)\n\nThis update also fixes the following bugs :\n\n* Previously, when the 'virsh vol-create-from' command was run on an\nLVM (Logical Volume Manager) storage pool, performance of the command\nwas very low and the operation consumed an excessive amount of time.\nThis bug has been fixed in the virStorageVolCreateXMLFrom() function,\nand the performance problem of the command no longer occurs.\n\n* Due to a regression, libvirt used undocumented command line options,\ninstead of the recommended ones. Consequently, the qemu-img utility\nused an invalid argument while creating an encrypted volume, and the\nprocess eventually failed. With this update, the bug in the backing\nformat of the storage back end has been fixed, and encrypted volumes\ncan now be created as expected. (BZ#726617)\n\n* Due to a bug in the qemuAuditDisk() function, hot unplug failures\nwere never audited, and a hot unplug success was audited as a failure.\nThis bug has been fixed, and auditing of disk hot unplug operations\nnow works as expected. (BZ#728516)\n\n* Previously, when a debug process was being activated, the act of\npreparing a debug message ended up with dereferencing a UUID\n(universally unique identifier) prior to the NULL argument check.\nConsequently, an API running the debug process sometimes terminated\nwith a segmentation fault. With this update, a patch has been provided\nto address this issue, and the crashes no longer occur in the\ndescribed scenario. (BZ#728546)\n\n* The libvirt library uses the 'boot=on' option to mark which disk is\nbootable but it only uses that option if Qemu advertises its support.\nThe qemu-kvm utility in Red Hat Enterprise Linux 6.1 removed support\nfor that option and libvirt could not use it. As a consequence, when\nan IDE disk was added as the second storage with a virtio disk being\nset up as the first one by default, the operating system tried to boot\nfrom the IDE disk rather than the virtio disk and either failed to\nboot with the 'No bootable disk' error message returned, or the system\nbooted whatever operating system was on the IDE disk. With this\nupdate, the boot configuration is translated into bootindex, which\nprovides control over which device is used for booting a guest\noperating system, thus fixing this bug.\n\nAll users of libvirt are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. After\ninstalling the updated packages, libvirtd must be restarted ('service\nlibvirtd restart') for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2511\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:1197\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/08/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:1197\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"libvirt-0.8.7-18.el6_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"libvirt-0.8.7-18.el6_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"libvirt-0.8.7-18.el6_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"libvirt-client-0.8.7-18.el6_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"libvirt-debuginfo-0.8.7-18.el6_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"libvirt-devel-0.8.7-18.el6_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"libvirt-python-0.8.7-18.el6_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"libvirt-python-0.8.7-18.el6_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"libvirt-python-0.8.7-18.el6_1.1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvirt / libvirt-client / libvirt-debuginfo / libvirt-devel / etc\");\n }\n}\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:35:08", "description": "libvirtd could crash if bogus parameters where passed to the VirDomainGetVcpus call. (CVE-2011-2511)", "cvss3": {}, "published": "2011-08-15T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : libvirt (ZYPP Patch Number 7613)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2511"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_LIBVIRT-7613.NASL", "href": "https://www.tenable.com/plugins/nessus/55850", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55850);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-2511\");\n\n script_name(english:\"SuSE 10 Security Update : libvirt (ZYPP Patch Number 7613)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"libvirtd could crash if bogus parameters where passed to the\nVirDomainGetVcpus call. (CVE-2011-2511)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2511.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7613.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"libvirt-0.3.3-18.20.20.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"libvirt-devel-0.3.3-18.20.20.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"libvirt-python-0.3.3-18.20.20.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:34:20", "description": "Eric Blake discovered an integer overflow flaw in libvirt. A remote authenticated attacker could exploit this by sending a crafted VCPU RPC call and cause a denial of service via application crash.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2011-07-29T00:00:00", "type": "nessus", "title": "Ubuntu 10.04 LTS / 10.10 / 11.04 : libvirt vulnerability (USN-1180-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2511"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libvirt-bin", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:10.10", "cpe:/o:canonical:ubuntu_linux:11.04"], "id": "UBUNTU_USN-1180-1.NASL", "href": "https://www.tenable.com/plugins/nessus/55730", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1180-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55730);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2011-2511\");\n script_bugtraq_id(48478);\n script_xref(name:\"USN\", value:\"1180-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 10.10 / 11.04 : libvirt vulnerability (USN-1180-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Eric Blake discovered an integer overflow flaw in libvirt. A remote\nauthenticated attacker could exploit this by sending a crafted VCPU\nRPC call and cause a denial of service via application crash.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1180-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libvirt-bin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libvirt-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/08/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/07/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04|10\\.10|11\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 10.10 / 11.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libvirt-bin\", pkgver:\"0.7.5-5ubuntu27.16\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libvirt-bin\", pkgver:\"0.8.3-1ubuntu19.1\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"libvirt-bin\", pkgver:\"0.8.8-1ubuntu6.5\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvirt-bin\");\n}\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:34:19", "description": "The following bug was fixed in libvirt :\n\n - libvirtd could crash if bogus parameters where passed to the VirDomainGetVcpus call. (CVE-2011-2511)", "cvss3": {}, "published": "2011-07-27T00:00:00", "type": "nessus", "title": "SuSE 11.1 Security Update : libvirt (SAT Patch Number 4870)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2511"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:libvirt", "p-cpe:/a:novell:suse_linux:11:libvirt-doc", "p-cpe:/a:novell:suse_linux:11:libvirt-python", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_LIBVIRT-110712.NASL", "href": "https://www.tenable.com/plugins/nessus/55696", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55696);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-2511\");\n\n script_name(english:\"SuSE 11.1 Security Update : libvirt (SAT Patch Number 4870)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The following bug was fixed in libvirt :\n\n - libvirtd could crash if bogus parameters where passed to\n the VirDomainGetVcpus call. (CVE-2011-2511)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=691926\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=703084\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=704024\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2511.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 4870.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libvirt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libvirt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libvirt-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/07/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"libvirt-0.7.6-1.25.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"libvirt-doc-0.7.6-1.25.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"libvirt-python-0.7.6-1.25.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libvirt-0.7.6-1.25.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libvirt-doc-0.7.6-1.25.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libvirt-python-0.7.6-1.25.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"libvirt-0.7.6-1.25.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"libvirt-doc-0.7.6-1.25.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"libvirt-python-0.7.6-1.25.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:27:51", "description": "The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remotely managing virtualized systems.\n\nAn integer overflow flaw was found in libvirtd's RPC call handling. An attacker able to establish read-only connections to libvirtd could trigger this flaw by calling virDomainGetVcpus() with specially crafted parameters, causing libvirtd to crash. (CVE-2011-2511)\n\nThis update also fixes the following bugs :\n\n - Previously, when the 'virsh vol-create-from' command was run on an LVM (Logical Volume Manager) storage pool, performance of the command was very low and the operation consumed an excessive amount of time. This bug has been fixed in the virStorageVolCreateXMLFrom() function, and the performance problem of the command no longer occurs.\n\n - Due to a regression, libvirt used undocumented command line options, instead of the recommended ones.\n Consequently, the qemu-img utility used an invalid argument while creating an encrypted volume, and the process eventually failed. With this update, the bug in the backing format of the storage back end has been fixed, and encrypted volumes can now be created as expected.\n\n - Due to a bug in the qemuAuditDisk() function, hot unplug failures were never audited, and a hot unplug success was audited as a failure. This bug has been fixed, and auditing of disk hot unplug operations now works as expected.\n\n - Previously, when a debug process was being activated, the act of preparing a debug message ended up with dereferencing a UUID (universally unique identifier) prior to the NULL argument check. Consequently, an API running the debug process sometimes terminated with a segmentation fault. With this update, a patch has been provided to address this issue, and the crashes no longer occur in the described scenario.\n\n - The libvirt library uses the 'boot=on' option to mark which disk is bootable but it only uses that option if Qemu advertises its support. The qemu-kvm utility in Scientific Linux 6.1 removed support for that option and libvirt could not use it. As a consequence, when an IDE disk was added as the second storage with a virtio disk being set up as the first one by default, the operating system tried to boot from the IDE disk rather than the virtio disk and either failed to boot with the 'No bootable disk' error message returned, or the system booted whatever operating system was on the IDE disk.\n With this update, the boot configuration is translated into bootindex, which provides control over which device is used for booting a guest operating system, thus fixing this bug.\n\nAll users of libvirt are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, libvirtd must be restarted ('service libvirtd restart') for this update to take effect.", "cvss3": {}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : libvirt on SL6.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2511"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20110823_LIBVIRT_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61119", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61119);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-2511\");\n\n script_name(english:\"Scientific Linux Security Update : libvirt on SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The libvirt library is a C API for managing and interacting with the\nvirtualization capabilities of Linux and other operating systems. In\naddition, libvirt provides tools for remotely managing virtualized\nsystems.\n\nAn integer overflow flaw was found in libvirtd's RPC call handling. An\nattacker able to establish read-only connections to libvirtd could\ntrigger this flaw by calling virDomainGetVcpus() with specially\ncrafted parameters, causing libvirtd to crash. (CVE-2011-2511)\n\nThis update also fixes the following bugs :\n\n - Previously, when the 'virsh vol-create-from' command was\n run on an LVM (Logical Volume Manager) storage pool,\n performance of the command was very low and the\n operation consumed an excessive amount of time. This bug\n has been fixed in the virStorageVolCreateXMLFrom()\n function, and the performance problem of the command no\n longer occurs.\n\n - Due to a regression, libvirt used undocumented command\n line options, instead of the recommended ones.\n Consequently, the qemu-img utility used an invalid\n argument while creating an encrypted volume, and the\n process eventually failed. With this update, the bug in\n the backing format of the storage back end has been\n fixed, and encrypted volumes can now be created as\n expected.\n\n - Due to a bug in the qemuAuditDisk() function, hot unplug\n failures were never audited, and a hot unplug success\n was audited as a failure. This bug has been fixed, and\n auditing of disk hot unplug operations now works as\n expected.\n\n - Previously, when a debug process was being activated,\n the act of preparing a debug message ended up with\n dereferencing a UUID (universally unique identifier)\n prior to the NULL argument check. Consequently, an API\n running the debug process sometimes terminated with a\n segmentation fault. With this update, a patch has been\n provided to address this issue, and the crashes no\n longer occur in the described scenario.\n\n - The libvirt library uses the 'boot=on' option to mark\n which disk is bootable but it only uses that option if\n Qemu advertises its support. The qemu-kvm utility in\n Scientific Linux 6.1 removed support for that option and\n libvirt could not use it. As a consequence, when an IDE\n disk was added as the second storage with a virtio disk\n being set up as the first one by default, the operating\n system tried to boot from the IDE disk rather than the\n virtio disk and either failed to boot with the 'No\n bootable disk' error message returned, or the system\n booted whatever operating system was on the IDE disk.\n With this update, the boot configuration is translated\n into bootindex, which provides control over which device\n is used for booting a guest operating system, thus\n fixing this bug.\n\nAll users of libvirt are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. After\ninstalling the updated packages, libvirtd must be restarted ('service\nlibvirtd restart') for this update to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1109&L=scientific-linux-errata&T=0&P=751\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c0c7d4a3\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/08/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"libvirt-0.8.7-18.el6_1.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libvirt-client-0.8.7-18.el6_1.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libvirt-debuginfo-0.8.7-18.el6_1.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libvirt-devel-0.8.7-18.el6_1.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libvirt-python-0.8.7-18.el6_1.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2023-01-18T14:33:38", "description": "libvirtd could crash if bogus parameters where passed to the VirDomainGetVcpus call (CVE-2011-2511).", "cvss3": {}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : libvirt (openSUSE-SU-2011:0900-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2511"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libvirt", "p-cpe:/a:novell:opensuse:libvirt-client", "p-cpe:/a:novell:opensuse:libvirt-client-debuginfo", "p-cpe:/a:novell:opensuse:libvirt-debuginfo", "p-cpe:/a:novell:opensuse:libvirt-debugsource", "p-cpe:/a:novell:opensuse:libvirt-devel", "p-cpe:/a:novell:opensuse:libvirt-python", "p-cpe:/a:novell:opensuse:libvirt-python-debuginfo", "cpe:/o:novell:opensuse:11.4"], "id": "SUSE_11_4_LIBVIRT-110706.NASL", "href": "https://www.tenable.com/plugins/nessus/75930", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libvirt-4836.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75930);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-2511\");\n\n script_name(english:\"openSUSE Security Update : libvirt (openSUSE-SU-2011:0900-1)\");\n script_summary(english:\"Check for the libvirt-4836 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"libvirtd could crash if bogus parameters where passed to the\nVirDomainGetVcpus call (CVE-2011-2511).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=703084\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-08/msg00019.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libvirt packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-python-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libvirt-0.8.8-0.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libvirt-client-0.8.8-0.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libvirt-client-debuginfo-0.8.8-0.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libvirt-debuginfo-0.8.8-0.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libvirt-debugsource-0.8.8-0.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libvirt-devel-0.8.8-0.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libvirt-python-0.8.8-0.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libvirt-python-debuginfo-0.8.8-0.12.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvirt / libvirt-client / libvirt-devel / libvirt-python / etc\");\n}\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2023-01-18T14:32:52", "description": "libvirtd could crash if bogus parameters where passed to the VirDomainGetVcpus call (CVE-2011-2511).", "cvss3": {}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : libvirt (openSUSE-SU-2011:0900-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2511"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libvirt", "p-cpe:/a:novell:opensuse:libvirt-client", "p-cpe:/a:novell:opensuse:libvirt-devel", "p-cpe:/a:novell:opensuse:libvirt-python", "cpe:/o:novell:opensuse:11.3"], "id": "SUSE_11_3_LIBVIRT-110706.NASL", "href": "https://www.tenable.com/plugins/nessus/75625", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libvirt-4836.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75625);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-2511\");\n\n script_name(english:\"openSUSE Security Update : libvirt (openSUSE-SU-2011:0900-1)\");\n script_summary(english:\"Check for the libvirt-4836 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"libvirtd could crash if bogus parameters where passed to the\nVirDomainGetVcpus call (CVE-2011-2511).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=703084\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-08/msg00019.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libvirt packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libvirt-0.8.1-4.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libvirt-client-0.8.1-4.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libvirt-devel-0.8.1-4.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libvirt-python-0.8.1-4.10.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvirt / libvirt-client / libvirt-devel / libvirt-python\");\n}\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:50:51", "description": "From Red Hat Security Advisory 2011:1197 :\n\nUpdated libvirt packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remotely managing virtualized systems.\n\nAn integer overflow flaw was found in libvirtd's RPC call handling. An attacker able to establish read-only connections to libvirtd could trigger this flaw by calling virDomainGetVcpus() with specially crafted parameters, causing libvirtd to crash. (CVE-2011-2511)\n\nThis update also fixes the following bugs :\n\n* Previously, when the 'virsh vol-create-from' command was run on an LVM (Logical Volume Manager) storage pool, performance of the command was very low and the operation consumed an excessive amount of time.\nThis bug has been fixed in the virStorageVolCreateXMLFrom() function, and the performance problem of the command no longer occurs.\n\n* Due to a regression, libvirt used undocumented command line options, instead of the recommended ones. Consequently, the qemu-img utility used an invalid argument while creating an encrypted volume, and the process eventually failed. With this update, the bug in the backing format of the storage back end has been fixed, and encrypted volumes can now be created as expected. (BZ#726617)\n\n* Due to a bug in the qemuAuditDisk() function, hot unplug failures were never audited, and a hot unplug success was audited as a failure.\nThis bug has been fixed, and auditing of disk hot unplug operations now works as expected. (BZ#728516)\n\n* Previously, when a debug process was being activated, the act of preparing a debug message ended up with dereferencing a UUID (universally unique identifier) prior to the NULL argument check.\nConsequently, an API running the debug process sometimes terminated with a segmentation fault. With this update, a patch has been provided to address this issue, and the crashes no longer occur in the described scenario. (BZ#728546)\n\n* The libvirt library uses the 'boot=on' option to mark which disk is bootable but it only uses that option if Qemu advertises its support.\nThe qemu-kvm utility in Red Hat Enterprise Linux 6.1 removed support for that option and libvirt could not use it. As a consequence, when an IDE disk was added as the second storage with a virtio disk being set up as the first one by default, the operating system tried to boot from the IDE disk rather than the virtio disk and either failed to boot with the 'No bootable disk' error message returned, or the system booted whatever operating system was on the IDE disk. With this update, the boot configuration is translated into bootindex, which provides control over which device is used for booting a guest operating system, thus fixing this bug.\n\nAll users of libvirt are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, libvirtd must be restarted ('service libvirtd restart') for this update to take effect.", "cvss3": {}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : libvirt (ELSA-2011-1197)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2511"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:libvirt", "p-cpe:/a:oracle:linux:libvirt-client", "p-cpe:/a:oracle:linux:libvirt-devel", "p-cpe:/a:oracle:linux:libvirt-python", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2011-1197.NASL", "href": "https://www.tenable.com/plugins/nessus/68333", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2011:1197 and \n# Oracle Linux Security Advisory ELSA-2011-1197 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68333);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-2511\");\n script_bugtraq_id(48478);\n script_xref(name:\"RHSA\", value:\"2011:1197\");\n\n script_name(english:\"Oracle Linux 6 : libvirt (ELSA-2011-1197)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2011:1197 :\n\nUpdated libvirt packages that fix one security issue and several bugs\nare now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe libvirt library is a C API for managing and interacting with the\nvirtualization capabilities of Linux and other operating systems. In\naddition, libvirt provides tools for remotely managing virtualized\nsystems.\n\nAn integer overflow flaw was found in libvirtd's RPC call handling. An\nattacker able to establish read-only connections to libvirtd could\ntrigger this flaw by calling virDomainGetVcpus() with specially\ncrafted parameters, causing libvirtd to crash. (CVE-2011-2511)\n\nThis update also fixes the following bugs :\n\n* Previously, when the 'virsh vol-create-from' command was run on an\nLVM (Logical Volume Manager) storage pool, performance of the command\nwas very low and the operation consumed an excessive amount of time.\nThis bug has been fixed in the virStorageVolCreateXMLFrom() function,\nand the performance problem of the command no longer occurs.\n\n* Due to a regression, libvirt used undocumented command line options,\ninstead of the recommended ones. Consequently, the qemu-img utility\nused an invalid argument while creating an encrypted volume, and the\nprocess eventually failed. With this update, the bug in the backing\nformat of the storage back end has been fixed, and encrypted volumes\ncan now be created as expected. (BZ#726617)\n\n* Due to a bug in the qemuAuditDisk() function, hot unplug failures\nwere never audited, and a hot unplug success was audited as a failure.\nThis bug has been fixed, and auditing of disk hot unplug operations\nnow works as expected. (BZ#728516)\n\n* Previously, when a debug process was being activated, the act of\npreparing a debug message ended up with dereferencing a UUID\n(universally unique identifier) prior to the NULL argument check.\nConsequently, an API running the debug process sometimes terminated\nwith a segmentation fault. With this update, a patch has been provided\nto address this issue, and the crashes no longer occur in the\ndescribed scenario. (BZ#728546)\n\n* The libvirt library uses the 'boot=on' option to mark which disk is\nbootable but it only uses that option if Qemu advertises its support.\nThe qemu-kvm utility in Red Hat Enterprise Linux 6.1 removed support\nfor that option and libvirt could not use it. As a consequence, when\nan IDE disk was added as the second storage with a virtio disk being\nset up as the first one by default, the operating system tried to boot\nfrom the IDE disk rather than the virtio disk and either failed to\nboot with the 'No bootable disk' error message returned, or the system\nbooted whatever operating system was on the IDE disk. With this\nupdate, the boot configuration is translated into bootindex, which\nprovides control over which device is used for booting a guest\noperating system, thus fixing this bug.\n\nAll users of libvirt are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. After\ninstalling the updated packages, libvirtd must be restarted ('service\nlibvirtd restart') for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-August/002301.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libvirt packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/08/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"libvirt-0.8.7-18.0.1.el6_1.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"libvirt-client-0.8.7-18.0.1.el6_1.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"libvirt-devel-0.8.7-18.0.1.el6_1.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"libvirt-python-0.8.7-18.0.1.el6_1.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvirt / libvirt-client / libvirt-devel / libvirt-python\");\n}\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:26:08", "description": "The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems.\n\nAn integer overflow flaw was found in libvirtd's RPC call handling. An attacker able to establish read-only connections to libvirtd could trigger this flaw by calling virDomainGetVcpus() with specially crafted parameters, causing libvirtd to crash. (CVE-2011-2511)\n\nThis update fixes the following bugs :\n\n - libvirt was rebased from version 0.6.3 to version 0.8.2 in Scientific Linux 5.6. A code audit found a minor API change that effected error messages seen by libvirt 0.8.2 clients talking to libvirt 0.7.1  0.7.7 (0.7.x) servers. A libvirt 0.7.x server could send VIR_ERR_BUILD_FIREWALL errors where a libvirt 0.8.2 client expected VIR_ERR_CONFIG_UNSUPPORTED errors. In other circumstances, a libvirt 0.8.2 client saw a 'Timed out during operation' message where it should see an 'Invalid network filter' error. This update adds a backported patch that allows libvirt 0.8.2 clients to interoperate with the API as used by libvirt 0.7.x servers, ensuring correct error messages are sent.\n\n - libvirt could crash if the maximum number of open file descriptors (_SC_OPEN_MAX) grew larger than the FD_SETSIZE value because it accessed file descriptors outside the bounds of the set. With this update the maximum number of open file descriptors can no longer grow larger than the FD_SETSIZE value.\n\n - A libvirt race condition was found. An array in the libvirt event handlers was accessed with a lock temporarily released. In rare cases, if one thread attempted to access this array but a second thread reallocated the array before the first thread reacquired a lock, it could lead to the first thread attempting to access freed memory, potentially causing libvirt to crash. With this update libvirt no longer refers to the old array and, consequently, behaves as expected.\n\n - Guests connected to a passthrough NIC would kernel panic if a system_reset signal was sent through the QEMU monitor. With this update you can reset such guests as expected.\n\n - When using the Xen kernel, the rpmbuild command failed on the xencapstest test. With this update you can run rpmbuild successfully when using the Xen kernel.\n\n - When a disk was hot unplugged, 'ret >= 0' was passed to the qemuAuditDisk calls in disk hotunplug operations before ret was, in fact, set to 0. As well, the error path jumped to the 'cleanup' label prematurely. As a consequence, hotunplug failures were not audited and hotunplug successes were audited as failures. This was corrected and hot unplugging checks now behave as expected.\n\n - A conflict existed between filter update locking sequences and virtual machine startup locking sequences.\n When a filter update occurred on one or more virtual machines, a deadlock could consequently occur if a virtual machine referencing a filter was started. This update changes and makes more flexible several qemu locking sequences ensuring this deadlock no longer occurs.\n\n - qemudDomainSaveImageStartVM closed some incoming file descriptor (fd) arguments without informing the caller.\n The consequent double-closes could cause Domain restoration failure. This update alters the qemudDomainSaveImageStartVM signature to prevent the double-closes.\n\nThis update also adds the following enhancements :\n\n - The libvirt Xen driver now supports more than one serial port.\n\n - Enabling and disabling the High Precision Event Timer (HPET) in Xen domains is now possible.\n\nAll libvirt users should install this update which addresses this vulnerability, fixes these bugs and adds these enhancements. After installing the updated packages, libvirtd must be restarted ('service libvirtd restart') for this update to take effect.", "cvss3": {}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : libvirt on SL5.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2511"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20110721_LIBVIRT_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61090", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61090);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-2511\");\n\n script_name(english:\"Scientific Linux Security Update : libvirt on SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The libvirt library is a C API for managing and interacting with the\nvirtualization capabilities of Linux and other operating systems.\n\nAn integer overflow flaw was found in libvirtd's RPC call handling. An\nattacker able to establish read-only connections to libvirtd could\ntrigger this flaw by calling virDomainGetVcpus() with specially\ncrafted parameters, causing libvirtd to crash. (CVE-2011-2511)\n\nThis update fixes the following bugs :\n\n - libvirt was rebased from version 0.6.3 to version 0.8.2\n in Scientific Linux 5.6. A code audit found a minor API\n change that effected error messages seen by libvirt\n 0.8.2 clients talking to libvirt 0.7.1  0.7.7\n (0.7.x) servers. A libvirt 0.7.x server could send\n VIR_ERR_BUILD_FIREWALL errors where a libvirt 0.8.2\n client expected VIR_ERR_CONFIG_UNSUPPORTED errors. In\n other circumstances, a libvirt 0.8.2 client saw a 'Timed\n out during operation' message where it should see an\n 'Invalid network filter' error. This update adds a\n backported patch that allows libvirt 0.8.2 clients to\n interoperate with the API as used by libvirt 0.7.x\n servers, ensuring correct error messages are sent.\n\n - libvirt could crash if the maximum number of open file\n descriptors (_SC_OPEN_MAX) grew larger than the\n FD_SETSIZE value because it accessed file descriptors\n outside the bounds of the set. With this update the\n maximum number of open file descriptors can no longer\n grow larger than the FD_SETSIZE value.\n\n - A libvirt race condition was found. An array in the\n libvirt event handlers was accessed with a lock\n temporarily released. In rare cases, if one thread\n attempted to access this array but a second thread\n reallocated the array before the first thread reacquired\n a lock, it could lead to the first thread attempting to\n access freed memory, potentially causing libvirt to\n crash. With this update libvirt no longer refers to the\n old array and, consequently, behaves as expected.\n\n - Guests connected to a passthrough NIC would kernel panic\n if a system_reset signal was sent through the QEMU\n monitor. With this update you can reset such guests as\n expected.\n\n - When using the Xen kernel, the rpmbuild command failed\n on the xencapstest test. With this update you can run\n rpmbuild successfully when using the Xen kernel.\n\n - When a disk was hot unplugged, 'ret >= 0' was passed to\n the qemuAuditDisk calls in disk hotunplug operations\n before ret was, in fact, set to 0. As well, the error\n path jumped to the 'cleanup' label prematurely. As a\n consequence, hotunplug failures were not audited and\n hotunplug successes were audited as failures. This was\n corrected and hot unplugging checks now behave as\n expected.\n\n - A conflict existed between filter update locking\n sequences and virtual machine startup locking sequences.\n When a filter update occurred on one or more virtual\n machines, a deadlock could consequently occur if a\n virtual machine referencing a filter was started. This\n update changes and makes more flexible several qemu\n locking sequences ensuring this deadlock no longer\n occurs.\n\n - qemudDomainSaveImageStartVM closed some incoming file\n descriptor (fd) arguments without informing the caller.\n The consequent double-closes could cause Domain\n restoration failure. This update alters the\n qemudDomainSaveImageStartVM signature to prevent the\n double-closes.\n\nThis update also adds the following enhancements :\n\n - The libvirt Xen driver now supports more than one serial\n port.\n\n - Enabling and disabling the High Precision Event Timer\n (HPET) in Xen domains is now possible.\n\nAll libvirt users should install this update which addresses this\nvulnerability, fixes these bugs and adds these enhancements. After\ninstalling the updated packages, libvirtd must be restarted ('service\nlibvirtd restart') for this update to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1108&L=scientific-linux-errata&T=0&P=3827\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cdfd2d0d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected libvirt, libvirt-devel and / or libvirt-python\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/08/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"libvirt-0.8.2-22.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"libvirt-devel-0.8.2-22.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"libvirt-python-0.8.2-22.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2023-01-19T14:59:50", "description": "This kernel update for the SUSE Linux Enterprise 10 SP3 kernel fixes several security issues and bugs.\n\nThe following security issues have been fixed :\n\n - A signedness issue in CIFS could possibly have lead to to memory corruption, if a malicious server could send crafted replies to the host. (CVE-2011-3191)\n\n - Timo Warns reported an issue in the Linux implementation for GUID partitions. Users with physical access could gain access to sensitive kernel memory by adding a storage device with a specially crafted corrupted invalid partition table. (CVE-2011-1776)\n\n - The dccp_rcv_state_process function in net/dccp/input.c in the Datagram Congestion Control Protocol (DCCP) implementation in the Linux kernel did not properly handle packets for a CLOSED endpoint, which allowed remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by sending a DCCP-Close packet followed by a DCCP-Reset packet. (CVE-2011-1093)\n\n - Integer overflow in the agp_generic_insert_memory function in drivers/char/agp/generic.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (system crash) via a crafted AGPIOC_BIND agp_ioctl ioctl call. (CVE-2011-1745)\n\n - Multiple integer overflows in the (1) agp_allocate_memory and (2) agp_create_user_memory functions in drivers/char/agp/generic.c in the Linux kernel allowed local users to trigger buffer overflows, and consequently cause a denial of service (system crash) or possibly have unspecified other impact, via vectors related to calls that specify a large number of memory pages. (CVE-2011-1746)\n\n - The agp_generic_remove_memory function in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 did not validate a certain start parameter, which allowed local users to gain privileges or cause a denial of service (system crash) via a crafted AGPIOC_UNBIND agp_ioctl ioctl call, a different vulnerability than CVE-2011-1745. (CVE-2011-2022)\n\n - The do_task_stat function in fs/proc/array.c in the Linux kernel did not perform an expected uid check, which made it easier for local users to defeat the ASLR protection mechanism by reading the start_code and end_code fields in the /proc/#####/stat file for a process executing a PIE binary. (CVE-2011-0726)\n\n - The normal mmap paths all avoid creating a mapping where the pgoff inside the mapping could wrap around due to overflow. However, an expanding mremap() can take such a non-wrapping mapping and make it bigger and cause a wrapping condition. (CVE-2011-2496)\n\n - A local unprivileged user able to access a NFS filesystem could use file locking to deadlock parts of an nfs server under some circumstance. (CVE-2011-2491)\n\n - The code for evaluating LDM partitions (in fs/partitions/ldm.c) contained bugs that could crash the kernel for certain corrupted LDM partitions.\n (CVE-2011-1017 / CVE-2011-2182)\n\n - When using a setuid root mount.cifs, local users could hijack password protected mounted CIFS shares of other local users. (CVE-2011-1585)\n\nAlso following non-security bugs were fixed :\n\n - patches.suse/fs-proc-vmcorec-add-hook-to-read_from_oldme m-to-check-for-non-ram-pages.patch: fs/proc/vmcore.c:\n add hook to read_from_oldmem() to check for non-ram pages. (bnc#684297)\n\n - patches.xen/1062-xenbus-dev-leak.patch: xenbus: Fix memory leak on release.\n\n - patches.xen/1074-xenbus_conn-type.patch: xenbus: fix type inconsistency with xenbus_conn().\n\n - patches.xen/1080-blkfront-xenbus-gather-format.patch:\n blkfront: fix data size for xenbus_gather in connect().\n\n - patches.xen/1081-blkback-resize-transaction-end.patch:\n xenbus: fix xenbus_transaction_start() hang caused by double xenbus_transaction_end().\n\n - patches.xen/1089-blkback-barrier-check.patch: blkback:\n dont fail empty barrier requests.\n\n - patches.xen/1091-xenbus-dev-no-BUG.patch: xenbus: dont BUG() on user mode induced conditions. (bnc#696107)\n\n - patches.xen/1098-blkfront-cdrom-ioctl-check.patch:\n blkfront: avoid NULL de-reference in CDROM ioctl handling. (bnc#701355)\n\n - patches.xen/1102-x86-max-contig-order.patch: x86: use dynamically adjusted upper bound for contiguous regions.\n (bnc#635880)\n\n - patches.xen/xen3-x86-sanitize-user-specified-e820-memmap\n -values.patch: x86: sanitize user specified e820 memmap values. (bnc#665543)\n\n - patches.fixes/libiscsi-dont-run-scsi-eh-if-iscsi-task-is\n -making-progress: Fix typo, which was uncovered in debug mode.\n\n - patches.fixes/pacct-fix-sighand-siglock-usage.patch: Fix sighand->siglock usage in kernel/acct.c. (bnc#705463)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2012-05-17T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : the Linux kernel (ZYPP Patch Number 7729)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-0726", "CVE-2011-1017", "CVE-2011-1093", "CVE-2011-1585", "CVE-2011-1745", "CVE-2011-1746", "CVE-2011-1776", "CVE-2011-2022", "CVE-2011-2182", "CVE-2011-2491", "CVE-2011-2496", "CVE-2011-3191"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_KERNEL-7729.NASL", "href": "https://www.tenable.com/plugins/nessus/59159", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59159);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-0726\", \"CVE-2011-1017\", \"CVE-2011-1093\", \"CVE-2011-1585\", \"CVE-2011-1745\", \"CVE-2011-1746\", \"CVE-2011-1776\", \"CVE-2011-2022\", \"CVE-2011-2182\", \"CVE-2011-2491\", \"CVE-2011-2496\", \"CVE-2011-3191\");\n\n script_name(english:\"SuSE 10 Security Update : the Linux kernel (ZYPP Patch Number 7729)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This kernel update for the SUSE Linux Enterprise 10 SP3 kernel fixes\nseveral security issues and bugs.\n\nThe following security issues have been fixed :\n\n - A signedness issue in CIFS could possibly have lead to\n to memory corruption, if a malicious server could send\n crafted replies to the host. (CVE-2011-3191)\n\n - Timo Warns reported an issue in the Linux implementation\n for GUID partitions. Users with physical access could\n gain access to sensitive kernel memory by adding a\n storage device with a specially crafted corrupted\n invalid partition table. (CVE-2011-1776)\n\n - The dccp_rcv_state_process function in net/dccp/input.c\n in the Datagram Congestion Control Protocol (DCCP)\n implementation in the Linux kernel did not properly\n handle packets for a CLOSED endpoint, which allowed\n remote attackers to cause a denial of service (NULL\n pointer dereference and OOPS) by sending a DCCP-Close\n packet followed by a DCCP-Reset packet. (CVE-2011-1093)\n\n - Integer overflow in the agp_generic_insert_memory\n function in drivers/char/agp/generic.c in the Linux\n kernel allowed local users to gain privileges or cause a\n denial of service (system crash) via a crafted\n AGPIOC_BIND agp_ioctl ioctl call. (CVE-2011-1745)\n\n - Multiple integer overflows in the (1)\n agp_allocate_memory and (2) agp_create_user_memory\n functions in drivers/char/agp/generic.c in the Linux\n kernel allowed local users to trigger buffer overflows,\n and consequently cause a denial of service (system\n crash) or possibly have unspecified other impact, via\n vectors related to calls that specify a large number of\n memory pages. (CVE-2011-1746)\n\n - The agp_generic_remove_memory function in\n drivers/char/agp/generic.c in the Linux kernel before\n 2.6.38.5 did not validate a certain start parameter,\n which allowed local users to gain privileges or cause a\n denial of service (system crash) via a crafted\n AGPIOC_UNBIND agp_ioctl ioctl call, a different\n vulnerability than CVE-2011-1745. (CVE-2011-2022)\n\n - The do_task_stat function in fs/proc/array.c in the\n Linux kernel did not perform an expected uid check,\n which made it easier for local users to defeat the ASLR\n protection mechanism by reading the start_code and\n end_code fields in the /proc/#####/stat file for a\n process executing a PIE binary. (CVE-2011-0726)\n\n - The normal mmap paths all avoid creating a mapping where\n the pgoff inside the mapping could wrap around due to\n overflow. However, an expanding mremap() can take such a\n non-wrapping mapping and make it bigger and cause a\n wrapping condition. (CVE-2011-2496)\n\n - A local unprivileged user able to access a NFS\n filesystem could use file locking to deadlock parts of\n an nfs server under some circumstance. (CVE-2011-2491)\n\n - The code for evaluating LDM partitions (in\n fs/partitions/ldm.c) contained bugs that could crash the\n kernel for certain corrupted LDM partitions.\n (CVE-2011-1017 / CVE-2011-2182)\n\n - When using a setuid root mount.cifs, local users could\n hijack password protected mounted CIFS shares of other\n local users. (CVE-2011-1585)\n\nAlso following non-security bugs were fixed :\n\n -\n patches.suse/fs-proc-vmcorec-add-hook-to-read_from_oldme\n m-to-check-for-non-ram-pages.patch: fs/proc/vmcore.c:\n add hook to read_from_oldmem() to check for non-ram\n pages. (bnc#684297)\n\n - patches.xen/1062-xenbus-dev-leak.patch: xenbus: Fix\n memory leak on release.\n\n - patches.xen/1074-xenbus_conn-type.patch: xenbus: fix\n type inconsistency with xenbus_conn().\n\n - patches.xen/1080-blkfront-xenbus-gather-format.patch:\n blkfront: fix data size for xenbus_gather in connect().\n\n - patches.xen/1081-blkback-resize-transaction-end.patch:\n xenbus: fix xenbus_transaction_start() hang caused by\n double xenbus_transaction_end().\n\n - patches.xen/1089-blkback-barrier-check.patch: blkback:\n dont fail empty barrier requests.\n\n - patches.xen/1091-xenbus-dev-no-BUG.patch: xenbus: dont\n BUG() on user mode induced conditions. (bnc#696107)\n\n - patches.xen/1098-blkfront-cdrom-ioctl-check.patch:\n blkfront: avoid NULL de-reference in CDROM ioctl\n handling. (bnc#701355)\n\n - patches.xen/1102-x86-max-contig-order.patch: x86: use\n dynamically adjusted upper bound for contiguous regions.\n (bnc#635880)\n\n -\n patches.xen/xen3-x86-sanitize-user-specified-e820-memmap\n -values.patch: x86: sanitize user specified e820 memmap\n values. (bnc#665543)\n\n -\n patches.fixes/libiscsi-dont-run-scsi-eh-if-iscsi-task-is\n -making-progress: Fix typo, which was uncovered in debug\n mode.\n\n - patches.fixes/pacct-fix-sighand-siglock-usage.patch: Fix\n sighand->siglock usage in kernel/acct.c. (bnc#705463)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0726.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1017.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1093.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1585.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1745.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1746.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1776.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2022.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2182.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2491.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2496.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-3191.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7729.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/05/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"kernel-debug-2.6.16.60-0.83.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"kernel-default-2.6.16.60-0.83.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"kernel-kdump-2.6.16.60-0.83.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"kernel-smp-2.6.16.60-0.83.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"kernel-source-2.6.16.60-0.83.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"kernel-syms-2.6.16.60-0.83.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"kernel-xen-2.6.16.60-0.83.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-19T14:23:02", "description": "This kernel update for the SUSE Linux Enterprise 10 SP3 kernel fixes several security issues and bugs.\n\nThe following security issues have been fixed :\n\n - A signedness issue in CIFS could possibly have lead to to memory corruption, if a malicious server could send crafted replies to the host. (CVE-2011-3191)\n\n - Timo Warns reported an issue in the Linux implementation for GUID partitions. Users with physical access could gain access to sensitive kernel memory by adding a storage device with a specially crafted corrupted invalid partition table. (CVE-2011-1776)\n\n - The dccp_rcv_state_process function in net/dccp/input.c in the Datagram Congestion Control Protocol (DCCP) implementation in the Linux kernel did not properly handle packets for a CLOSED endpoint, which allowed remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by sending a DCCP-Close packet followed by a DCCP-Reset packet. (CVE-2011-1093)\n\n - Integer overflow in the agp_generic_insert_memory function in drivers/char/agp/generic.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (system crash) via a crafted AGPIOC_BIND agp_ioctl ioctl call. (CVE-2011-1745)\n\n - Multiple integer overflows in the (1) agp_allocate_memory and (2) agp_create_user_memory functions in drivers/char/agp/generic.c in the Linux kernel allowed local users to trigger buffer overflows, and consequently cause a denial of service (system crash) or possibly have unspecified other impact, via vectors related to calls that specify a large number of memory pages. (CVE-2011-1746)\n\n - The agp_generic_remove_memory function in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 did not validate a certain start parameter, which allowed local users to gain privileges or cause a denial of service (system crash) via a crafted AGPIOC_UNBIND agp_ioctl ioctl call, a different vulnerability than CVE-2011-1745. (CVE-2011-2022)\n\n - The do_task_stat function in fs/proc/array.c in the Linux kernel did not perform an expected uid check, which made it easier for local users to defeat the ASLR protection mechanism by reading the start_code and end_code fields in the /proc/#####/stat file for a process executing a PIE binary. (CVE-2011-0726)\n\n - The normal mmap paths all avoid creating a mapping where the pgoff inside the mapping could wrap around due to overflow. However, an expanding mremap() can take such a non-wrapping mapping and make it bigger and cause a wrapping condition. (CVE-2011-2496)\n\n - A local unprivileged user able to access a NFS filesystem could use file locking to deadlock parts of an nfs server under some circumstance. (CVE-2011-2491)\n\n - The code for evaluating LDM partitions (in fs/partitions/ldm.c) contained bugs that could crash the kernel for certain corrupted LDM partitions.\n (CVE-2011-1017 / CVE-2011-2182)\n\n - When using a setuid root mount.cifs, local users could hijack password protected mounted CIFS shares of other local users. (CVE-2011-1585)\n\nAlso following non-security bugs were fixed :\n\n - patches.suse/fs-proc-vmcorec-add-hook-to-read_from_oldme m-to-check-for-non-ram-pages.patch: fs/proc/vmcore.c:\n add hook to read_from_oldmem() to check for non-ram pages. (bnc#684297)\n\n - patches.xen/1062-xenbus-dev-leak.patch: xenbus: Fix memory leak on release.\n\n - patches.xen/1074-xenbus_conn-type.patch: xenbus: fix type inconsistency with xenbus_conn().\n\n - patches.xen/1080-blkfront-xenbus-gather-format.patch:\n blkfront: fix data size for xenbus_gather in connect().\n\n - patches.xen/1081-blkback-resize-transaction-end.patch:\n xenbus: fix xenbus_transaction_start() hang caused by double xenbus_transaction_end().\n\n - patches.xen/1089-blkback-barrier-check.patch: blkback:\n dont fail empty barrier requests.\n\n - patches.xen/1091-xenbus-dev-no-BUG.patch: xenbus: dont BUG() on user mode induced conditions. (bnc#696107)\n\n - patches.xen/1098-blkfront-cdrom-ioctl-check.patch:\n blkfront: avoid NULL de-reference in CDROM ioctl handling. (bnc#701355)\n\n - patches.xen/1102-x86-max-contig-order.patch: x86: use dynamically adjusted upper bound for contiguous regions.\n (bnc#635880)\n\n - patches.xen/xen3-x86-sanitize-user-specified-e820-memmap\n -values.patch: x86: sanitize user specified e820 memmap values. (bnc#665543)\n\n - patches.fixes/libiscsi-dont-run-scsi-eh-if-iscsi-task-is\n -making-progress: Fix typo, which was uncovered in debug mode.\n\n - patches.fixes/pacct-fix-sighand-siglock-usage.patch: Fix sighand->siglock usage in kernel/acct.c. (bnc#705463)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2011-10-24T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 7734)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-0726", "CVE-2011-1017", "CVE-2011-1093", "CVE-2011-1585", "CVE-2011-1745", "CVE-2011-1746", "CVE-2011-1776", "CVE-2011-2022", "CVE-2011-2182", "CVE-2011-2491", "CVE-2011-2496", "CVE-2011-3191"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_KERNEL-7734.NASL", "href": "https://www.tenable.com/plugins/nessus/56607", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56607);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-0726\", \"CVE-2011-1017\", \"CVE-2011-1093\", \"CVE-2011-1585\", \"CVE-2011-1745\", \"CVE-2011-1746\", \"CVE-2011-1776\", \"CVE-2011-2022\", \"CVE-2011-2182\", \"CVE-2011-2491\", \"CVE-2011-2496\", \"CVE-2011-3191\");\n\n script_name(english:\"SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 7734)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This kernel update for the SUSE Linux Enterprise 10 SP3 kernel fixes\nseveral security issues and bugs.\n\nThe following security issues have been fixed :\n\n - A signedness issue in CIFS could possibly have lead to\n to memory corruption, if a malicious server could send\n crafted replies to the host. (CVE-2011-3191)\n\n - Timo Warns reported an issue in the Linux implementation\n for GUID partitions. Users with physical access could\n gain access to sensitive kernel memory by adding a\n storage device with a specially crafted corrupted\n invalid partition table. (CVE-2011-1776)\n\n - The dccp_rcv_state_process function in net/dccp/input.c\n in the Datagram Congestion Control Protocol (DCCP)\n implementation in the Linux kernel did not properly\n handle packets for a CLOSED endpoint, which allowed\n remote attackers to cause a denial of service (NULL\n pointer dereference and OOPS) by sending a DCCP-Close\n packet followed by a DCCP-Reset packet. (CVE-2011-1093)\n\n - Integer overflow in the agp_generic_insert_memory\n function in drivers/char/agp/generic.c in the Linux\n kernel allowed local users to gain privileges or cause a\n denial of service (system crash) via a crafted\n AGPIOC_BIND agp_ioctl ioctl call. (CVE-2011-1745)\n\n - Multiple integer overflows in the (1)\n agp_allocate_memory and (2) agp_create_user_memory\n functions in drivers/char/agp/generic.c in the Linux\n kernel allowed local users to trigger buffer overflows,\n and consequently cause a denial of service (system\n crash) or possibly have unspecified other impact, via\n vectors related to calls that specify a large number of\n memory pages. (CVE-2011-1746)\n\n - The agp_generic_remove_memory function in\n drivers/char/agp/generic.c in the Linux kernel before\n 2.6.38.5 did not validate a certain start parameter,\n which allowed local users to gain privileges or cause a\n denial of service (system crash) via a crafted\n AGPIOC_UNBIND agp_ioctl ioctl call, a different\n vulnerability than CVE-2011-1745. (CVE-2011-2022)\n\n - The do_task_stat function in fs/proc/array.c in the\n Linux kernel did not perform an expected uid check,\n which made it easier for local users to defeat the ASLR\n protection mechanism by reading the start_code and\n end_code fields in the /proc/#####/stat file for a\n process executing a PIE binary. (CVE-2011-0726)\n\n - The normal mmap paths all avoid creating a mapping where\n the pgoff inside the mapping could wrap around due to\n overflow. However, an expanding mremap() can take such a\n non-wrapping mapping and make it bigger and cause a\n wrapping condition. (CVE-2011-2496)\n\n - A local unprivileged user able to access a NFS\n filesystem could use file locking to deadlock parts of\n an nfs server under some circumstance. (CVE-2011-2491)\n\n - The code for evaluating LDM partitions (in\n fs/partitions/ldm.c) contained bugs that could crash the\n kernel for certain corrupted LDM partitions.\n (CVE-2011-1017 / CVE-2011-2182)\n\n - When using a setuid root mount.cifs, local users could\n hijack password protected mounted CIFS shares of other\n local users. (CVE-2011-1585)\n\nAlso following non-security bugs were fixed :\n\n -\n patches.suse/fs-proc-vmcorec-add-hook-to-read_from_oldme\n m-to-check-for-non-ram-pages.patch: fs/proc/vmcore.c:\n add hook to read_from_oldmem() to check for non-ram\n pages. (bnc#684297)\n\n - patches.xen/1062-xenbus-dev-leak.patch: xenbus: Fix\n memory leak on release.\n\n - patches.xen/1074-xenbus_conn-type.patch: xenbus: fix\n type inconsistency with xenbus_conn().\n\n - patches.xen/1080-blkfront-xenbus-gather-format.patch:\n blkfront: fix data size for xenbus_gather in connect().\n\n - patches.xen/1081-blkback-resize-transaction-end.patch:\n xenbus: fix xenbus_transaction_start() hang caused by\n double xenbus_transaction_end().\n\n - patches.xen/1089-blkback-barrier-check.patch: blkback:\n dont fail empty barrier requests.\n\n - patches.xen/1091-xenbus-dev-no-BUG.patch: xenbus: dont\n BUG() on user mode induced conditions. (bnc#696107)\n\n - patches.xen/1098-blkfront-cdrom-ioctl-check.patch:\n blkfront: avoid NULL de-reference in CDROM ioctl\n handling. (bnc#701355)\n\n - patches.xen/1102-x86-max-contig-order.patch: x86: use\n dynamically adjusted upper bound for contiguous regions.\n (bnc#635880)\n\n -\n patches.xen/xen3-x86-sanitize-user-specified-e820-memmap\n -values.patch: x86: sanitize user specified e820 memmap\n values. (bnc#665543)\n\n -\n patches.fixes/libiscsi-dont-run-scsi-eh-if-iscsi-task-is\n -making-progress: Fix typo, which was uncovered in debug\n mode.\n\n - patches.fixes/pacct-fix-sighand-siglock-usage.patch: Fix\n sighand->siglock usage in kernel/acct.c. (bnc#705463)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0726.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1017.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1093.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1585.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1745.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1746.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1776.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2022.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2182.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2491.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2496.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-3191.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7734.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"i586\", reference:\"kernel-bigsmp-2.6.16.60-0.83.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"i586\", reference:\"kernel-debug-2.6.16.60-0.83.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"i586\", reference:\"kernel-default-2.6.16.60-0.83.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"i586\", reference:\"kernel-kdump-2.6.16.60-0.83.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"i586\", reference:\"kernel-kdumppae-2.6.16.60-0.83.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"i586\", reference:\"kernel-smp-2.6.16.60-0.83.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"i586\", reference:\"kernel-source-2.6.16.60-0.83.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"i586\", reference:\"kernel-syms-2.6.16.60-0.83.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"i586\", reference:\"kernel-vmi-2.6.16.60-0.83.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"i586\", reference:\"kernel-vmipae-2.6.16.60-0.83.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"i586\", reference:\"kernel-xen-2.6.16.60-0.83.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"i586\", reference:\"kernel-xenpae-2.6.16.60-0.83.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:28:53", "description": "Updated kernel packages that fix several security issues, various bugs, and add an enhancement are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity fixes :\n\n* An integer overflow flaw in ib_uverbs_poll_cq() could allow a local, unprivileged user to cause a denial of service or escalate their privileges. (CVE-2010-4649, Important)\n\n* An integer signedness flaw in drm_modeset_ctl() could allow a local, unprivileged user to cause a denial of service or escalate their privileges. (CVE-2011-1013, Important)\n\n* The Radeon GPU drivers in the Linux kernel were missing sanity checks for the Anti Aliasing (AA) resolve register values which could allow a local, unprivileged user to cause a denial of service or escalate their privileges on systems using a graphics card from the ATI Radeon R300, R400, or R500 family of cards. (CVE-2011-1016, Important)\n\n* A flaw in dccp_rcv_state_process() could allow a remote attacker to cause a denial of service, even when the socket was already closed.\n(CVE-2011-1093, Important)\n\n* A flaw in the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation could allow a remote attacker to cause a denial of service if the sysctl 'net.sctp.addip_enable' and 'auth_enable' variables were turned on (they are off by default). (CVE-2011-1573, Important)\n\n* A memory leak in the inotify_init() system call. In some cases, it could leak a group, which could allow a local, unprivileged user to eventually cause a denial of service. (CVE-2010-4250, Moderate)\n\n* A missing validation of a null-terminated string data structure element in bnep_sock_ioctl() could allow a local user to cause an information leak or a denial of service. (CVE-2011-1079, Moderate)\n\n* An information leak in bcm_connect() in the Controller Area Network (CAN) Broadcast Manager implementation could allow a local, unprivileged user to leak kernel mode addresses in '/proc/net/can-bcm'. (CVE-2010-4565, Low)\n\n* A flaw was found in the Linux kernel's Integrity Measurement Architecture (IMA) implementation. When SELinux was disabled, adding an IMA rule which was supposed to be processed by SELinux would cause ima_match_rules() to always succeed, ignoring any remaining rules.\n(CVE-2011-0006, Low)\n\n* A missing initialization flaw in the XFS file system implementation could lead to an information leak. (CVE-2011-0711, Low)\n\n* Buffer overflow flaws in snd_usb_caiaq_audio_init() and snd_usb_caiaq_midi_init() could allow a local, unprivileged user with access to a Native Instruments USB audio device to cause a denial of service or escalate their privileges. (CVE-2011-0712, Low)\n\n* The start_code and end_code values in '/proc/[pid]/stat' were not protected. In certain scenarios, this flaw could be used to defeat Address Space Layout Randomization (ASLR). (CVE-2011-0726, Low)\n\n* A flaw in dev_load() could allow a local user who has the CAP_NET_ADMIN capability to load arbitrary modules from '/lib/modules/', instead of only netdev modules. (CVE-2011-1019, Low)\n\n* A flaw in ib_uverbs_poll_cq() could allow a local, unprivileged user to cause an information leak. (CVE-2011-1044, Low)\n\n* A missing validation of a null-terminated string data structure element in do_replace() could allow a local user who has the CAP_NET_ADMIN capability to cause an information leak. (CVE-2011-1080, Low)\n\nRed Hat would like to thank Vegard Nossum for reporting CVE-2010-4250;\nVasiliy Kulikov for reporting CVE-2011-1079, CVE-2011-1019, and CVE-2011-1080; Dan Rosenberg for reporting CVE-2010-4565 and CVE-2011-0711; Rafael Dominguez Vega for reporting CVE-2011-0712; and Kees Cook for reporting CVE-2011-0726.\n\nThis update also fixes various bugs and adds an enhancement.\nDocumentation for these changes will be available shortly from the Technical Notes document linked to in the References section.\n\nUsers should upgrade to these updated packages, which contain backported patches to resolve these issues, and fix the bugs and add the enhancement noted in the Technical Notes. The system must be rebooted for this update to take effect.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2011-05-11T00:00:00", "type": "nessus", "title": "RHEL 6 : kernel (RHSA-2011:0498)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-4250", "CVE-2010-4565", "CVE-2010-4649", "CVE-2011-0006", "CVE-2011-0711", "CVE-2011-0712", "CVE-2011-0726", "CVE-2011-1013", "CVE-2011-1016", "CVE-2011-1019", "CVE-2011-1044", "CVE-2011-1079", "CVE-2011-1080", "CVE-2011-1093", "CVE-2011-1573"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-i686", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-firmware", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.0"], "id": "REDHAT-RHSA-2011-0498.NASL", "href": "https://www.tenable.com/plugins/nessus/53867", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:0498. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53867);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-4250\", \"CVE-2010-4565\", \"CVE-2010-4649\", \"CVE-2011-0006\", \"CVE-2011-0711\", \"CVE-2011-0712\", \"CVE-2011-0726\", \"CVE-2011-1013\", \"CVE-2011-1016\", \"CVE-2011-1019\", \"CVE-2011-1044\", \"CVE-2011-1079\", \"CVE-2011-1080\", \"CVE-2011-1093\", \"CVE-2011-1573\");\n script_bugtraq_id(46417, 46419, 46488, 46557, 46616, 46793, 47308, 47639, 47792);\n script_xref(name:\"RHSA\", value:\"2011:0498\");\n\n script_name(english:\"RHEL 6 : kernel (RHSA-2011:0498)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix several security issues, various\nbugs, and add an enhancement are now available for Red Hat Enterprise\nLinux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity fixes :\n\n* An integer overflow flaw in ib_uverbs_poll_cq() could allow a local,\nunprivileged user to cause a denial of service or escalate their\nprivileges. (CVE-2010-4649, Important)\n\n* An integer signedness flaw in drm_modeset_ctl() could allow a local,\nunprivileged user to cause a denial of service or escalate their\nprivileges. (CVE-2011-1013, Important)\n\n* The Radeon GPU drivers in the Linux kernel were missing sanity\nchecks for the Anti Aliasing (AA) resolve register values which could\nallow a local, unprivileged user to cause a denial of service or\nescalate their privileges on systems using a graphics card from the\nATI Radeon R300, R400, or R500 family of cards. (CVE-2011-1016,\nImportant)\n\n* A flaw in dccp_rcv_state_process() could allow a remote attacker to\ncause a denial of service, even when the socket was already closed.\n(CVE-2011-1093, Important)\n\n* A flaw in the Linux kernel's Stream Control Transmission Protocol\n(SCTP) implementation could allow a remote attacker to cause a denial\nof service if the sysctl 'net.sctp.addip_enable' and 'auth_enable'\nvariables were turned on (they are off by default). (CVE-2011-1573,\nImportant)\n\n* A memory leak in the inotify_init() system call. In some cases, it\ncould leak a group, which could allow a local, unprivileged user to\neventually cause a denial of service. (CVE-2010-4250, Moderate)\n\n* A missing validation of a null-terminated string data structure\nelement in bnep_sock_ioctl() could allow a local user to cause an\ninformation leak or a denial of service. (CVE-2011-1079, Moderate)\n\n* An information leak in bcm_connect() in the Controller Area Network\n(CAN) Broadcast Manager implementation could allow a local,\nunprivileged user to leak kernel mode addresses in\n'/proc/net/can-bcm'. (CVE-2010-4565, Low)\n\n* A flaw was found in the Linux kernel's Integrity Measurement\nArchitecture (IMA) implementation. When SELinux was disabled, adding\nan IMA rule which was supposed to be processed by SELinux would cause\nima_match_rules() to always succeed, ignoring any remaining rules.\n(CVE-2011-0006, Low)\n\n* A missing initialization flaw in the XFS file system implementation\ncould lead to an information leak. (CVE-2011-0711, Low)\n\n* Buffer overflow flaws in snd_usb_caiaq_audio_init() and\nsnd_usb_caiaq_midi_init() could allow a local, unprivileged user with\naccess to a Native Instruments USB audio device to cause a denial of\nservice or escalate their privileges. (CVE-2011-0712, Low)\n\n* The start_code and end_code values in '/proc/[pid]/stat' were not\nprotected. In certain scenarios, this flaw could be used to defeat\nAddress Space Layout Randomization (ASLR). (CVE-2011-0726, Low)\n\n* A flaw in dev_load() could allow a local user who has the\nCAP_NET_ADMIN capability to load arbitrary modules from\n'/lib/modules/', instead of only netdev modules. (CVE-2011-1019, Low)\n\n* A flaw in ib_uverbs_poll_cq() could allow a local, unprivileged user\nto cause an information leak. (CVE-2011-1044, Low)\n\n* A missing validation of a null-terminated string data structure\nelement in do_replace() could allow a local user who has the\nCAP_NET_ADMIN capability to cause an information leak. (CVE-2011-1080,\nLow)\n\nRed Hat would like to thank Vegard Nossum for reporting CVE-2010-4250;\nVasiliy Kulikov for reporting CVE-2011-1079, CVE-2011-1019, and\nCVE-2011-1080; Dan Rosenberg for reporting CVE-2010-4565 and\nCVE-2011-0711; Rafael Dominguez Vega for reporting CVE-2011-0712; and\nKees Cook for reporting CVE-2011-0726.\n\nThis update also fixes various bugs and adds an enhancement.\nDocumentation for these changes will be available shortly from the\nTechnical Notes document linked to in the References section.\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to resolve these issues, and fix the bugs and add\nthe enhancement noted in the Technical Notes. The system must be\nrebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-4250\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-4565\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-4649\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0006\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0711\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0712\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0726\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1013\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1016\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1019\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1044\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1079\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1080\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1093\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1573\"\n );\n # http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?056c0c27\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:0498\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/12/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2010-4250\", \"CVE-2010-4565\", \"CVE-2010-4649\", \"CVE-2011-0006\", \"CVE-2011-0711\", \"CVE-2011-0712\", \"CVE-2011-0726\", \"CVE-2011-1013\", \"CVE-2011-1016\", \"CVE-2011-1019\", \"CVE-2011-1044\", \"CVE-2011-1079\", \"CVE-2011-1080\", \"CVE-2011-1093\", \"CVE-2011-1573\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2011:0498\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:0498\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-2.6.32-71.29.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-2.6.32-71.29.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-2.6.32-71.29.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-2.6.32-71.29.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-2.6.32-71.29.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.32-71.29.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-debuginfo-2.6.32-71.29.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-debuginfo-2.6.32-71.29.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-2.6.32-71.29.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-devel-2.6.32-71.29.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-devel-2.6.32-71.29.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.32-71.29.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debuginfo-2.6.32-71.29.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debuginfo-2.6.32-71.29.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-2.6.32-71.29.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debuginfo-common-i686-2.6.32-71.29.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debuginfo-common-s390x-2.6.32-71.29.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-2.6.32-71.29.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-devel-2.6.32-71.29.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-devel-2.6.32-71.29.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.32-71.29.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-doc-2.6.32-71.29.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-firmware-2.6.32-71.29.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-headers-2.6.32-71.29.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-headers-2.6.32-71.29.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.32-71.29.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-2.6.32-71.29.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-debuginfo-2.6.32-71.29.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-devel-2.6.32-71.29.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"perf-2.6.32-71.29.1.el6\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debug / kernel-debug-debuginfo / kernel-debug-devel / etc\");\n }\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:39:19", "description": "[2.6.18-238.19.1.0.1.el5]\n- [scsi] remove printk's when doing I/O to a dead device (John Sobecki, Chris Mason)\n [orabug 12342275]\n- [char] ipmi: Fix IPMI errors due to timing problems (Joe Jin) [orabug 12561346]\n- [scsi] Fix race when removing SCSI devices (Joe Jin) [orabug 12404566]\n- bonding: reread information about speed and duplex when interface goes up (John Haxby) [orabug 11890822]\n- [scsi] fix scsi hotplug and rescan race [orabug 10260172]\n- fix filp_close() race (Joe Jin) [orabug 10335998]\n- fix missing aio_complete() in end_io (Joel Becker) [orabug 10365195]\n- make xenkbd.abs_pointer=1 by default [orabug 67188919]\n- [xen] check to see if hypervisor supports memory reservation change\n (Chuck Anderson) [orabug 7556514]\n- [net] Enable entropy for bnx2,bnx2x,e1000e,igb,ixgb,ixgbe,ixgbevf (John Sobecki)\n [orabug 10315433]\n- [NET] Add xen pv netconsole support (Tina Yang) [orabug 6993043] [bz 7258]\n- [mm] shrink_zone patch (John Sobecki,Chris Mason) [orabug 6086839]\n- fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042]\n- [rds] Patch rds to 1.4.2-20 (Andy Grover) [orabug 9471572, 9344105]\n RDS: Fix BUG_ONs to not fire when in a tasklet\n ipoib: Fix lockup of the tx queue\n RDS: Do not call set_page_dirty() with irqs off (Sherman Pun)\n RDS: Properly unmap when getting a remote access error (Tina Yang)\n RDS: Fix locking in rds_send_drop_to()\n- [qla] fix qla not to query hccr (Guru Anbalagane) [Orabug 8746702]\n- [nfs] too many getattr and access calls after direct I/O [orabug 9348191]\n- [xen] PVHVM guest with PoD crashes under memory pressure (Chuck Anderson)\n [orabug 9107465]\n- [xen] PV guest with FC HBA hangs during shutdown (Chuck Anderson)\n [orabug 9764220]\n- Support 256GB+ memory for pv guest (Mukesh Rathor) [orabug 9450615]\n- fix overcommit memory to use percpu_counter for el5 (KOSAKI Motohiro,\n Guru Anbalagane) [orabug 6124033]\n- [ipmi] make configurable timeouts for kcs of ipmi [orabug 9752208]\n- [ib] fix memory corruption (Andy Grover) [orabug 9972346]\n- [aio] patch removes limit on number of retries (Srinivas Eeda) [orabug 10044782]\n- [loop] Do not call loop_unplug for not configured loop device (orabug 10314497)\n[2.6.18-238.19.1.el5]\n- Revert: [xen] hvm: svm support cleanups (Andrew Jones) [703715 702657] {CVE-2011-1780}\n- Revert: [xen] hvm: secure svm_cr_access (Andrew Jones) [703715 702657] {CVE-2011-1780}\n- Revert: [xen] let __get_instruction_length always read into own buffer (Paolo Bonzini) [719066 717742]\n- Revert: [xen] remove unused argument to __get_instruction_length (Phillip Lougher) [719066 717742]\n- Revert: [xen] prep __get_instruction_length_from_list for partial buffers (Paolo Bonzini) [719066 717742]\n- Revert: [xen] disregard trailing bytes in an invalid page (Paolo Bonzini) [719066 717742]\n[2.6.18-238.18.1.el5]\n- [xen] disregard trailing bytes in an invalid page (Paolo Bonzini) [719066 717742]\n- [xen] prep __get_instruction_length_from_list for partial buffers (Paolo Bonzini) [719066 717742]\n- [xen] remove unused argument to __get_instruction_length (Phillip Lougher) [719066 717742]\n- [xen] let __get_instruction_length always read into own buffer (Paolo Bonzini) [719066 717742]\n[2.6.18-238.17.1.el5]\n- [net] bluetooth: l2cap and rfcomm: fix info leak to userspace (Thomas Graf) [703020 703021] {CVE-2011-2492}\n- [net] inet_diag: fix inet_diag_bc_audit data validation (Thomas Graf) [714538 714539] {CVE-2011-2213}\n- [misc] signal: fix kill signal spoofing issue (Oleg Nesterov) [690030 690031] {CVE-2011-1182}\n- [fs] proc: fix signedness issue in next_pidmap (Oleg Nesterov) [697826 697827] {CVE-2011-1593}\n- [char] agp: fix OOM and buffer overflow (Jerome Marchand) [699009 699010] {CVE-2011-1746}\n- [char] agp: fix arbitrary kernel memory writes (Jerome Marchand) [699005 699006] {CVE-2011-2022 CVE-2011-1745}\n- [infiniband] core: Handle large number of entries in poll CQ (Jay Fenlason) [668370 668371] {CVE-2011-1044 CVE-2010-4649}\n- [infiniband] core: fix panic in ib_cm:cm_work_handler (Jay Fenlason) [679995 679996] {CVE-2011-0695}\n- [fs] validate size of EFI GUID partition entries (Anton Arapov) [703027 703028] {CVE-2011-1776}\n[2.6.18-238.16.1.el5]\n- [xen] hvm: secure vmx cpuid (Andrew Jones) [706324 706323] {CVE-2011-1936}\n- [xen] hvm: secure svm_cr_access (Andrew Jones) [703715 702657] {CVE-2011-1780}\n- [xen] hvm: svm support cleanups (Andrew Jones) [703715 702657] {CVE-2011-1780}\n[2.6.18-238.15.1.el5]\n- [block] cciss: reading a write only register causes a hang (Phillip Lougher) [713948 696153]\n- [fs] gfs2: fix resource group bitmap corruption (Robert S Peterson) [711519 690555]\n- [net] sctp: fix calc of INIT/INIT-ACK chunk length to set (Thomas Graf) [695384 695385] {CVE-2011-1573}\n- [fs] xfs: prevent leaking uninit stack memory in FSGEOMETRY_V1 p2 (Phillip Lougher) [677265 677266] {CVE-2011-0711}\n- [fs] xfs: prevent leaking uninit stack memory in FSGEOMETRY_V1 (Phillip Lougher) [677265 677266] {CVE-2011-0711}\n- [net] core: Fix memory leak/corruption on VLAN GRO_DROP (Herbert Xu) [695174 691565] {CVE-2011-1576}\n- [pci] SRIOV: release VF BAR resources when device is hot unplug (Don Dutile) [707899 698879]\n- [scsi] iscsi_tcp: fix iscsi's sk_user_data access (Mike Christie) [703056 677703]\n- [message] mptfusion: add ioc_reset_in_progress reset in SoftReset (Tomas Henzl) [712034 662160]\n[2.6.18-238.14.1.el5]\n- [input] evdev: implement proper locking (Marc Milgram) [710426 680561]\n- [input] evdev: rename list to client in handlers (Marc Milgram) [710426 680561]\n[2.6.18-238.13.1.el5]\n- [fs] gfs2: fix processes waiting on already-available inode glock (Phillip Lougher) [709767 694669]", "cvss3": {}, "published": "2011-07-18T00:00:00", "type": "oraclelinux", "title": "kernel security and bug fix update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2011-1746", "CVE-2011-0695", "CVE-2010-4649", "CVE-2011-1776", "CVE-2011-1576", "CVE-2011-1573", "CVE-2011-2492", "CVE-2011-1780", "CVE-2011-0711", "CVE-2011-2022", "CVE-2011-1044", "CVE-2011-1593", "CVE-2011-1936", "CVE-2011-2213", "CVE-2011-1745", "CVE-2011-1182"], "modified": "2011-07-18T00:00:00", "id": "ELSA-2011-0927", "href": "http://linux.oracle.com/errata/ELSA-2011-0927.html", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:18", "description": "[2.6.18-274.el5]\n- [xen] svm: fix invlpg emulator regression (Paolo Bonzini) [719894]\n[2.6.18-273.el5]\n- Revert: [fs] proc: Fix rmmod/read/write races in /proc entries (Jarod Wilson) [717068]\n- [xen] disregard trailing bytes in an invalid page (Paolo Bonzini) [717742]\n- [xen] prep __get_instruction_length_from_list for partial buffers (Paolo Bonzini) [717742]\n- [xen] remove unused argument to __get_instruction_length (Paolo Bonzini) [717742]\n- [xen] let __get_instruction_length always read into own buffer (Paolo Bonzini) [717742]\n[2.6.18-272.el5]\n- [xen] x86: spinlock support for up to 255 CPUs (Laszlo Ersek) [713123]\n- [xen] remove block scope mtrr identifiers shadowing file scope (Laszlo Ersek) [713123]\n- [xen] Actually hold back MTRR init while booting secondary CPUs (Laszlo Ersek) [713123]\n- [xen] remove unused mtrr_bp_restore (Laszlo Ersek) [713123]\n- [xen] x86: Fix crash on amd iommu systems (Igor Mammedov) [714275]\n[2.6.18-271.el5]\n- [net] igmp: ip_mc_clear_src only when we no users of ip_mc_list (Veaceslav Falico) [707179]\n- [scsi] cxgb3i: fix programing of dma page sizes (Neil Horman) [710498]\n- [xen] hvm: secure vmx cpuid (Andrew Jones) [706325] {CVE-2011-1936}\n- [xen] hvm: secure svm_cr_access (Andrew Jones) [703716] {CVE-2011-1780}\n- [xen] hvm: svm support cleanups (Andrew Jones) [703716] {CVE-2011-1780}\n[2.6.18-270.el5]\n- [fs] proc: fix compile warning in pdeaux addition (Jarod Wilson) [675781]\n- [net] bluetooth: l2cap and rfcomm: fix info leak to userspace (Thomas Graf) [703021]\n- [net] inet_diag: fix inet_diag_bc_audit data validation (Thomas Graf) [714539] {CVE-2011-2213}\n- [misc] signal: fix kill signal spoofing issue (Oleg Nesterov) [690031] {CVE-2011-1182}\n- [fs] proc: fix signedness issue in next_pidmap (Oleg Nesterov) [697827] {CVE-2011-1593}\n- [char] agp: fix OOM and buffer overflow (Jerome Marchand) [699010] {CVE-2011-1746}\n- [char] agp: fix arbitrary kernel memory writes (Jerome Marchand) [699006] {CVE-2011-1745 CVE-2011-2022}\n- [net] be2net: fix queue creation order and pci error recovery (Ivan Vecera) [711653]\n- [infiniband] core: Handle large number of entries in poll CQ (Jay Fenlason) [668371] {CVE-2010-4649 CVE-2011-1044}\n- [infiniband] core: fix panic in ib_cm:cm_work_handler (Jay Fenlason) [679996] {CVE-2011-0695}\n- [fs] validate size of EFI GUID partition entries (Anton Arapov) [703026] {CVE-2011-1776}\n[2.6.18-269.el5]\n- [mm] only throttle page dirtying for specially marked BDIs (Jeff Layton) [711450]\n- Revert: [base] Fix potential deadlock in driver core (Don Zickus) [703084]\n- [fs] proc: Fix rmmod/read/write races in /proc entries (David Howells) [675781]\n- [scsi] qla4xxx: Update driver version to V5.02.04.01.05.07-d0 (Chad Dupuis) [704153]\n- [scsi] qla4xxx: clear SCSI COMPLETION INTR bit during F/W init (Chad Dupuis) [704153]\n- [usb] wacom: add support for DTU-2231 (Aristeu Rozanski) [683549]\n- [xen] fix MAX_EVTCHNS definition (Laszlo Ersek) [701243] {CVE-2011-1763}\n[2.6.18-268.el5]\n- [net] sctp: fix calc of INIT/INIT-ACK chunk length to set (Thomas Graf) [695385] {CVE-2011-1573}\n- [scsi] ibmvfc: Fix Virtual I/O failover hang (Steve Best) [710477]\n- [kernel] irq: Note and disable spurious interrupts on kexec (Prarit Bhargava) [611407]\n- [net] bnx2x: Update firmware to 6.2.9 (Michal Schmidt) [711079]\n- [net] bnx2x: Update bnx2x_firmware.h to version 6.2.9 (Michal Schmidt) [711079]\n- [net] xt_hashlimit: fix race between htable_destroy and htable_gc (Jiri Pirko) [705905]\n- [fs] cifs: clear write bits if ATTR_READONLY is set (Justin Payne) [700263]\n- [net] bna: clear some statistics before filling them (Ivan Vecera) [711990]\n- [net] ixgbe: Disable RSC by default (Herbert Xu) [703416]\n- [scsi] isci: fix scattergather list handling for smp commands (David Milburn) [710584]\n- [net] netconsole: prevent setup netconsole on a slave device (Amerigo Wang) [698873]\n[2.6.18-267.el5]\n- [fs] xfs: prevent leaking uninit stack memory in FSGEOMETRY_V1 p2 (Phillip Lougher) [677266] {CVE-2011-0711}\n- [fs] xfs: prevent leaking uninit stack memory in FSGEOMETRY_V1 (Phillip Lougher) [677266] {CVE-2011-0711}\n- [net] core: Fix memory leak/corruption on VLAN GRO_DROP (Herbert Xu) [691565] {CVE-2011-1576}\n[2.6.18-266.el5]\n- [scsi] megaraid: update to driver version 5.38-rh1 (Tomas Henzl) [706244]\n- [block] cciss: fix mapping of config table (Tomas Henzl) [695493]\n- [block] cciss: fix dev_info null pointer deref after freeing h (Tomas Henzl) [695493]\n- [block] cciss: do not call request_irq with spinlocks held (Tomas Henzl) [695493]\n- [block] cciss: prototype cciss_sent_reset to fix error (Tomas Henzl) [695493]\n- [block] cciss: mark functions as dev_init to clean up warnings (Tomas Henzl) [695493]\n- [block] cciss: timeout if soft reset fails (Tomas Henzl) [695493]\n- [block] cciss: use cmd_alloc for kdump (Tomas Henzl) [695493]\n- [block] cciss: Use cciss not hpsa in init_driver_version (Tomas Henzl) [695493]\n- [block] cciss: reduce stack usage a reset verifying code (Tomas Henzl) [695493]\n- [block] cciss: do not store pci state on stack (Tomas Henzl) [695493]\n- [block] cciss: no PCI power management reset method if known bad (Tomas Henzl) [695493]\n- [block] cciss: increase timeouts for post-reset no-ops (Tomas Henzl) [695493]\n- [block] cciss: remove superfluous sleeps around reset code (Tomas Henzl) [695493]\n- [block] cciss: do soft reset if hard reset is broken (Tomas Henzl) [695493]\n- [block] cciss: flush writes in interrupt mask setting code (Tomas Henzl) [695493]\n- [block] cciss: clarify messages around reset behavior (Tomas Henzl) [695493]\n- [block] cciss: increase time to wait for board reset to start (Tomas Henzl) [695493]\n- [block] cciss: get rid of message related magic numbers (Tomas Henzl) [695493]\n- [block] cciss: factor out irq request code (Tomas Henzl) [695493]\n- [block] cciss: factor out scatterlist allocation functions (Tomas Henzl) [695493]\n- [block] cciss: factor out command pool allocation functions (Tomas Henzl) [695493]\n- [block] cciss: Define print_cmd even without tape support (Tomas Henzl) [695493]\n- [block] cciss: do not use bit 2 doorbell reset (Tomas Henzl) [695493]\n- [block] cciss: use new doorbell-bit-5 reset method (Tomas Henzl) [695493]\n- [block] cciss: improve controller reset failure detection (Tomas Henzl) [695493]\n- [block] cciss: wait longer after resetting controller (Tomas Henzl) [695493]\n- [infiniband] cxgb4: Use completion objects for event blocking (Steve Best) [708081]\n- [fs] ext4: fix quota deadlock (Eric Sandeen) [702197]\n- [fs] ext3, ext4: update ctime when changing permission by setfacl (Eric Sandeen) [709224]\n- [scsi] bfa: properly reinitialize adapter during kdump (Rob Evers) [710300]\n- [scsi] lpfc: Update for 8.2.0.96.2p release (Rob Evers) [707336]\n- [scsi] lpfc: Fix back to back Flogis sent without logo (Rob Evers) [707336]\n- [scsi] lpfc: Fix not updating wwnn and wwpn after name change (Rob Evers) [707336]\n- [scsi] lpfc: Fix CT command never completing on Big Endian host (Rob Evers) [707336]\n- [scsi] lpfc: Revert fix that introduced a race condition (Rob Evers) [707336]\n- [scsi] lpfc: Fix crash in rpi clean when driver load fails (Rob Evers) [707336]\n- [scsi] lpfc: fix limiting RPI Count to a minimum of 64 (Rob Evers) [707336]\n- [scsi] lpfc: fix overriding CT field for SLI4 IF type 2 (Rob Evers) [707336]\n- [scsi] lpfc: force retry in queuecommand when port transitioning (Rob Evers) [707336]\n- [scsi] lpfc: Update version for 8.2.0.96.1p release (Rob Evers) [698432]\n- [scsi] lpfc: Fix double byte swap on received RRQ (Rob Evers) [698432]\n- [scsi] lpfc: Fix Vports not sending FDISC after lips (Rob Evers) [698432]\n- [scsi] lpfc: Fix system crash during driver unload (Rob Evers) [698432]\n- [scsi] lpfc: Fix FCFI incorrect on received unsolicited frames (Rob Evers) [698432]\n- [scsi] lpfc: Fix driver sending FLOGI to a disconnected FCF (Rob Evers) [698432]\n- [scsi] lpfc: Fix bug with incorrect BLS Response to BLS Abort (Rob Evers) [698432]\n- [scsi] lpfc: Fix adapter on Powerpc unable to login into Fabric (Rob Evers) [698432]\n- [pci] export msi_desc struct and msi_desc array (Prarit Bhargava) [697666]\n- [net] bonding: prevent deadlock on slave store with alb mode (Neil Horman) [706414]\n- [net] mlx4: Fix dropped promiscuity flag (Michael S. Tsirkin) [592370]\n- [edac] amd64_edac: Fix NULL pointer on Interlagos (Mauro Carvalho Chehab) [705040 709529]\n- [scsi] ses: fix ses_set_fault() to set the fault LED function (James Takahashi) [682351]\n- [redhat] configs: config file changes for SES Enablement (James Takahashi) [682351]\n- [misc] enclosure: return ERR_PTR() on error (James Takahashi) [682351]\n- [misc] enclosure: fix oops while iterating enclosure_status array (James Takahashi) [682351]\n- [scsi] ses: fix VPD inquiry overrun (James Takahashi) [682351]\n- [scsi] ses: Fix timeout (James Takahashi) [682351]\n- [scsi] ses: fix data corruption (James Takahashi) [682351]\n- [scsi] ses: fix memory leaks (James Takahashi) [682351]\n- [scsi] ses: add new Enclosure ULD (James Takahashi) [682351]\n- [misc] enclosure: add support for enclosure services (James Takahashi) [682351]\n- [net] tg3: Include support for Broadcom 5719/5720 (John Feeney) [654956 696182 707299]\n- [misc] module: remove over-zealous check in __module_get() (Jon Masters) [616125]\n- [redhat] kabi: Add pci_ioremap_bar and pci_reset_function to kABI (Jon Masters) [677683]\n- [redhat] kabi: Add dm_put to kABI (Jon Masters) [707003]\n- [redhat] kabi: Add compat_alloc_user_space to kABI (Jon Masters) [703167]\n- [redhat] kabi: Add random32 and srandom32 to kABI (Jon Masters) [668815]\n- [redhat] kabi: Add cancel_work_sync to kABI (Jon Masters) [664991]\n- [net] bna: add r suffix to the driver version (Ivan Vecera) [709951]\n- [net] bna: fix for clean fw re-initialization (Ivan Vecera) [709951]\n- [net] bna: fix memory leak during RX path cleanup (Ivan Vecera) [709951]\n- [net] bridge: Disable multicast snooping by default (Herbert Xu) [506630]\n- [net] bonding: fix block_netpoll_tx imbalance (Andy Gospodarek) [704426]\n- [scsi] qla2xxx: Fix virtual port login failure after chip reset (Chad Dupuis) [703879]\n- [scsi] qla2xxx: fix dsd_list_len for dsd_chaining in cmd type 6 (Chad Dupuis) [703879]\n- [net] force new skbs to allocate a minimum of 16 frags (Amerigo Wang) [694308]\n- [pci] intel-iommu: Flush unmaps at domain_exit (Alex Williamson) [705455]\n- [pci] intel-iommu: Only unlink device domains from iommu (Alex Williamson) [705455]\n[2.6.18-265.el5]\n- [scsi] be2iscsi: Fix MSIX interrupt names (Prarit Bhargava) [704735]\n- [misc] signal: fix SIGPROF keeps large task from completing fork (Oleg Nesterov) [645528]\n- [fs] gfs2: fix processes waiting on already-available inode glock (Robert S Peterson) [694669]\n- Revert: [pci] msi: remove infiniband compat code (Prarit Bhargava) [636260]\n- Revert: [pci] msi: use msi_desc save areas in drivers/pci code (Prarit Bhargava) [636260]\n- Revert: [pci] msi: use msi_desc save areas in msi state functions (Prarit Bhargava) [636260]\n- Revert: [pci] msi: remove pci_save_msi|x_state() functions (Prarit Bhargava) [636260]\n- [s390] mm: diagnose 10 does not release memory above 2GB (Hendrik Brueckner) [701275]\n- [input] evdev: implement proper locking (Marc Milgram) [680561]\n- [input] evdev: rename list to client in handlers (Marc Milgram) [680561]\n- [net] netpoll: disable netpoll when enslave a device (Amerigo Wang) [698873]\n- [net] disable lro on phys device when dev is a vlan (Neil Horman) [696374]\n- [scsi] qla2xxx: Update version number to 8.03.07.03.05.07-k (Chad Dupuis) [686462]\n- [scsi] qla2xxx: Free firmware PCB on logout request (Chad Dupuis) [686462]\n- [scsi] qla2xxx: dump registers for more info about ISP82xx errors (Chad Dupuis) [686462]\n- [scsi] qla2xxx: Updated the reset sequence for ISP82xx (Chad Dupuis) [686462]\n- [scsi] qla2xxx: Update copyright banner (Chad Dupuis) [686462]\n- [scsi] qla2xxx: Perform FCoE context reset before adapter reset (Chad Dupuis) [686462]\n- [scsi] qla2xxx: Limit logs in case device state does not change (Chad Dupuis) [686462]\n- [scsi] qla2xxx: Abort pending commands for faster reset recovery (Chad Dupuis) [686462]\n- [scsi] qla2xxx: Check for match before setting FCP-priority info (Chad Dupuis) [686462]\n- [scsi] qla2xxx: Display PortID info during FCP command-status (Chad Dupuis) [686462]\n[2.6.18-264.el5]\n- [misc] Introduce pci_map_biosrom, kernel-xen variant (David Milburn) [651837]\n[2.6.18-263.el5]\n- [misc] vsyscall: remove code changing syscall instructions to nop (Ulrich Obergfell) [689546]\n- [scsi] mpt2sas: move fault event handling into process context (Tomas Henzl) [705398]\n- [scsi] ibmvscsi: Improve CRQ reset reliability (Steve Best) [704963]\n- [infiniband] cxgb4: Reset wait condition atomically (Steve Best) [703925]\n- [infiniband] cxgb4: fix driver hang on EEH error (Steve Best) [703925]\n- [fs] xfs: serialise unaligned direct IOs (Eric Sandeen) [689830]\n- [fs] ext4: serialize unaligned asynchronous DIO (Eric Sandeen) [689830]\n- [misc] Add printk_timed_ratelimit (Eric Sandeen) [689830]\n- [fs] set stats st_blksize to fs blocksize not page size (Eric Sandeen) [695168]\n- [pci] Disable PCI MSI/X on portable hardware (Prarit Bhargava) [703340]\n- [usb] ehci: Disable disconnect/connect wakeups (Matthew Garrett) [703344]\n- [fs] cifs: fix cifsConvertToUCS for the mapchars case (Jeff Layton) [705324]\n- [fs] nfs: set d_op on newly allocated dentries in nfs_rename (Jeff Layton) [702533]\n- [fs] nfs: Fix build break with CONFIG_NFS_V4=n (Harshula Jayasuriya) [702355]\n- [scsi] isci: enable building driver (David Milburn) [651837]\n- [scsi] libsas: flush initial device discovery before completing (David Milburn) [651837]\n- [scsi] libsas: fix up device gone notification in sas_deform_port (David Milburn) [651837]\n- [scsi] libsas: fix runaway error handler problem (David Milburn) [651837]\n- [scsi] isci: validate oem parameters early, and fallback (David Milburn) [651837]\n- [scsi] isci: fix oem parameter header definition (David Milburn) [651837]\n- [scsi] isci: fix fragile/conditional isci_host lookups (David Milburn) [651837]\n- [scsi] isci: cleanup isci_remote_device[_not]_ready interface (David Milburn) [651837]\n- [scsi] isci: Qualify when lock managed for STP/SATA callbacks (David Milburn) [651837]\n- [scsi] isci: Fix use of SATA soft reset state machine (David Milburn) [651837]\n- [scsi] isci: Free lock for abort escalation at submit time (David Milburn) [651837]\n- [scsi] isci: Properly handle requests in aborting state (David Milburn) [651837]\n- [scsi] isci: Remove screaming data types (David Milburn) [651837]\n- [scsi] isci: remove unused remote_device_started (David Milburn) [651837]\n- [scsi] isci: namespacecheck cleanups (David Milburn) [651837]\n- [scsi] isci: kill some long macros (David Milburn) [651837]\n- [scsi] isci: reorder init to cleanup unneeded declarations (David Milburn) [651837]\n- [scsi] isci: Remove event_* calls as they are just wrappers (David Milburn) [651837]\n- [scsi] isci: fix apc mode definition (David Milburn) [651837]\n- [scsi] isci: Revert task gating change handled by libsas (David Milburn) [651837]\n- [scsi] isci: reset hardware at init (David Milburn) [651837]\n- [scsi] isci: Revert unneeded error path fixes (David Milburn) [651837]\n- [scsi] isci: misc fixes (David Milburn) [651837]\n- [scsi] isci: add firmware support (David Milburn) [651837]\n- [scsi] isci: lldd support (David Milburn) [651837]\n- [scsi] isci: add core common definitions and utility functions (David Milburn) [651837]\n- [scsi] isci: add core base state machine and memory descriptors (David Milburn) [651837]\n- [scsi] isci: add core unsolicited frame handling and registers (David Milburn) [651837]\n- [scsi] isci: add core request support (David Milburn) [651837]\n- [scsi] isci: add core stp support (David Milburn) [651837]\n- [scsi] isci: add core remote node context support (David Milburn) [651837]\n- [scsi] isci: add core remote device support (David Milburn) [651837]\n- [scsi] isci: add core port support (David Milburn) [651837]\n- [scsi] isci: add core phy support (David Milburn) [651837]\n- [scsi] isci: add core controller support (David Milburn) [651837]\n- [scsi] isci: BZ 651837 Introduce pci_map_biosrom() (David Milburn) [651837]\n- [scsi] qla4xxx: update version to V5.02.04.00.05.07-d0 (Chad Dupuis) [660388]\n- [scsi] qla4xxx: set status_srb NULL if sense_len is 0 (Chad Dupuis) [660388]\n- [scsi] qla4xxx: Initialize host fw_ddb_index_map list (Chad Dupuis) [660388]\n- [scsi] qla4xxx: reuse qla4xxx_mailbox_premature_completion (Chad Dupuis) [660388]\n- [scsi] qla4xxx: check for all reset flags (Chad Dupuis) [660388]\n- [scsi] qla4xxx: added new function qla4xxx_relogin_all_devices (Chad Dupuis) [660388]\n- [scsi] qla4xxx: add support for ql4xkeepalive module parameter (Chad Dupuis) [660388]\n- [scsi] qla4xxx: Add support for ql4xmaxqdepth module parameter (Chad Dupuis) [660388]\n- [scsi] qla4xxx: skip core clock so firmware can increase clock (Chad Dupuis) [660388]\n- [scsi] qla4xxx: copy ipv4 opts and address state to host struct (Chad Dupuis) [660388]\n- [scsi] qla4xxx: check AF_FW_RECOVERY flag for 8022 adapter only (Chad Dupuis) [660388]\n- [scsi] qla4xxx: Change hard coded values to macros (Chad Dupuis) [660388]\n- [scsi] qla4xxx: Change hard coded value of Sense buffer (Chad Dupuis) [660388]\n- [scsi] qla4xxx: Remove stale references to ISP3031 and NetXen (Chad Dupuis) [660388]\n- [scsi] qla4xxx: Correct file header for iscsi (Chad Dupuis) [660388]\n- [scsi] qla4xxx: Add scsi_{,un}block_request while reading flash (Chad Dupuis) [660388]\n- [scsi] qla4xxx: Remove unused code from qla4xxx_send_tgts (Chad Dupuis) [660388]\n- [scsi] qla4xxx: Add proper locking around cmd->host_scribble (Chad Dupuis) [660388]\n- [scsi] qla4xxx: use return status DID_TRANSPORT_DISRUPTED (Chad Dupuis) [660388]\n- [scsi] qla4xxx: remove unused functions and struct parameters (Chad Dupuis) [660388]\n- [scsi] qla4xxx: change char string to static char (Chad Dupuis) [660388]\n- [scsi] qla4xxx: change spin_lock to spin_lock_irqsave (Chad Dupuis) [660388]\n- [scsi] qla4xxx: change hard coded value to a macro (Chad Dupuis) [660388]\n- [scsi] qla4xxx: move qla4xxx_free_ddb_list and scsi_remove_host (Chad Dupuis) [660388]\n- [scsi] qla4xxx: get status from initialize_adapter (Chad Dupuis) [660388]\n- [scsi] qla4xxx: remove extra pci_disable_device call (Chad Dupuis) [660388]\n- [scsi] qla4xxx: Remove unused argument from function prototype (Chad Dupuis) [660388]\n- [scsi] qla4xxx: call qla4xxx_mark_all_devices_missing (Chad Dupuis) [660388]\n- [scsi] qla4xxx: call scsi_scan_target only if AF_ONLINE set (Chad Dupuis) [660388]\n- [scsi] qla4xxx: call scsi_block_request before clearing AF_ONLINE (Chad Dupuis) [660388]\n- [scsi] qla4xxx: Add timer debug print (Chad Dupuis) [660388]\n- [scsi] qla4xxx: use iscsi class session state check ready (Chad Dupuis) [660388]\n- [scsi] qla4xxx: set device state missing only if non-dead state (Chad Dupuis) [660388]\n- [scsi] libiscsi: fix shutdown (Chad Dupuis) [660388]\n- [scsi] qla4xxx: Change function prototype to static (Chad Dupuis) [660388]\n- [scsi] qla4xxx: Fix panic while loading with corrupted 4032 card (Chad Dupuis) [660388]\n- [scsi] qla4xxx: no other port reinit during remove_adapter (Chad Dupuis) [660388]\n- [scsi] qla4xxx: unblock iscsi session before scsi_scan_target (Chad Dupuis) [660388]\n- [scsi] qla4xxx: Fix for dropping of AENs during init time (Chad Dupuis) [660388]\n- [scsi] qla4xxx: Free allocated memory only once (Chad Dupuis) [660388]\n- [scsi] qla4xxx: ignore existing interrupt during mailbox command (Chad Dupuis) [660388]\n- [scsi] qla4xxx: Check connection active before unblocking session (Chad Dupuis) [660388]\n- [scsi] qla4xxx: Poll for Disable Interrupt Mailbox Completion (Chad Dupuis) [660388]\n- [scsi] qla4xxx: fix request_irq to avoid spurious interrupts (Chad Dupuis) [660388]\n- [net] bridge: make bridge address settings sticky (Amerigo Wang) [705997]\n- [net] bridge: allow changing hardware addr to any valid address (Amerigo Wang) [705997]\n- [xen] hvm: build guest timers on monotonic system time (Paolo Bonzini) [705725]\n- [xen] hvm: explicitly use the TSC as the base for the hpet (Paolo Bonzini) [705725]\n- [xen] x86: allow Dom0 to drive PC speaker (Igor Mammedov) [501314]\n- [xen] vtd: Fix resource leaks on error paths in intremap code (Igor Mammedov) [704497]\n[2.6.18-262.el5]\n- [block] cciss: reading a write only register causes a hang (Tomas Henzl) [696153]\n[2.6.18-261.el5]\n- [message] mptfusion: inline data padding support for TAPE drives (Tomas Henzl) [698073]\n- [powerpc] fix VDSO gettimeofday called with NULL struct timeval (Steve Best) [700203]\n- [fs] gfs2: fix resource group bitmap corruption (Robert S Peterson) [690555]\n- [fs] gfs2: Add dlm callback owed glock flag (Robert S Peterson) [703213]\n- [net] cxgb4: fix some backport bugs (Neil Horman) [700947]\n- [scsi] fnic: fix stats memory leak (Mike Christie) [688459]\n- [block]: fix missing bio back/front segment size setting (Milan Broz) [700546]\n- [net] mlx4: Add CX3 PCI IDs (Jay Fenlason) [660671]\n- [pci] SRIOV: release VF BAR resources when device is hot unplug (Don Dutile) [698879]\n- [virtio] virtio_ring: Decrement avail idx on buffer detach (Amit Shah) [699426]\n- [virtio] virtio_pci: fix double-free of pci regions on unplug (Amit Shah) [701918]\n- Revert: [virtio] console: no device_destroy on port device (Amit Shah) [701918]\n- [xen] hvm: provide param to disable HPET in HVM guests (Paolo Bonzini) [702652]\n- [xen] vtd: Free unused interrupt remapping table entry (Don Dugger) [571410]\n[2.6.18-260.el5]\n- [scsi] mpt2sas: prevent heap overflows and unchecked access (Tomas Henzl) [694527] {CVE-2011-1494 CVE-2011-1495}\n- [block] cciss: fix export resettable host attribute fix (Tomas Henzl) [690511]\n- [fs] gfs2: Tag all metadata with jid of last node to change it (Steven Whitehouse) [701577]\n- [fs] nfsd: permit unauthenticated stat of export root (Steve Dickson) [491740]\n- [net] myri10ge: add dynamic LRO disabling (Stanislaw Gruszka) [688897]\n- [wireless] ath5k: disable ASPM L0s for all cards (Stanislaw Gruszka) [666866]\n- [net] igb: work-around for 82576 EEPROMs reporting invalid size (Stefan Assmann) [693934]\n- [pci] aerdrv: use correct bits and add delay to aer_root_reset (Stefan Assmann) [700386]\n- [fs] jbd: fix write_metadata_buffer and get_write_access race (Eric Sandeen) [494927 696843]\n- [x86_64] Disable Advanced RAS/MCE on newer Intel processors (Prarit Bhargava) [697508]\n- [x86_64] vdso: fix gettimeofday segfault when tv == NULL (Prarit Bhargava) [700782]\n- [x86_64] Ignore spurious IPIs left over from crash kernel (Myron Stowe) [692921]\n- [i386] Ignore spurious IPIs left over from crash kernel (Myron Stowe) [692921]\n- [scsi] iscsi_tcp: fix iscsis sk_user_data access (Mike Christie) [677703]\n- [edac] i7core_edac: return -ENODEV if no MC is found (Mauro Carvalho Chehab) [658418]\n- [char] vcs: hook sysfs devices to object lifetime (Mauro Carvalho Chehab) [622542]\n- [char] vt_ioctl: fix VT ioctl race (Mauro Carvalho Chehab) [622542]\n- [fs] avoid vmalloc space error opening many files on x86 (Larry Woodman) [681586]\n- [fs] nfs: Tighten up the attribute update code (Jeff Layton) [672981]\n- [net] bna: Avoid kernel panic in case of FW heartbeat failure (Ivan Vecera) [700488]\n- [net] benet: increment work_counter in be_worker (Ivan Vecera) [695197]\n- [net] benet: be_poll_tx_mcc_compat should always return zero (Ivan Vecera) [690755]\n- [net] benet: Fix be_get_stats_count return value (Ivan Vecera) [690755]\n- [net] tcp: Fix tcp_prequeue to get correct rto_min value (Herbert Xu) [696411]\n- [net] bonding: unshare skbs prior to calling pskb_may_pull (Andy Gospodarek) [607114]\n- [misc] x86: Sync CPU feature flag additions from Xen (Frank Arnold) [687994]\n- [misc] mark various drivers/features as tech preview (Don Zickus) [701722]\n- [hwmon] i5k_amb: Fix compile warning (Dean Nelson) [603345]\n- [hwmon] i5k_amb: Load automatically on all 5000/5400 chipsets (Dean Nelson) [603345]\n- [hwmon] i5k_amb: provide labels for temperature sensors (Dean Nelson) [603345]\n- [hwmod] i5k_amb: support Intel 5400 chipset (Dean Nelson) [603345]\n- [net] bridge/netfilter: fix ebtables information leak (Don Howard) [681326] {CVE-2011-1080}\n- [net] bluetooth: fix sco information leak to userspace (Don Howard) [681311] {CVE-2011-1078}\n- [fs] gfs2: make sure fallocate bytes is a multiple of blksize (Benjamin Marzinski) [699741]\n- [fs] fix corrupted GUID partition table kernel oops (Jerome Marchand) [695980] {CVE-2011-1577}\n- [xen] x86: Enable K8 NOPS for future AMD CPU Families (Frank Arnold) [687994]\n- [xen] x86: Blacklist new AMD CPUID bits for PV domains (Frank Arnold) [687994]\n- [xen] x86: Handle new AMD CPUID bits for HVM guests (Frank Arnold) [687994]\n- [xen] x86: Update AMD CPU feature flags (Frank Arnold) [687994]\n- [xen] x86/domain: fix error checks in arch_set_info_guest (Laszlo Ersek) [688582] {CVE-2011-1166}\n[2.6.18-259.el5]\n- [net] bridge: fix initial packet flood if !STP (Jiri Pirko) [695369]\n- [edac] amd64_edac: Fix potential memleak (Mauro Carvalho Chehab) [610235]\n- [edac] amd64_edac, amd64_mce: Revert printk changes (Mauro Carvalho Chehab) [610235]\n- [x86] amd: Fix init_amd build warnings (Frank Arnold) [610235]\n- [edac] amd64_edac: Enable PCI dev detection on F15h (Frank Arnold) [610235]\n- [edac] amd64_edac: Fix decode_syndrome types (Frank Arnold) [610235]\n- [edac] amd64_edac: Fix DCT argument type (Frank Arnold) [610235]\n- [edac] amd64_edac: Fix ranges signedness (Frank Arnold) [610235]\n- [edac] amd64_edac: Drop local variable (Frank Arnold) [610235]\n- [edac] amd64_edac: Fix PCI config addressing types (Frank Arnold) [610235]\n- [edac] amd64_edac: Fix DRAM base macros (Frank Arnold) [610235]\n- [edac] amd64_edac: Fix node id signedness (Frank Arnold) [610235]\n- [edac] amd64_edac: Enable driver on F15h (Frank Arnold) [610235]\n- [edac] amd64_edac: Adjust ECC symbol size to F15h (Frank Arnold) [610235]\n- [edac] amd64_edac: Improve DRAM address mapping (Frank Arnold) [610235]\n- [edac] amd64_edac: Sanitize ->read_dram_ctl_register (Frank Arnold) [610235]\n- [edac] amd64_edac: fix up chip select conversion routine to F15h (Frank Arnold) [610235]\n- [edac] amd64_edac: Beef up early exit reporting (Frank Arnold) [610235]\n- [edac] amd64_edac: Revamp online spare handling (Frank Arnold) [610235]\n- [edac] amd64_edac: Fix channel interleave removal (Frank Arnold) [610235]\n- [edac] amd64_edac: Correct node interleaving removal (Frank Arnold) [610235]\n- [edac] amd64_edac: Add support for interleaved region swapping (Frank Arnold) [610235]\n- [edac] amd64_edac: Unify get_error_address (Frank Arnold) [610235]\n- [edac] amd64_edac: Simplify decoding path (Frank Arnold) [610235]\n- [edac] amd64_edac: Adjust channel counting to F15h (Frank Arnold) [610235]\n- [edac] amd64_edac: Cleanup old defines cruft (Frank Arnold) [610235]\n- [edac] amd64_edac: Cleanup NBSH cruft (Frank Arnold) [610235]\n- [edac] amd64_edac: Cleanup NBCFG handling (Frank Arnold) [610235]\n- [edac] amd64_edac: Cleanup NBCTL code (Frank Arnold) [610235]\n- [edac] amd64_edac: Cleanup DCT Select Low/High code (Frank Arnold) [610235]\n- [edac] amd64_edac: Cleanup Dram Configuration registers handling (Frank Arnold) [610235]\n- [edac] amd64_edac: Cleanup DBAM handling (Frank Arnold) [610235]\n- [edac] amd64_edac: Replace huge bitmasks with a macro (Frank Arnold) [610235]\n- [edac] amd64_edac: Sanitize f10_get_base_addr_offset (Frank Arnold) [610235]\n- [edac] amd64_edac: Sanitize channel extraction (Frank Arnold) [610235]\n- [edac] amd64_edac: Cleanup chipselect handling (Frank Arnold) [610235]\n- [edac] amd64_edac: Cleanup DHAR handling (Frank Arnold) [610235]\n- [edac] amd64_edac: Remove DRAM base/limit subfields caching (Frank Arnold) [610235]\n- [edac] amd64_edac: Add support for F15h DCT PCI config accesses (Frank Arnold) [610235]\n- [edac] amd64_edac: Fix DIMMs per DCTs output (Frank Arnold) [610235]\n- [edac] amd64_edac: Remove two-stage initialization (Frank Arnold) [610235]\n- [edac] amd64_edac: Check ECC capabilities initially (Frank Arnold) [610235]\n- [edac] amd64_edac: Carve out ECC-related hw settings (Frank Arnold) [610235]\n- [edac] amd64_edac: Allocate driver instances dynamically (Frank Arnold) [610235]\n- [edac] amd64_edac: Rework printk macros (Frank Arnold) [610235]\n- [edac] amd64_edac: Rename CPU PCI devices (Frank Arnold) [610235]\n- [edac] amd64_edac: Concentrate per-family init even more (Frank Arnold) [610235]\n- [edac] amd64_edac: Cleanup the CPU PCI device reservation (Frank Arnold) [610235]\n- [edac] amd64_edac: Add per-family init function (Frank Arnold) [610235]\n- [edac] amd64_edac: Remove F11h support (Frank Arnold) [610235]\n- [edac] amd64_edac: Fix interleaving check (Frank Arnold) [610235]\n- [edac] amd64_edac: Fix DCT base address selector (Frank Arnold) [610235]\n- [edac] amd64_edac: Sanitize syndrome extraction (Frank Arnold) [610235]\n- [edac] amd64_edac: fix forcing module load/unload (Frank Arnold) [610235]\n- [edac] amd64_edac: add memory types strings for debugging (Frank Arnold) [610235]\n- [edac] amd64_edac: remove unneeded extract_error_address wrapper (Frank Arnold) [610235]\n- [edac] amd64_edac: rename StinkyIdentifier (Frank Arnold) [610235]\n- [edac] amd64_edac: remove superfluous dbg printk (Frank Arnold) [610235]\n- [edac] amd64_edac: cleanup f10_early_channel_count (Frank Arnold) [610235]\n- [edac] amd64_edac: dump DIMM sizes on K8 too (Frank Arnold) [610235]\n- [edac] amd64_edac: cleanup rest of amd64_dump_misc_regs (Frank Arnold) [610235]\n- [edac] amd64_edac: cleanup DRAM cfg low debug output (Frank Arnold) [610235]\n- [edac] amd64_edac: wrap-up pci config read error handling (Frank Arnold) [610235]\n- [edac] amd64_edac: make DRAM regions output more human-readable (Frank Arnold) [610235]\n- [edac] amd64_edac: clarify DRAM CTL debug reporting (Frank Arnold) [610235]\n- [edac] mce_amd: Fix NB error formatting (Frank Arnold) [659693]\n- [edac] mce_amd: Use BIT_64() to eliminate warnings on 32-bit (Frank Arnold) [659693]\n- [edac] mce_amd: Enable MCE decoding on F15h (Frank Arnold) [659693]\n- [edac] mce_amd: Shorten error report formatting (Frank Arnold) [659693]\n- [edac] mce_amd: Overhaul error fields extraction macros (Frank Arnold) [659693]\n- [edac] mce_amd: Add F15h FP MCE decoder (Frank Arnold) [659693]\n- [edac] mce_amd: Add F15 EX MCE decoder (Frank Arnold) [659693]\n- [edac] mce_amd: Add an F15h NB MCE decoder (Frank Arnold) [659693]\n- [edac] mce_amd: No F15h LS MCE decoder (Frank Arnold) [659693]\n- [edac] mce_amd: Add F15h CU MCE decoder (Frank Arnold) [659693]\n- [edac] mce_amd: Add F15h IC MCE decoder (Frank Arnold) [659693]\n- [edac] mce_amd: Add F15h DC MCE decoder (Frank Arnold) [659693]\n- [edac] mce_amd: Select extended error code mask (Frank Arnold) [659693]\n- [edac] mce_amd: Fix shift warning on 32-bit (Frank Arnold) [659693]\n- [edac] mce_amd: Add a BIT_64() macro (Frank Arnold) [659693]\n- [edac] mce_amd: Enable MCE decoding on F12h (Frank Arnold) [659693]\n- [edac] mce_amd: Add F12h NB MCE decoder (Frank Arnold) [659693]\n- [edac] mce_amd: Add F12h IC MCE decoder (Frank Arnold) [659693]\n- [edac] mce_amd: Add F12h DC MCE decoder (Frank Arnold) [659693]\n- [edac] mce_amd: Add support for F11h MCEs (Frank Arnold) [659693]\n- [edac] mce_amd: Enable MCE decoding on F14h (Frank Arnold) [659693]\n- [edac] mce_amd: Fix FR MCEs decoding (Frank Arnold) [659693]\n- [edac] mce_amd: Complete NB MCE decoders (Frank Arnold) [659693]\n- [edac] mce_amd: Warn about LS MCEs on F14h (Frank Arnold) [659693]\n- [edac] mce_amd: Adjust IC decoders to F14h (Frank Arnold) [659693]\n- [edac] mce_amd: Adjust DC decoders to F14h (Frank Arnold) [659693]\n- [edac] mce_amd: Rename files (Frank Arnold) [659693]\n- [edac] mce_amd: Pass complete MCE info to decoders (Frank Arnold) [659693]\n- [edac] mce_amd: Sanitize error codes (Frank Arnold) [659693]\n- [edac] mce_amd: Remove unused function parameter (Frank Arnold) [659693]\n- [edac] mce_amd: Do not report error overflow as a separate error (Frank Arnold) [659693]\n- [edac] mce_amd: Limit MCE decoding to current families for now (Frank Arnold) [659693]\n- [edac] mce_amd: Fix wrong mask and macro usage (Frank Arnold) [659693]\n- [edac] mce_amd: Filter out invalid values (Frank Arnold) [659693]\n- [edac] mce_amd: silence GART TLB errors (Frank Arnold) [659693]\n- [edac] mce_amd: correct corenum reporting (Frank Arnold) [659693]\n- [edac] mce_amd: update AMD F10h revD check (Frank Arnold) [659693]\n- [edac] mce_amd: Use an atomic notifier for MCEs decoding (Frank Arnold) [659693]\n- [edac] mce_amd: carve out AMD MCE decoding logic (Frank Arnold) [659693]\n- [edac] mce_amd: Fix MCE decoding callback logic (Frank Arnold) [659693]\n[2.6.18-258.el5]\n- [block] cciss: fix lost command problem (Tomas Henzl) [696153]\n- [block] cciss: export resettable host attribute (Tomas Henzl) [690511]\n- [powerpc] mm/numa: Disable VPNH feature on pseries (Steve Best) [696328]\n- [wireless] iwlagn: re-enable MSI on resume (Prarit Bhargava) [694672]\n- [fs] cifs: clean up various nits in unicode routines (Jeff Layton) [659715]\n- [fs] cifs: fix unaligned accesses in cifsConvertToUCS (Jeff Layton) [659715]\n- [fs] cifs: clean up unaligned accesses in cifs_unicode.c (Jeff Layton) [659715]\n- [fs] cifs: fix unaligned access in check2ndT2 and coalesce_t2 (Jeff Layton) [659715]\n- [fs] cifs: clean up unaligned accesses in validate_t2 (Jeff Layton) [659715]\n- [fs] cifs: use get/put_unaligned functions to access ByteCount (Jeff Layton) [659715]\n- [net] bridge: fix build warning in br_device (Jarod Wilson) [556811]\n- [scsi] arcmsr: fix broken CONFIG_XEN conditional (Jarod Wilson) [635992]\n- [net] cxgb4: clean up dma_mapping_error usage (Jarod Wilson) [567446]\n- [fs] dcache: Close a race-opportunity in d_splice_alias (David Howells) [646359]\n- [md] dm-crypt: support more encryption modes (Milan Broz) [660368]\n- [crypto] add XTS blockcipher mode support (Danny Feng) [553411]\n- [s390] dasd: fix race between open and offline (Hendrik Brueckner) [695357]\n- [net] netxen: limit skb frags for non tso packet (Chad Dupuis) [672368]\n- [net] qlcnic: limit skb frags for non tso packet (Bob Picco) [695490]\n[2.6.18-257.el5]\n- [char] ipmi: dont poll non-existant IPMI Event Message Buffer (Tony Camuso) [578913]\n- [char] ipmi: fix platform return check (Tony Camuso) [578913]\n- [fs] gfs: Never try to deallocate an inode on a read-only mount (Steven Whitehouse) [689943]\n- [infiniband] cxgb4: Initial import of driver to RHEL5 (Steve Best) [567449]\n- [net] cxgb4: Initial import of driver to RHEL5 (Neil Horman) [567446]\n- [net] bond: fix link up after restart (Neil Horman) [659558]\n- [infiniband] cxgb3: Dont free skbs on NET_XMIT_* from LLD (Neil Horman) [516956]\n- [infiniband] cxgb3: Wait 1+ schedule cycle during device removal (Neil Horman) [516956]\n- [infiniband] cxgb3: Mark device with CXIO_ERROR_FATAL on remove (Neil Horman) [516956]\n- [infiniband] cxgb3: Dont allocate the SW queue for user mode CQs (Neil Horman) [516956]\n- [infiniband] cxgb3: Increase the max CQ depth (Neil Horman) [516956]\n- [infiniband] cxgb3: Doorbell overflow avoidance and recovery (Neil Horman) [516956]\n- [infiniband] cxgb3: Remove BUG_ON() on CQ rearm failure (Neil Horman) [516956]\n- [infiniband] cxgb3: Fix error paths in post_send and post_recv (Neil Horman) [516956]\n- [infiniband] cxgb3: Handle NULL inetdev ptr in iwch_query_port (Neil Horman) [516956]\n- [infiniband] cxgb3: Clean up properly on FW mismatch failures (Neil Horman) [516956]\n- [infiniband] cxgb3: Dont ignore insert_handle() failures (Neil Horman) [516956]\n- [infiniband] cxgb3: Wake up any waiters on peer close/abort (Neil Horman) [516956]\n- [infiniband] cxgb3: Dont free endpoints early (Neil Horman) [516956]\n- [net] cxgb3: Handle port events properly (Mike Christie) [516956]\n- [fs] cifs: prevent infinite recursion in cifs_reconnect_tcon (Jeff Layton) [667454]\n- [fs] cifs: consolidate reconnect logic in smb_init routines (Jeff Layton) [667454]\n- [fs] dcache: allow __d_obtain_alias to return unhashed dentries (J. Bruce Fields) [613736]\n[2.6.18-256.el5]\n- [scsi] mpt2sas: fix _scsih_is_raid test in _scsih_qcmd (Tomas Henzl) [683806]\n- [scsi] megaraid_sas: add a reset_devices condition (Tomas Henzl) [692099]\n- [net] add socket API recvmmsg, receive multiple messages (Thomas Graf) [582653]\n- [scsi] device_handler: fix ref counting in error path (Mike Snitzer) [645343]\n- [scsi] device_handler: propagate SCSI device deletion (Mike Snitzer) [645343]\n- [net] 8021q: fix VLAN RX stats counting (Stefan Assmann) [579858]\n- [x86_64] vdso: Fix typo in vclock_gettime code (Prarit Bhargava) [691735]\n- [firmware] dmi_scan: Display system information in dmesg (Prarit Bhargava) [692860]\n- [fs] debugfs: Implement debugfs_remove_recursive (Neil Horman) [692946]\n- [redhat] configs: enable building CXGB4_ISCSI (Mike Christie) [567452]\n- [scsi] cxgbi: get rid of gl_skb in cxgbi_ddp_info (Mike Christie) [567452]\n- [scsi] cxgbi: set ulpmode only if digest is on (Mike Christie) [567452]\n- [scsi] cxgb4i: ignore informational act-open-rpl message (Mike Christie) [567452]\n- [scsi] cxgb4i: connection and ddp setting update (Mike Christie) [567452]\n- [scsi] cxgb3i: fixed connection over vlan (Mike Christie) [567452]\n- [scsi] libcxgbi: pdu read fixes (Mike Christie) [567452]\n- [scsi] cxgbi: rename alloc_cpl to alloc_wr (Mike Christie) [567452]\n- [scsi] cxgb3i: change cxgb3i to use libcxgbi (Mike Christie) [567452]\n- [scsi] cxgbi: add cxgb4i iscsi driver (Mike Christie) [567452]\n- [net] bonding: re-read speed and duplex when interface goes up (Andy Gospodarek) [677902]\n- [net] ipv4/tcp_timer: honor sysctl tcp_syn_retries (Flavio Leitner) [688989]\n- [usb] fix usbfs isochronous data transfer regression (Don Zickus) [688926]\n- [fs] partitions: Fix corrupted OSF partition table parsing (Danny Feng) [688023]\n- [misc] add param to change default coredump_filter setup (Dave Anderson) [488840]\n- Revert: [md] dm-crypt: support more encryption modes (Jarod Wilson) [660368]\n- [xen] allow delivery of timer interrupts to VCPU != 0 (Paolo Bonzini) [418501]\n- [xen] x86/hvm: Enable delivering 8259 interrupts to VCPUs != 0 (Paolo Bonzini) [418501]\n- [xen] get rid of the vcpu state in HPET (Paolo Bonzini) [418501]\n- [xen] add accessors for arch/x86/hvm/hpet.c (Paolo Bonzini) [418501]\n[2.6.18-255.el5]\n- [net] htb: Make HTB scheduler work with TSO (Thomas Graf) [481546]\n- [fs] cifs: map NT_STATUS_ERROR_WRITE_PROTECTED to -EROFS (Jeff Layton) [516102]\n- [pci] Ensure devices are resumed on system resume (Matthew Garrett) [644440]\n- [fs] ext2, ext3: copy i_flags to inode flags on write (Eric Sandeen) [431738]\n- [fs] gfs2: fix filesystem hang caused by incorrect lock order (Robert S Peterson) [656032]\n- [fs] gfs2: restructure reclaiming of unlinked dinodes (Robert S Peterson) [656032]\n- [fs] gfs2: unlock on gfs2_trans_begin error (Robert S Peterson) [656032]\n- [pci] Add HP BL620c G7 to pci=bfsort whitelist (Prarit Bhargava) [680946]\n- [pci] msi: simplify the msi irq limit policy (Prarit Bhargava) [652799]\n- [scsi] scsi_dh: allow scsi_dh_detach to detach when attached (Mike Christie) [666304]\n- [net] bonding: fix test for presence of VLANs (Jiri Pirko) [654878]\n- [net] 8021q: VLAN 0 should be treated as no vlan tag (Jiri Pirko) [654878]\n- [kernel] module: add sysctl to block module loading (Jerome Marchand) [645221]\n- [fs] nfs: Make close(2) async when closing O_DIRECT files (Jeff Layton) [626977]\n- [fs] nfs: Optimise NFS close() (Jeff Layton) [626977]\n- [fs] nfs: Fix nfsv4 atomic open for execute... (Jeff Layton) [626977]\n- [misc] pm: add comment explaining is_registered kabi work-around (Don Zickus) [637930]\n- [misc] sunrpc: only call get_seconds once in sunrpc_invalidate (David Howells) [589512]\n[2.6.18-254.el5]\n- [scsi] mpt2sas: Added customer specific display support (Tomas Henzl) [684842]\n- [scsi] mpt2sas: Add support for WarpDrive SSS-6200 (Tomas Henzl) [683806]\n- [scsi] megaraid: update driver to v5.34 (Tomas Henzl) [660728]\n- [scsi] arcmsr: driver update for RHEL5.7 (Tomas Henzl) [635992]\n- [scsi] scsi_dh_alua: add scalable ONTAP lun to dev list (Mike Snitzer) [667660]\n- [pci] Enable pci=bfsort by default on future Dell systems (Shyam Iyer) [689047]\n- [net] enic: update driver to 2.1.1.9 (Stefan Assmann) [661306]\n- [scsi] bfa: rebase for RHEL5.7 to current scsi-misc version (Rob Evers) [660545]\n- [pci] Enable PCI bus rescan for PPC64 only (Prarit Bhargava) [683461]\n- [net] enable VLAN SG on additional drivers (Paolo Bonzini) [668934]\n- [net] add ethtool -k sg off support for vlans (Paolo Bonzini) [668934]\n- [net] explicitly enable VLAN SG when already in use (Paolo Bonzini) [668934]\n- [net] enable SG on vlan devices if supported on the NIC (Paolo Bonzini) [668934]\n- [net] fix NETIF_F_GSO_MASK to exclude VLAN features (Paolo Bonzini) [668934]\n- [ata] ata_piix: honor ide=disable (Paolo Bonzini) [460821]\n- [scsi] be2iscsi: update driver version string (Mike Christie) [691899]\n- [scsi] be2iscsi: fix null ptr when accessing task hdr (Mike Christie) [660392]\n- [scsi] be2iscsi: fix gfp use in alloc_pdu (Mike Christie) [660392]\n- [scsi] be2iscsi: allow more time for FW to respond (Mike Christie) [660392]\n- [net] ixgbe: restore erratum 45 fix and whitespace (Andy Gospodarek) [568312 568557 570366 571254 651467 653236 653359 653469 655022]\n- [usb] ehci: AMD periodic frame list table quirk (Don Zickus) [651333]\n- [scsi] qla2xxx: Upgrade 24xx and 25xx firmware to 5.03.16 (Chad Dupuis) [682305]\n- [fs] nfsd: fix auth_domain reference leak on nlm operations (J. Bruce Fields) [589512]\n- [net] sunrpc: ensure cache_check caller sees updated entry (J. Bruce Fields) [589512]\n- [net] sunrpc: take lock on turning entry NEGATIVE in cache_check (J. Bruce Fields) [589512]\n- [net] sunrpc: move cache validity check into helper function (J. Bruce Fields) [589512]\n- [net] sunrpc: modifying valid sunrpc cache entries is racy (J. Bruce Fields) [589512]\n- [fs] nfs: extract some common sunrpc_cache code from nfsd (J. Bruce Fields) [589512]\n- [pci] return correct value when writing to reset attribute (Alex Williamson) [689860]\n- [pci] expose function reset capability in sysfs (Alex Williamson) [689860]\n[2.6.18-253.el5]\n- [media] sn9c102: fix world-wirtable sysfs files (Don Howard) [679305]\n- [scsi] scsi_dh_rdac: Add two new IBM devices to rdac_dev_list (Rob Evers) [691460]\n- [misc] support for marking code as tech preview (Don Zickus) [645431]\n- [misc] taint: Add taint padding (Don Zickus) [645431]\n- [scsi] lpfc: Update version for 8.2.0.96 driver release (Rob Evers) [660396]\n- [scsi] lpfc: Update version for 8.2.0.95 driver release (Rob Evers) [660396]\n- [scsi] lpfc: Fix rrq cleanup for vport delete (Rob Evers) [660396]\n- [scsi] lpfc: dont ignore lpfc_suppress_link_up on SLI-4 (Rob Evers) [660396]\n- [scsi] lpfc: LOGO completion must invalidate both RPI and D_ID (Rob Evers) [660396]\n- [scsi] lpfc: adds a comment (Rob Evers) [660396]\n- [scsi] lpfc: Do not take lock when clearing rrq active (Rob Evers) [660396]\n- [scsi] lpfc: Fix non-empty nodelist after sli3 driver remove (Rob Evers) [660396]\n- [scsi] lpfc: Save IRQ level when taking host_lock in findnode_did (Rob Evers) [660396]\n- [scsi] lpfc: Fixed hang in lpfc_get_scsi_buf_s4 (Rob Evers) [660396]\n- [scsi] lpfc: Fix xri lookup for received rrq (Rob Evers) [660396]\n- [scsi] lpfc: Fix setting of RRQ active for target aborted IOs (Rob Evers) [660396]\n- [scsi] lpfc: Modified lpfc_delay_discovery implementation (Rob Evers) [660396]\n- [scsi] lpfc: Fix bug with fc_vport symbolic_name not being generated (Rob Evers) [660396]\n- [scsi] lpfc: Update lpfc for 8.2.0.94 driver release (Rob Evers) [660396]\n- [scsi] lpfc: Fixed fdisc sent with invalid VPI (Rob Evers) [660396]\n- [scsi] lpfc: warn if the link_speed is not supported by this adapter (Rob Evers) [660396]\n- [scsi] lpfc: Fixed UE error on UCNA BE2 hba during reboot (Rob Evers) [660396]\n- [scsi] lpfc: Update version for 8.2.0.93 driver release (Rob Evers) [660396]\n- [scsi] lpfc: Added support for clean address bit (Rob Evers) [660396]\n- [scsi] lpfc: Fixed XRI reuse issue (Rob Evers) [660396]\n- [scsi] lpfc: Update version for 8.2.0.92 driver release (Rob Evers) [660396]\n- [scsi] lpfc: Unreg login when PLOGI received from logged in port (Rob Evers) [660396]\n- [scsi] lpfc: Fixed crashes for NULL vport dereference (Rob Evers) [660396]\n- [scsi] lpfc: Update version for 8.2.0.91 driver release (Rob Evers) [660396]\n- [scsi] lpfc: Fix for kmalloc failures in lpfc_workq_post_event (Rob Evers) [660396]\n- [scsi] lpfc: Adjust lengths for sli4_config mailbox commands (Rob Evers) [660396]\n- [scsi] lpfc: set parity and serr bits on after performing sli4 reset (Rob Evers) [660396]\n- [scsi] lpfc: VPI for ALL ELS commands and alloc RPIs at node creation (Rob Evers) [660396]\n- [scsi] lpfc: Correct bit-definitions in SLI4 data structures (Rob Evers) [660396]\n- [scsi] lpfc: Update version for 8.2.0.90 driver release (Rob Evers) [660396]\n- [scsi] lpfc: new SLI4 initialization procedures based on if_type (Rob Evers) [660396]\n- [scsi] lpfc: Implement FC and SLI async event handlers (Rob Evers) [660396]\n- [scsi] lpfc: Fix management command context setting (Rob Evers) [660396]\n- [scsi] lpfc: Fix panic in __lpfc_sli_get_sglq (Rob Evers) [660396]\n- [scsi] lpfc: Update version for 8.2.0.89 driver release (Rob Evers) [660396]\n- [scsi] lpfc: Fix compiler warning (Rob Evers) [660396]\n- [scsi] lpfc: Added support for ELS RRQ command (Rob Evers) [660396]\n- [scsi] lpfc: Init VFI and VPI for physical port (Rob Evers) [660396]\n- [scsi] lpfc: Update version for 8.2.0.88 driver release (Rob Evers) [660396]\n- [scsi] lpfc: add READ_TOPOLOGY mailbox command and new speed definition (Rob Evers) [660396]\n- [scsi] lpfc: Modified return status of unsupport ELS commands (Rob Evers) [660396]\n- [scsi] lpfc: Implement doorbell register changes for new hardware (Rob Evers) [660396]\n- [scsi] lpfc: Implement new SLI 4 SLI_INTF register definitions (Rob Evers) [660396]\n- [scsi] lpfc: Add PCI ID definitions for new hardware support (Rob Evers) [660396]\n- [scsi] lpfc: Add new SLI4 WQE support (Rob Evers) [660396]\n- [net] myri10ge: update to 1.5.2 (Stanislaw Gruszka) [481629]\n- [pci] make pcie_get_readrq visible in pci.h (Stanislaw Gruszka) [481629]\n- [net] igb: AER fix recover from PCIe Uncorrectable Error (Stefan Assmann) [568211]\n- [net] igb: driver update for RHEL5.7 (Stefan Assmann) [653238]\n- [fs] quota: do not allow setting quota limits too high (Eric Sandeen) [594609]\n- [fs] block: fix submit_bh discarding barrier flag on sync write (Lukas Czerner) [667673]\n- [net] netfilter/ipt_CLUSTERIP: fix buffer overflow (Jiri Pirko) [689340]\n- [net] netfilter: ip6_tables: fix infoleak to userspace (Jiri Pirko) [689349] {CVE-2011-1172}\n- [net] netfilter/ip_tables: fix infoleak to userspace (Jiri Pirko) [689332] {CVE-2011-1171}\n- [net] netfilter/arp_tables: fix infoleak to userspace (Jiri Pirko) [689323] {CVE-2011-1170}\n- [sound] alsa: hda driver update for RHEL5.7 (Jaroslav Kysela) [688539]\n- [sound] alsa: add snd-aloop driver (Jaroslav Kysela) [647094]\n- [mmc] sdhci: Add support for O2Micro Card Reader (John Feeney) [659318]\n- [base] Fix potential deadlock in driver core (Don Zickus) [637930]\n- Revert: [crypto] add XTS blockcipher mode support (Jarod Wilson) [553411]\n[2.6.18-252.el5]\n- [scsi] add new Dell Powervault controllers to RDAC device list (Shyam Iyer) [688981]\n- [ata] ahci: AHCI mode for Intel Patsburg SATA RAID controller (David Milburn) [684361]\n- [md] dm-crypt: support more encryption modes (Milan Broz) [660368]\n- [crypto] add XTS blockcipher mode support (Danny Feng) [553411]\n- [virt] hypervisor: Overflow fix for clocks > 4GHz (Zachary Amsden) [673242]\n- [net] tg3: Restrict phy ioctl access (John Feeney) [660397]\n- [net] tg3: Update version to 3.116 (John Feeney) [660397]\n- [net] tg3: Minor EEE code tweaks (John Feeney) [660397]\n- [net] tg3: Relax EEE thresholds (John Feeney) [660397]\n- [net] tg3: Fix 57765 EEE support (John Feeney) [660397]\n- [net] tg3: Move EEE definitions into mdio.h (John Feeney) [660397]\n- [net] tg3: Enable phy APD for 5717 and later asic revs (John Feeney) [660397]\n- [net] tg3: use dma_alloc_coherent() instead of pci_alloc_consistent() (John Feeney) [660397]\n- [net] tg3: Reenable TSS for 5719 (John Feeney) [660397]\n- [net] tg3: Enable mult rd DMA engine on 5719 (John Feeney) [660397]\n- [net] tg3: Always turn on APE features in mac_mode reg (John Feeney) [660397]\n- [net] tg3: Dont check for vlan group before vlan_tx_tag_present (John Feeney) [660397]\n- [net] tg3: Update version to 3.115 (John Feeney) [660397]\n- [net] tg3: Report invalid link from tg3_get_settings() (John Feeney) [660397]\n- [net] tg3: Dont allocate jumbo ring for 5780 class devs (John Feeney) [660397]\n- [net] tg3: Cleanup tg3_alloc_rx_skb() (John Feeney) [660397]\n- [net] tg3: Add EEE support (John Feeney) [660397]\n- [net] tg3: Add clause 45 register accessor methods (John Feeney) [660397]\n- [net] tg3: Disable unused transmit rings (John Feeney) [660397]\n- [net] tg3: Add support for selfboot format 1 v6 (John Feeney) [660397]\n- [net] tg3: Update version to 3.114 (John Feeney) [660397]\n- [net] tg3: Add extend rx ring sizes for 5717 and 5719 (John Feeney) [660397]\n- [net] tg3: Prepare for larger rx ring sizes (John Feeney) [660397]\n- [net] tg3: Futureproof the loopback test (John Feeney) [660397]\n- [net] tg3: Cleanup missing VPD partno section (John Feeney) [660397]\n- [net] tg3: Remove 5724 device ID (John Feeney) [660397]\n- [net] tg3: return operator cleanup (John Feeney) [660397]\n- [net] tg3: phy tmp variable roundup (John Feeney) [660397]\n- [net] tg3: Dynamically allocate VPD data memory (John Feeney) [660397]\n- [net] tg3: Use skb_is_gso_v6() (John Feeney) [660397]\n- [net] tg3: Move producer ring struct to tg3_napi (John Feeney) [660397]\n- [net] tg3: Clarify semantics of TG3_IRQ_MAX_VECS (John Feeney) [660397]\n- [net] tg3: Disable TSS (John Feeney) [660397]\n- [net] tg3: Update version to 3.113 (John Feeney) [660397]\n- [net] tg3: Migrate tg3_flags to phy_flags (John Feeney) [660397]\n- [net] tg3: Create phy_flags and migrate phy_is_low_power (John Feeney) [660397]\n- [net] tg3: Add phy-related preprocessor constants (John Feeney) [660397]\n- [net] tg3: Add error reporting to tg3_phydsp_write() (John Feeney) [660397]\n- [net] tg3: Improve small packet performance (John Feeney) [660397]\n- [net] tg3: Remove 5720, 5750, and 5750M (John Feeney) [660397]\n- [net] tg3: Restrict ASPM workaround devlist (John Feeney) [660397]\n- [net] tg3: Manage gphy power for CPMU-less devs only (John Feeney) [660397]\n- [net] tg3: Disable TSS also during tg3_close() (John Feeney) [660397]\n- [net] tg3: Add 5784 ASIC rev to earlier PCIe MPS fix (John Feeney) [660397]\n- [net] tg3: Update version to 3.112 (John Feeney) [660397]\n- [net] tg3: Fix some checkpatch errors (John Feeney) [660397]\n- [net] tg3: Revert PCIe tx glitch fix (John Feeney) [660397]\n- [net] tg3: Report driver version to firmware (John Feeney) [660397]\n- [net] tg3: Relax 5717 serdes restriction (John Feeney) [660397]\n- [net] tg3: Fix single MSI-X vector coalescing (John Feeney) [660397]\n- [net] tg3: Update version to 3.111 (John Feeney) [660397]\n- [net] tg3: Allow 5717 serdes link via parallel detect (John Feeney) [660397]\n- [net] tg3: Allow single MSI-X vector allocations (John Feeney) [660397]\n- [net] tg3: Update version to 3.110 (John Feeney) [660397]\n- [net] tg3: Remove function errors flagged by checkpatch (John Feeney) [660397]\n- [net] tg3: Unify max pkt size preprocessor constants (John Feeney) [660397]\n- [net] tg3: Re-inline VLAN tags when appropriate (John Feeney) [660397]\n- [net] tg3: Optimize rx double copy test (John Feeney) [660397]\n- [net] tg3: Update version to 3.109 (John Feeney) [660397]\n- [net] tg3: Remove tg3_dump_state() (John Feeney) [660397]\n- [net] tg3: Cleanup if codestyle (John Feeney) [660397]\n- [net] tg3: The case of switches (John Feeney) [660397]\n- [net] tg3: Whitespace, constant, and comment updates (John Feeney) [660397]\n- [net] tg3: Use VPD fw version when present (John Feeney) [660397]\n- [net] tg3: Prepare FW version code for VPD versioning (John Feeney) [660397]\n- [net] tg3: Fix message 80 char violations (John Feeney) [660397]\n- [net] tg3: netdev_err() => dev_err() (John Feeney) [660397]\n- [net] tg3: Replace pr_err with sensible alternatives (John Feeney) [660397]\n- [net] tg3: change field used with TG3_FLAG_10_100_ONLY constant (John Feeney) [660397]\n- [net] tg3: Remove now useless VPD code (John Feeney) [660397]\n- [net] tg3: use helper to search for VPD keywords (John Feeney) [660397]\n- [net] tg3: use VPD information field helper functions (John Feeney) [660397]\n- [net] tg3: use helper to find VPD resource data type (John Feeney) [660397]\n- [net] tg3: Add large and small resource data type code (John Feeney) [660397]\n- [net] tg3: Add PCI LRDT tag size and section size (John Feeney) [660397]\n- [net] tg3: convert to use netdev_for_each_mc_addr, part6 (John Feeney) [660397]\nmacro helpers (John Feeney) [660397]\n- [net] bna: Include embedded firmware for RHEL5 (Ivan Vecera) [475690]\n- [net] bna: use device model DMA API (Ivan Vecera) [475690]\n- [net] bna: Remove unnecessary memset 0 (Ivan Vecera) [475690]\n- [net] bna: Update the driver version to 2.3.2.3 (Ivan Vecera) [475690]\n- [net] bna: IOC failure auto recovery fix (Ivan Vecera) [475690]\n- [net] bna: Restore VLAN filter table (Ivan Vecera) [475690]\n- [net] bna: Removed unused code (Ivan Vecera) [475690]\n- [net] bna: IOC uninit check and misc cleanup (Ivan Vecera) [475690]\n- [net] bna: Fix for TX queue (Ivan Vecera) [475690]\n- [net] bna: Enable pure priority tagged packet reception and rxf uninit cleanup fix (Ivan Vecera) [475690]\n- [net] bna: Fix ethtool register dump and reordered an API (Ivan Vecera) [475690]\n- [net] bna: Port enable disable sync and txq priority fix (Ivan Vecera) [475690]\n- [net] bna: TxRx and datapath fix (Ivan Vecera) [475690]\n- [net] bna: scope and dead code cleanup (Ivan Vecera) [475690]\n- [net] bna: fix interrupt handling (Ivan Vecera) [475690]\n- [net] bna: off by one (Ivan Vecera) [475690]\n- [net] bna: Check for NULL before deref in bnad_cb_tx_cleanup (Ivan Vecera) [475690]\n- [net] bna: fix lock imbalance (Ivan Vecera) [475690]\n- [net] bna: fix stats handling (Ivan Vecera) [475690]\n- [net] bna: Fixed build break for allyesconfig (Ivan Vecera) [475690]\n- [net] bna: Brocade 10Gb Ethernet device driver (Ivan Vecera) [475690]\n- [s390] tape: deadlock on global work queue (Hendrik Brueckner) [681329]\n- [s390] qeth: remove needless IPA-commands in offline (Hendrik Brueckner) [679120]\n- [s390] qeth: allow channel path changes in recovery (Hendrik Brueckner) [678073]\n- [s390] qeth: wrong MAC-address displayed in error message (Hendrik Brueckner) [675747]\n- [s390] dasd: Improve handling of stolen DASD reservation (Hendrik Brueckner) [651141]\n- [s390] dasd: provide a Sense Path Group ID ioctl (Hendrik Brueckner) [651135]\n- [s390] qeth: tolerate OLM-limitation (Hendrik Brueckner) [651161]\n- [s390] sclp_vt220: console message may cause deadlock (Hendrik Brueckner) [675751]\n- [s390] uaccess: missing sacf in uaccess error handling (Hendrik Brueckner) [670234]\n- [x86_64] nmi_watchdog: modify default to perf counter 1 (Don Zickus) [633196 659816]\n- [net] qlcnic: Remove validation for max tx and max rx queues (Chad Dupuis) [660390]\n- [net] qlcnic: fix checks for auto_fw_reset (Chad Dupuis) [660390]\n- [net] qlcnic: change module parameter permissions (Chad Dupuis) [660390]\n- [net] qlcnic: fix ethtool diagnostics test (Chad Dupuis) [660390]\n- [net] qlcnic: fix flash fw version read (Chad Dupuis) [660390]\n- [net] qlcnic: Use static const (Chad Dupuis) [660390]\n- [net] qlcnic: reset pci function unconditionally during probe (Chad Dupuis) [660390]\n- [net] qlcnic: fix ocm window register offset calculation (Chad Dupuis) [660390]\n- [net] qlcnic: fix LED test when interface is down. (Chad Dupuis) [660390]\n- [net] qlcnic: Updated driver version to 5.0.13 (Chad Dupuis) [660390]\n- [net] qlcnic: LICENSE file for qlcnic (Chad Dupuis) [660390]\n- [net] qlcnic: validate eswitch config values for PF (Chad Dupuis) [660390]\n- [net] qlcnic: Disable loopback support (Chad Dupuis) [660390]\n- [net] qlcnic: Bumped up driver version to 5.0.12 (Chad Dupuis) [660390]\n- [net] qlcnic: lro module parameter (Chad Dupuis) [660390]\n- [net] qlcnic: Fix driver hang while using qcc application (Chad Dupuis) [660390]\n- [net] qlcnic: lro off message log from set rx checsum (Chad Dupuis) [660390]\n- [net] qlcnic: Add description for CN1000Q adapter (Chad Dupuis) [660390]\n- [net] qlcnic: Allow minimum bandwidth of zero (Chad Dupuis) [660390]\n- [net] qlcnic: fix panic on load (Chad Dupuis) [660390]\n- [net] qlcnic: define valid vlan id range (Chad Dupuis) [660390]\n- [net] qlcnic: reduce rx ring size (Chad Dupuis) [660390]\n- [net] qlcnic: fix mac learning (Chad Dupuis) [660390]\n- [net] qlcnic: update ethtool stats (Chad Dupuis) [660390]\n- [net] qlcnic: update driver version 5.0.11 (Chad Dupuis) [660390]\n- [net] qlcnic: change all P3 references to P3P (Chad Dupuis) [660390]\n- [net] qlcnic: fix promiscous mode for VF (Chad Dupuis) [660390]\n- [net] qlcnic: fix board description (Chad Dupuis) [660390]\n- [net] qlcnic: remove private LRO flag (Chad Dupuis) [660390]\n- [net] qlcnic: support quiescent mode (Chad Dupuis) [660390]\n- [net] qlcnic: remove dead code (Chad Dupuis) [660390]\n- [net] qlcnic: set mtu lower limit (Chad Dupuis) [660390]\n- [net] qlcnic: cleanup port mode setting (Chad Dupuis) [660390]\n- [net] qlcnic: sparse warning fixes (Chad Dupuis) [660390]\n- [net] qlcnic: fix vlan TSO on big endian machine (Chad Dupuis) [660390]\n- [net] qlcnic: fix endianess for lro (Chad Dupuis) [660390]\n- [net] qlcnic: fix diag register (Chad Dupuis) [660390]\n- [net] qlcnic: fix eswitch stats (Chad Dupuis) [660390]\n- [net] qlcnic: fix internal loopback test (Chad Dupuis) [660390]\n- [net] qlcnic: return operator cleanup (Chad Dupuis) [660390]\n- [net] qlcnic: dont set skb->truesize (Chad Dupuis) [660390]\n- [net] qlcnic: dont assume NET_IP_ALIGN is 2 (Chad Dupuis) [660390]\n- [net] qlcnic: update version 5.0.10 (Chad Dupuis) [660390]\n- [net] qlcnic: remove fw version check (Chad Dupuis) [660390]\n- [net] qlcnic: vlan lro support (Chad Dupuis) [660390]\n- [net] qlcnic: vlan gro support (Chad Dupuis) [660390]\n- [net] qlcnic: support vlan rx accleration (Chad Dupuis) [660390]\n- [net] qlcnic: add cksum flag (Chad Dupuis) [660390]\n- [net] qlcnic: mac vlan learning support (Chad Dupuis) [660390]\n- [net] qlcnic: support mac learning (Chad Dupuis) [660390]\n- [net] qlcnic: fix mac override capability (Chad Dupuis) [660390]\n- [net] qlcnic: fix panic while using eth_hdr (Chad Dupuis) [660390]\n- [net] qlcnic: fix mac anti spoof policy (Chad Dupuis) [660390]\n- [net] qlcnic: fix for setting default eswitch config (Chad Dupuis) [660390]\n- [net] qlcnic: fix mac addr read (Chad Dupuis) [660390]\n- [net] qlcnic: add api version in reg dump (Chad Dupuis) [660390]\n- [net] qlcnic: backout firmware initialization update (Chad Dupuis) [660390]\n- [net] qlnic: fix a race in qlcnic_get_stats (Chad Dupuis) [660390]\n- [net] qlcnic: PCI ID addition (Chad Dupuis) [660390]\n- [net] qlcnic: Fix driver load issue in FW hang (Chad Dupuis) [660390]\n- [net] qlcnic: change reg name (Chad Dupuis) [660390]\n- [net] qlcnic: fix fw recovery for PF (Chad Dupuis) [660390]\n- [net] qlcnic: support port vlan id (Chad Dupuis) [660390]\n- [net] qlcnic: eswitch config fixes (Chad Dupuis) [660390]\n- [net] qlcnic: update version 5.0.8 (Chad Dupuis) [660390]\n- [net] qlcnic: rom lock recovery (Chad Dupuis) [660390]\n- [net] qlcnic: firmware initialization update (Chad Dupuis) [660390]\n- [net] qlcnic: fix endiness in eswitch statistics (Chad Dupuis) [660390]\n- [net] qlcnic: mark device state as failed (Chad Dupuis) [660390]\n- [net] qlcnic: fix npar state (Chad Dupuis) [660390]\n- [net] qlcnic: support anti mac spoofing (Chad Dupuis) [660390]\n- [net] qlcnic: configure offload setting on eswitch (Chad Dupuis) [660390]\n- [net] qlcnic: configure port on eswitch (Chad Dupuis) [660390]\n- [net] qlcnic: replace magic numbers with defines (Chad Dupuis) [660390]\n- [net] qlcnic: remove unused code (Chad Dupuis) [660390]\n- [net] qlcnic: fix inconsistent lock state (Chad Dupuis) [660390]\n- [net] qlcnic: Use available error codes (Chad Dupuis) [660390]\n- [net] qlcnic: turn off lro when rxcsum is disabled (Chad Dupuis) [660390]\n- [net] qlcnic: fix link diag test (Chad Dupuis) [660390]\n- [net] qlcnic: fix link status message (Chad Dupuis) [660390]\n- [net] qlcnic: add eswitch statistics support (Chad Dupuis) [660390]\n- [net] qlcnic: fix for setting function modes (Chad Dupuis) [660390]\n- [net] qlcnic: device state management fixes for virtual func (Chad Dupuis) [660390]\n- [net] qlcnic: fix aer for virtual func (Chad Dupuis) [660390]\n- [net] qlcnic: using too much stack (Chad Dupuis) [660390]\n- [net] qlcnic: clean up qlcnic_init_pci_info (Chad Dupuis) [660390]\n- [net] qlcnic: fix copyright for pci searching function (Chad Dupuis) [660390]\n- [net] netxen: support for GbE port settings (Chad Dupuis) [660437]\n- [net] netxen: Notify firmware of Flex-10 interface down (Chad Dupuis) [660437]\n- [net] netxen: update driver version 4.0.75 (Chad Dupuis) [660437]\n- [net] netxen: enable LRO based on NETIF_F_LRO (Chad Dupuis) [660437]\n- [net] netxen: update module description (Chad Dupuis) [660437]\n- [net] netxen: Use static const (Chad Dupuis) [660437]\n- [net] netxen: remove unused firmware exports (Chad Dupuis) [660437]\n- [net] netxen: Fix tx queue manipulation bug in netxen_nic_probe (Chad Dupuis) [660437]\n- [net] netxen: make local function static (Chad Dupuis) [660437]\n- [net] netxen: mask correctable error (Chad Dupuis) [660437]\n- [net] netxen: fix race in tx stop queue (Chad Dupuis) [660437]\n- [net] netxen: return operator cleanup (Chad Dupuis) [660437]\n- [net] netxen: dont set skb->truesize (Chad Dupuis) [660437]\n[2.6.18-251.el5]\n- [net] benet: Bump up the version number (Ivan Vecera) [660389]\n- [net] benet: Copyright notice change. Update to Emulex instead of ServerEngines (Ivan Vecera) [660389]\n- [net] benet: Fix UDP packet detected status in RX compl (Ivan Vecera) [660389]\n- [net] benet: changes for BE3 native mode support (Ivan Vecera) [660389]\n- [net] benet: Add multicast filter capability for Lancer (Ivan Vecera) [660389]\n- [net] benet: Disarm CQ and EQ to disable interrupt in Lancer (Ivan Vecera) [660389]\n- [net] benet: Remove TX Queue stop in close (Ivan Vecera) [660389]\n- [net] benet: Change f/w command versions for Lancer (Ivan Vecera) [660389]\n- [net] benet: Add error recovery during load for Lancer (Ivan Vecera) [660389]\n- [net] benet: Checksum field valid only for TCP/UDP (Ivan Vecera) [660389]\n- [net] benet: Remove ERR compl workaround for Lancer (Ivan Vecera) [660389]\n- [net] benet: use GFP_KERNEL allocations when possible (Ivan Vecera) [660389]\n- [net] benet: use hba_port_num instead of port_num (Ivan Vecera) [660389]\n- [net] benet: add code to display temperature of ASIC (Ivan Vecera) [660389]\n- [net] benet: fix to ignore transparent vlan ids wrongly indicated by NIC (Ivan Vecera) [660389]\n- [net] benet: variable name change (Ivan Vecera) [660389]\n- [net] benet: fixes in ethtool selftest (Ivan Vecera) [660389]\n- [net] benet: add new counters to display via ethtool stats (Ivan Vecera) [660389]\n- [net] benet: restrict WOL to PFs only. (Ivan Vecera) [660389]\n- [net] benet: detect a UE even when a interface is down. (Ivan Vecera) [660389]\n- [net] benet: gracefully handle situations when UE is detected (Ivan Vecera) [660389]\n- [net] benet: fix be_suspend/resume/shutdown (Ivan Vecera) [660389]\n- [net] benet: pass proper hdr_size while flashing redboot. (Ivan Vecera) [660389]\n- [net] benet: Fix broken priority setting when vlan tagging is enabled. (Ivan Vecera) [660389]\n- [net] benet: Allow VFs to call be_cmd_reset_function. (Ivan Vecera) [660389]\n- [net] benet: pass domain numbers for pmac_add/del functions (Ivan Vecera) [660389]\n- [net] benet: For the VF MAC, use the OUI from current MAC address (Ivan Vecera) [660389]\n- [net] benet: Cleanup the VF interface handles (Ivan Vecera) [660389]\n- [net] benet: call be_vf_eth_addr_config() after register_netdev (Ivan Vecera) [660389]\n- [net] benet: Initialize and cleanup sriov resources only if pci_enable_sriov has succeeded. (Ivan Vecera) [660389]\n- [net] benet: Use domain id when be_cmd_if_destroy is called. (Ivan Vecera) [660389]\n- [net] benet: Avoid null deref in be_cmd_get_seeprom_data (Ivan Vecera) [660389]\n- [net] benet: use device model DMA API (Ivan Vecera) [660389]\n- [net] benet: remove netif_stop_queue being called before register_netdev. (Ivan Vecera) [660389]\n- [net] benet: fix a crash seen during insmod/rmmod test (Ivan Vecera) [660389]\n- [net] benet: Use static const (Ivan Vecera) [660389]\n- [net] benet: use mutex instead of spin lock for mbox_lock (Ivan Vecera) [660389]\n- [net] benet: Handle out of buffer completions for lancer (Ivan Vecera) [660389]\n- [net] benet: FW init cmd fix for lancer (Ivan Vecera) [660389]\n- [net] benet: Fix be_dev_family_check() return value check (Ivan Vecera) [660389]\n- [net] benet: Fix too optimistic NETIF_F_HW_CSUM features (Ivan Vecera) [660389]\n- [net] benet: adding support for Lancer family of CNAs (Ivan Vecera) [660389]\n- [net] benet: remove dead code (Ivan Vecera) [660389]\n- [net] benet: Changes to use only priority codes allowed by f/w (Ivan Vecera) [660389]\n- [net] benet: add multiple RX queue support (Ivan Vecera) [660389]\n- [net] benet: fix tx completion polling (Ivan Vecera) [660389]\n- [net] benet: use Rx and Tx queues like upstream (Ivan Vecera) [660389]\n- [net] benet: return operator cleanup (Ivan Vecera) [660389]\n- [net] benet: fix a bug in UE detection logic (Ivan Vecera) [660389]\n- [net] benet: fix net-snmp error because of wrong packet stats (Ivan Vecera) [660389]\n- [net] benet: stats for packets received due to internal switching in ASIC. (Ivan Vecera) [660389]\n- [net] benet: fix to avoid sending get_stats request if one is already being processed. (Ivan Vecera) [660389]\n- [net] benet: change to show correct physical link status (Ivan Vecera) [660389]\n- [net] benet: add code to dump registers for debug (Ivan Vecera) [660389]\n- [net] benet: bump the driver version number (Ivan Vecera) [660389]\n- [net] benet: variable name changes (Ivan Vecera) [660389]\n- [net] benet: supress printing error when mac query fails for VF (Ivan Vecera) [660389]\n- [net] benet: Patch to determine if function is VF while running in guest OS. (Ivan Vecera) [660389]\n- [net] benet: enable ipv6 tso support (Ivan Vecera) [660389]\n- [net] benet: fix typos concerning management (Ivan Vecera) [660389]\n- [net] benet: Remove unnecessary returns from void functions (Ivan Vecera) [660389]\n- [net] benet: use skb_headlen() (Ivan Vecera) [660389]\n- [net] benet: clarify promiscuous cmd with a comment (Ivan Vecera) [660389]\n- [net] benet: Fix compile warnnings in drivers/net/benet/be_ethtool.c (Ivan Vecera) [660389]\n- [net] ixgbe: update to upstream version 3.2.9-k2 (Andy Gospodarek) [568312 568557 570366 571254 651467 653236 653359 653469 655022]\n- [misc] vlan: Add function to get EtherType from vlan packets (Andy Gospodarek) [568312 568557 570366 571254 651467 653236 653359 653469 655022]\n- [net] support for NETIF_F_HIGHDMA on vlan interfaces (Andy Gospodarek) [568312 568557 570366 571254 651467 653236 653359 653469 655022]\n- [scsi] bnx2i: Updated to version 2.6.2.3 (Mike Christie) [660406]\n- [scsi] bnx2i: Updated version to 2.6.2.2 (Mike Christie) [660406]\n- [scsi] bnx2i: Added iSCSI text pdu support for iSCSI offload (Mike Christie) [660406]\n- [scsi] bnx2i: Added jumbo MTU support for the no shost case (Mike Christie) [660406]\n- [scsi] bnx2i: Added support for the 57712(E) devices (Mike Christie) [660406]\n- [scsi] bnx2i: Added handling for unsupported iSCSI offload hba (Mike Christie) [660406]\n- [scsi] bnx2i: Fixed the 32-bit swapping of the LUN field for nopouts for 5771X (Mike Christie) [660406]\n- [scsi] bnx2i: Allow ep CONNECT_FAILED condition to go through proper cleanup (Mike Christie) [660406]\n- [scsi] bnx2i: Added reconnect fix connecting against Lefthand targets (Mike Christie) [660406]\n- [scsi] bnx2i: Cleaned up various error conditions in ep_connect/disconnect (Mike Christie) [660406]\n- [scsi] bnx2i: Added return code check for chip kwqe submission request (Mike Christie) [660406]\n- [scsi] bnx2i: Modified the bnx2i stop path to compensate for in progress ops (Mike Christie) [660406]\n- [scsi] bnx2i: Removed the dynamic registration of CNIC (Mike Christie) [660406]\n- [scsi] bnx2i: Added mutex lock protection to conn_get_param (Mike Christie) [660406]\n- [net] cnic: Fix lost interrupt on bnx2x (Mike Christie) [660430]\n- [net] cnic: Prevent status block race conditions with hardware (Mike Christie) [660430]\n- [net] bnx2x, cnic: Consolidate iSCSI/FCoE shared mem logic in bnx2x (Mike Christie) [660430]\n- [net] cnic: Fix the type field in SPQ messages (Mike Christie) [660430]\n- [net] cnic: Do not call bnx2i when bnx2i is calling cnic_unregister_driver() (Mike Christie) [660430]\n- [net] cnic: Do not allow iSCSI and FCoE on bnx2x multi-function mode (Mike Christie) [660430]\n- [net] cnic: fix mem leak on alloc fail in cnic_alloc_uio_rings (Mike Christie) [660430]\n- [net] cnic: Add FCoE support on 57712 (Mike Christie) [660430]\n- [net] cnic: Add kcq2 support on 57712 (Mike Christie) [660430]\n- [net] cnic: Call cm_connect_complete() immediately on error (Mike Christie) [660430]\n- [net] cnic: Check device state before reading the kcq pointer in IRQ (Mike Christie) [660430]\n- [net] cnic: Support NIC Partition mode (Mike Christie) [660430]\n- [net] cnic: Use proper client and connection IDs on iSCSI ring (Mike Christie) [660430]\n- [net] cnic: Improve ->iscsi_nl_msg_send() (Mike Christie) [660430]\n- [net] cnic: Prevent 'scheduling while atomic' when calling ->cnic_init() (Mike Christie) [660430]\n- [net] cnic: Fix iSCSI TCP port endian order. (Mike Christie) [660430]\n- [net] cnic: Remove unnecessary semicolons (Mike Christie) [660430]\n- [net] cnic: Add support for 57712 device (Mike Christie) [660430]\n- [net] cnic: Decouple uio close from cnic shutdown (Mike Christie) [660430]\n- [net] cnic: Add cnic_uio_dev struct (Mike Christie) [660430]\n- [net] cnic: Add cnic_free_uio() (Mike Christie) [660430]\n- [net] cnic: Defer iscsi connection cleanup (Mike Christie) [660430]\n- [net] cnic: Add cnic_bnx2x_destroy_ramrod() (Mike Christie) [660430]\n- [net] cnic: Convert ctx_flags to bit fields (Mike Christie) [660430]\n- [net] cnic: Add common cnic_request_irq() (Mike Christie) [660430]\n- [net] bnx2x, cnic: Fix SPQ return credit (Mike Christie) [660430]\n- [char] Enable and extend Legacy PTY support for 4096 device pairs (Mauro Carvalho Chehab) [582776]\n- [fs] ioctl: make fiemap map at least a blocksize amount (Josef Bacik) [663041]\n- [net] forcedeth/r8169: call netif_carrier_off at end of probe (Ivan Vecera) [664705 664707]\n- [net] ixgbevf: update to upstream version 2.0.0-k2 (Andy Gospodarek) [653237]\n- [net] e1000e: update to upstream version 1.3.10 (Andy Gospodarek) [653242 653548]\n- [x86] amd: Extend support to future families (Frank Arnold) [682835]\n- [x86] smpboot: Use compute unit info to determine thread siblings (Frank Arnold) [682835]\n- [x86] amd: Extract compute unit information for AMD CPUs (Frank Arnold) [682835]\n- [x86] amd: Add support for CPUID topology extension of AMD CPUs (Frank Arnold) [682835]\n- [x86] cpufeature: Update AMD CPUID feature bits (Frank Arnold) [682835]\n- [x86_64] Support NMI watchdog on newer AMD CPU families (Frank Arnold) [682835]\n- [net] ixgbe: fix for 82599 erratum on Header Splitting (Andy Gospodarek) [680531]\n- [net] ixgbe: limit VF access to network traffic (Andy Gospodarek) [680531]\n- [net] igbvf driver update for RHEL5.7 (Stefan Assmann) [653241]\n- [fs] ext3: Always set dx_nodes fake_dirent explicitly (Eric Sandeen) [662838]\n- [virt] xen/netback: signal front-end close event via udev (Paolo Bonzini) [661985]\n- [net] bnx2x: fix swap of rx-ticks and tx-ticks parameters in interrupt coalescing flow (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: fix MaxBW configuration (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: (NPAR) prevent HW access in D3 state (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: fix link notification (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: fix non-pmf device load flow (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: update driver version to 1.62.00-6 (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: properly calculate lro_mss (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: perform statistics 'action' before state transition. (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: properly configure coefficients for MinBW algorithm (NPAR mode). (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Fix ethtool -t link test for MF (non-pmf) devices. (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Fix nvram test for single port devices. (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: (NPAR mode) Fix FW initialization (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Add a missing bit for PXP parity register of 57712. (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Duplication in promisc mode (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: multicasts in NPAR mode (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Update bnx2x version to 1.62.00-5 (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Fix potential link loss in multi-function mode (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Fix port swap for BCM8073 (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Fix LED blink rate on BCM84823 (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Remove setting XAUI low-power for BCM8073 (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Update bnx2x version to 1.62.00-4 (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Fix AER setting for BCM57712 (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Fix BCM84823 LED behavior (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Mark full duplex on some external PHYs (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Fix BCM8073/BCM8727 microcode loading (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: LED fix for BCM8727 over BCM57712 (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Common init will be executed only once after POR (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Swap BCM8073 PHY polarity if required (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: fix typos (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Fix the race on bp->stats_pending. (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Move to D0 before clearing MSI/MSI-X configuration. (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: registers dump fixes (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Dont prevent RSS configuration in INT#x and MSI interrupt modes. (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: adding dcbnl support (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Use static const (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: remove bogus check (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: update version to 1.62.00-2 (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: update firmware to 6.2.5.0 (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: bnx2x_request_firmware update for 6.2.5.0 (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: replace FW to 6.2.5 (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Add DCB/PFC support - link layer (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: add DCB support (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Disable FCoE ring, NETDEV_HW_ADDR_T_SAN for RHEL5.7. (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: add FCoE ring (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Update version number and a date. (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Fixed a compilation warning (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Use dma_alloc_coherent() semantics for ILT memory allocation (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: LSO code was broken on BE platforms (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Add Nic partitioning mode (57712 devices) (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Use helpers instead of direct access to the shinfo(skb) fields (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Do interrupt mode initialization and NAPIs adding before register_netdev() (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Disable local BHes to prevent a dead-lock situation (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: fix error value sign (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Remove unnecessary semicolons (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Update version number (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Reset 8073 phy during common init (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Do not enable CL37 BAM unless it is explicitly enabled (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Fix resetting BCM8726 PHY during common init (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Clear latch indication on link reset (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Fix port selection in case of E2 (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Fix waiting for reset complete on BCM848x3 PHYs (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Restore appropriate delay during BMAC reset (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: make local function static and remove dead code (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: remove BCM_VLAN (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Dont check for vlan group before vlan_tx_tag_present. (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: update version to 1.60.00-3 (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: prevent false parity error in MSI-X memory of HC block (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: fix possible deadlock in HC hw block (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: update version to 1.60.00-2 (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: remove unnecessary FUNC_FLG_RSS flag and related (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Use correct FW constant for header padding (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: do not deal with power if no capability (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: remove redundant commands during error handling (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Optimized the branching in the bnx2x_rx_int() (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Fixing a typo: added a missing RSS enablement (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: update version to 1.60.00-1 (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: properly initialize FW stats (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: code beautify (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Fix SPQ return credit (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: move msix table initialization to probe() (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: use L1_CACHE_BYTES instead of magic number (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: remove unused fields in main driver structure (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: remove unused parameter in reuse_rx_skb() (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Add 57712 support (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: change type of spq_left to atomic (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Protect statistics ramrod and sequence number (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: rename MF related fields (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: firmware naming from upstream (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: whitespaces like in upstream, remove some #if0 lines (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: use netdev_for_each_mc_addr (Michal Schmidt) [629609 651546 653357 656360]\n- [misc] netdevice.h: add netdev_mc_count (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: use trivial wrappers around get_sset_count (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: remove a few pointless differences from upstream (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: bnx2x_alloc_napi cleanup, caller more similar to upstream (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: remove bnx2x_init_values.h (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x, cnic, bnx2i: use new FW/HSI (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Moved enabling of MSI to the bnx2x_set_num_queues() (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Use netif_set_real_num_{rx, tx}_queues() (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: return operator cleanup (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Spread rx buffers between allocated queues (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: use ARRAY_SIZE macro in bnx2x_main.c (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Update bnx2x version to 1.52.53-6 (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Change LED scheme for dual-media (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Add dual-media changes (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Organize PHY functions (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Apply logic changes for the new scheme (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Move common function into aggregated function (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Adjust flow-control with the new scheme (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Adjust alignment of split PHY functions (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Split PHY functions (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Unify PHY attributes (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: avoid skb->ip_summed initialization (Michal Schmidt) [629609 651546 653357 656360]\n- [net] skbuff: add skb_checksum_none_assert (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Update version to 1.52.53-5 (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Add BCM84823 to the supported PHYs (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Change BCM848xx LED configuration (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Remove unneeded setting of XAUI low power to BCM8727 (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Change BCM848xx configuration according to IEEE (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Reset link before any new link settings (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Fix potential link issue In BCM8727 based boards (Michal Schmidt) [629609 651546 653357 656360]\n- [net] bnx2x: Fix potential link issue of BCM8073/BCM8727 (Michal Schmidt) [629609 651546 653357 656360]\n- Revert: [net] bnx2x: force interrupt mode for iscsi unset mac (Michal Schmidt) [629609 651546 653357 656360]\n- [net] ipv4: make accept_local writeable for loopback (Neil Horman) [672570]\n- [net] bnx2: Update to latest upstream for RHEL5.7 (Neil Horman) [651438 660375]\n- [pci] backport common vpd support functions (Neil Horman) [683978]\n- [net] e1000: fix sparse warning (Dean Nelson) [571889 653248 653546]\n- [net] e1000: add support for Marvell Alaska M88E1118R PHY (Dean Nelson) [571889 653248 653546]\n- [net] e1000: Add support for the CE4100 reference platform (Dean Nelson) [571889 653248 653546]\n- [net] e1000: fix return value not set on error (Dean Nelson) [571889 653248 653546]\n- [net] e1000: fix Tx hangs by disabling 64-bit DMA (Dean Nelson) [571889 653248 653546]\n- [net] e1000: allow option to limit number of descriptors down to 48 per ring (Dean Nelson) [571889 653248 653546]\n- [net] e1000: Use new function for copybreak tests (Dean Nelson) [571889 653248 653546]\n- [net] e1000: do not modify tx_queue_len on link speed change (Dean Nelson) [571889 653248 653546]\n- [net] e1000: Fix DMA mapping error handling on RX (Dean Nelson) [571889 653248 653546]\n- [net] e1000: call pci_save_state after pci_restore_state (Dean Nelson) [571889 653248 653546]\n- [net] e1000: dont use small hardware rx buffers (Dean Nelson) [571889 653248 653546]\n- [fs] gfs2: directly write blocks past i_size (Benjamin Marzinski) [684371]\n- [fs] gfs2: fix block allocation check for fallocate (Benjamin Marzinski) [684024]\n- [redhat] spec: trim srpm size and vastly improve prep time (Jarod Wilson) [687950]\n[2.6.18-250.el5]\n- [block] cciss: use short tags where supported (Tomas Henzl) [656343]\n- [block] cciss: Fix memory leak in cciss_sysfs_stat_inquiry (Tomas Henzl) [656343]\n- [block] cciss: do not reorder commands in internal queue (Tomas Henzl) [656343]\n- [block] cciss: add another controller 0x103C3356 (Tomas Henzl) [656343]\n- [block] cciss: fix panic in cciss_revalidate (Tomas Henzl) [656343]\n- [block] cciss: Do not remove /proc entry if we never created it (Tomas Henzl) [656343]\n- [block] cciss: do not leak stack to userland (Tomas Henzl) [656343]\n- [block] cciss: catch kmalloc failure of h->scatter_list (Tomas Henzl) [656343]\n- [block] cciss: fix missed command status value CMD_UNABORTABLE (Tomas Henzl) [656343]\n- [block] cciss: remove ifdefed out interrupt_not_for_us (Tomas Henzl) [656343]\n- [block] cciss: change printks to dev_warn (Tomas Henzl) [656343]\n- [block] cciss: use consistent variable names (Tomas Henzl) [656343]\n- [block] cciss: mark performant mode function as __devinit (Tomas Henzl) [656343]\n- [block] cciss: cleanup some debug ifdefs (Tomas Henzl) [656343]\n- [block] cciss: fix leak of ioremapped memory in init error path (Tomas Henzl) [656343]\n- [block] cciss: Fix panic in multipath configurations (Tomas Henzl) [656343]\n- [message] mptfusion: version update to 3.04.18rh (Tomas Henzl) [662160]\n- [message] mptfusion: Incorrect return value in mptscsih_dev_reset (Tomas Henzl) [662160]\n- [message] mptfusion: remove bus reset (Tomas Henzl) [662160]\n- [message] mptfusion: 3gbps - 6gbps (Tomas Henzl) [662160]\n- [message] mptfusion: sysfs sas addr handle (Tomas Henzl) [662160]\n- [message] mptfusion: Fix 32 bit platforms with 64 bit resources (Tomas Henzl) [662160]\n- [message] mptfusion: use module_param correctly (Tomas Henzl) [662160]\n- [message] mptfusion: Adjust confusing if indentation (Tomas Henzl) [662160]\n- [message] mptfusion: print Doorbell reg on hard reset and timeout (Tomas Henzl) [662160]\n- [message] mptfusion: Cleanup some duplicate calls in mptbase.c (Tomas Henzl) [662160]\n- [message] mptfusion: Extra DMD error handling debug prints (Tomas Henzl) [662160]\n- [message] mptfusion: block errors if deleting devices or DMD (Tomas Henzl) [662160]\n- [message] mptfusion: add ioc_reset_in_progress reset in SoftReset (Tomas Henzl) [662160]\n- [message] mptfusion: handle SATA hotplug failure (Tomas Henzl) [662160]\n- [message] mptfusion: schedule_target_reset from all Reset context (Tomas Henzl) [662160]\n- [message] mptfusion: sanity check for device before adding to OS (Tomas Henzl) [662160]\n- [message] mptfusion: fix declaration of device_missing_delay (Tomas Henzl) [662160]\n- [message] mptfusion: DID_TRANSPORT_DISRUPTED, not DID_BUS_BUSY (Tomas Henzl) [662160]\n- [message] mptfusion: Set fw_events_off to 1 at driver load time (Tomas Henzl) [662160]\n- [scsi] mpt2sas: version change to 08.101.00.00 (Tomas Henzl) [662153]\n- [scsi] mpt2sas: Call _scsih_ir_shutdown before reporting to OS (Tomas Henzl) [662153]\n- [scsi] mpt2sas: Basic Code Cleanup in mpt2sas_base (Tomas Henzl) [662153]\n- [scsi] mpt2sas: fix access to freed memory from port enable (Tomas Henzl) [662153]\n- [scsi] mpt2sas: Fix race between broadcast asyn event (Tomas Henzl) [662153]\n- [scsi] mpt2sas: support for Customer specific branding messages (Tomas Henzl) [662153]\n- [scsi] mpt2sas: Revision P MPI Header Update (Tomas Henzl) [662153]\n- [scsi] mpt2sas: Correct resizing calculation for max_queue_depth (Tomas Henzl) [662153]\n- [scsi] mpt2sas: device reset event not supported on old firmware (Tomas Henzl) [662153]\n- [scsi] mpt2sas: fix device removal handshake with vacant bit set (Tomas Henzl) [662153]\n- [scsi] mpt2sas: Debug string changes from target to device (Tomas Henzl) [662153]\n- [scsi] mpt2sas: Remove code for TASK_SET_FULL from driver (Tomas Henzl) [662153]\n- [scsi] mpt2sas: MPI2.0 Header updated (Tomas Henzl) [662153]\n- [scsi] mpt2sas: Modify code to support Expander switch (Tomas Henzl) [662153]\n- [scsi] mpt2sas: create pool of chain buffers for IO (Tomas Henzl) [662153]\n- [scsi] mpt2sas: add loadtime params for IOMissingDelay and params (Tomas Henzl) [662153]\n- [scsi] mpt2sas: add sanity check for cb_idx and smid access (Tomas Henzl) [662153]\n- [scsi] mpt2sas: remov compiler warnnings when logging is disabled (Tomas Henzl) [662153]\n- [scsi] mpt2sas: Copy message frame before releasing (Tomas Henzl) [662153]\n- [scsi] mpt2sas: Copy sense buffer to work on it (Tomas Henzl) [662153]\n- [scsi] mpt2sas: Add message to error escalation callback (Tomas Henzl) [662153]\n- [scsi] mpt2sas: Add check for responding volumes after Host Reset (Tomas Henzl) [662153]\n- [scsi] mpt2sas: add ENOMEM return type when allocation fails (Tomas Henzl) [662153]\n- [scsi] mpt2sas: device event handling using pd_handles per HBA (Tomas Henzl) [662153]\n- [scsi] mpt2sas: Tie a log info message to a specific PHY (Tomas Henzl) [662153]\n- [scsi] mpt2sas: print level KERN_DEBUG is replaced by KERN_INFO (Tomas Henzl) [662153]\n- [scsi] mpt2sas: add sysfs support for tracebuffer (Tomas Henzl) [662153]\n- [scsi] mpt2sas: MPI header version N is updated (Tomas Henzl) [662153]\n- [scsi] mpt2sas: add sysfs counter for ioc reset (Tomas Henzl) [662153]\n- [scsi] mpt2sas: add expander phy control support (Tomas Henzl) [662153]\n- [scsi] mpt2sas: add expander phy counter support (Tomas Henzl) [662153]\n- [scsi] mpt2sas: add disable_discovery module parameter (Tomas Henzl) [662153]\n- [scsi] mpt2sas: dont reset when another reset is in progress (Tomas Henzl) [662153]\n- [net] ip_conntrack_ftp: fix tracking of sequence numbers (Thomas Graf) [642388]\n- [fs] gfs2: add missing unlock_page in gfs2_write_begin (Steven Whitehouse) [684795]\n- [powerpc] numa: improved kABI breakage fix in paca struct (Steve Best) [651167]\n- [fs] gfs2: Make delayed workqueues submit immediately if delay 0 (Robert S Peterson) [650494]\n- [fs] gfs2: improve performance with bouncing locks in a cluster (Robert S Peterson) [650494]\n- [net] s2io: rx_ring_sz bounds checking (Michal Schmidt) [491786]\n- [net] s2io: resolve statistics issues (Michal Schmidt) [598650]\n- [scsi] iscsi: use kmap instead of kmap_atomic (Mike Christie) [672115]\n- [block] reduce stack footprint of blk_recount_segments() (Jeff Moyer) [638988]\n- [block] fix nr_phys_segments miscalculation bug (Jeff Moyer) [638988]\n- [block] raid fixups for removal of bi_hw_segments (Jeff Moyer) [638988]\n- [block] drop vmerge accounting (Jeff Moyer) [638988]\n- [block] drop virtual merging accounting (Jeff Moyer) [638988]\n- [block] Introduce rq_for_each_segment replacing rq_for_each_bio (Jeff Moyer) [638988]\n- [block] Merge blk_recount_segments into blk_recalc_rq_segments (Jeff Moyer) [638988]\n- [fs] Fix over-zealous flush_disk changing device size (Jeff Moyer) [678359]\n- [fs] lockd: make lockd_down wait for lockd to come down (Jeff Layton) [653286]\n- [net] sunrpc: Dont disconnect if connection in progress (Jeff Layton) [680329]\n- [fs] fix block based fiemap (Josef Bacik) [675986]\n- [fs] proc: protect mm start_/end_code in /proc/pid/stat (Eugene Teo) [684571] {CVE-2011-0726}\n- [net] dccp: fix oops in dccp_rcv_state_process (Eugene Teo) [682956] {CVE-2011-1093}\n- [scsi] libsas: fix bug for vacant phy (David Milburn) [676423]\n- [scsi] libsas: do not set res = 0 in sas_ex_discover_dev (David Milburn) [676423]\n- [scsi] libsas: fix wide port hotplug issues (David Milburn) [676423]\n- [scsi] libsas: fixup kABI breakage (David Milburn) [676423]\n- [scsi] libsas: no commands to hot-removed devices (David Milburn) [676423]\n- [scsi] libsas: transport-level facility to req SAS addrs (David Milburn) [676423]\n- [scsi] libsas: misc fixes to the eh path (David Milburn) [676423]\n- [scsi] libsas: correctly flush LU queue on error recovery (David Milburn) [676423]\n- [scsi] libsas: fix error handling (David Milburn) [676423]\n- [scsi] libsas: fix sense_buffer overrun (David Milburn) [676423]\n- [scsi] libsas: reuse orig port hotplugging phys wide port (David Milburn) [676423]\n- [scsi] libsas: fix NCQ mixing with non-NCQ (David Milburn) [676423]\n- [scsi] libsas: fix endianness bug in sas_ata (David Milburn) [676423]\n- [scsi] libsas: dont use made up error codes (David Milburn) [676423]\n- [net] bluetooth: fix bnep buffer overflow (Don Howard) [681319] {CVE-2011-1079}\n- [pci] intel-iommu: Fix get_domain_for_dev() error path (Alex Williamson) [688646]\n- [pci] intel-iommu: Unlink domain from iommu (Alex Williamson) [688646]\n- [redhat] spec: assorted cleanup and streamlining\n[2.6.18-249.el5]\n- [md] dm-mpath: avoid storing private suspended state (Mike Snitzer) [678670]\n- [md] dm-mpath: reject messages when device is suspended (Mike Snitzer) [678670]\n- [md] dm: export suspended state to targets (Mike Snitzer) [678670]\n- [md] dm: rename dm_suspended to dm_suspended_md (Mike Snitzer) [678670]\n- [md] dm: swap postsuspend call and setting suspended flag (Mike Snitzer) [678670]\n- [md] dm-ioctl: retrieve status from inactive table (Mike Snitzer) [678670]\n- [md] dm: rename dm_get_table to dm_get_live_table (Mike Snitzer) [678670]\n- [md] dm-stripe: avoid div by 0 with invalid stripe count (Mike Snitzer) [678670]\n- [md] dm-ioctl: forbid messages to devices being deleted (Mike Snitzer) [678670]\n- [md] dm: add dm_deleting_md function (Mike Snitzer) [678670]\n- [md] dm: dec_pending needs locking to save error value (Mike Snitzer) [678670]\n- [md] dm-raid1: keep retrying alloc if mempool_alloc fails (Mike Snitzer) [678670]\n- [md] dm-table: fix upgrade mode race (Mike Snitzer) [678670]\n- [md] dm-io: respect BIO_MAX_PAGES limit (Mike Snitzer) [678670]\n- [md] dm-ioctl: validate name length when renaming (Mike Snitzer) [678670]\n- [md] dm-log: fix dm_io_client leak on error paths (Mike Snitzer) [678670]\n- [md] dm: avoid destroying table in dm_any_congested (Mike Snitzer) [678670]\n- [md] dm-raid1: fix leakage (Mike Snitzer) [678670]\n- [md] dm-mpath: validate hw_handler argument count (Mike Snitzer) [678670]\n- [md] dm-mpath: validate table argument count (Mike Snitzer) [678670]\n- [md] dm-mpath: fix NULL deref when path parameter missing (Mike Snitzer) [673058]\n- [md] dm-mpath: wait for pg_init completion on suspend (Mike Snitzer) [673058]\n- [md] dm-mpath: hold io until all pg_inits completed (Mike Snitzer) [673058]\n- [md] dm-mpath: skip activate_path for failed paths (Mike Snitzer) [673058]\n- [md] dm-mpath: pass struct pgpath to pg init done (Mike Snitzer) [673058]\n- [md] dm-mpath: prevent io from work queue while suspended (Mike Snitzer) [673058]\n- [md] dm-mpath: add mutex to sync adding and flushing work (Mike Snitzer) [673058]\n- [md] dm-mpath: flush workqueues before suspend completes (Mike Snitzer) [673058]\n- [powerpc] numa: Fix kABI breakage in paca struct (Steve Best) [651167]\n- [powerpc] Disable VPHN polling during a suspend operation (Steve Best) [651167]\n- [powerpc] mm: Poll VPA for topo changes, update NUMA maps (Steve Best) [651167]\n- [powerpc] Add VPHN firmware feature (Steve Best) [651167]\nwith external journal (Lukas Czerner) [652321]\n- [fs] nfs: wait for COMMIT RPC complete before task put (Jeff Layton) [441730]\n- [fs] nfs: ->flush and ->fsync should use FLUSH_SYNC (Jeff Layton) [441730]\n- [net] sunrpc: fix race in __rpc_wait_for_completion_task (Jeff Layton) [441730]\n- [fs] nfs: Ensure proper cleanup on rpc_run_task fail (Jeff Layton) [441730]\n- [fs] nfs: clean up the unstable write code (Jeff Layton) [441730]\n- [fs] nfs: Dont use ClearPageUptodate if writeback fails (Jeff Layton) [441730]\n- [fs] nfs: Fix an unstable write data integrity race (Jeff Layton) [441730]\n- [fs] nfs: make sure WRITE and COMMIT are uninterruptible (Jeff Layton) [441730]\n- [fs] nfs: change how FLUSH_STABLE flag is used (Jeff Layton) [441730]\n- [mm] writeback: fix queue handling in blk_congestion_wait (Jeff Layton) [516490]\n- [fs] nfs: clean up nfs congestion control (Jeff Layton) [516490]\n- [block] Add real API for dealing with blk_congestion_wait (Jeff Layton) [516490]\n- [fs] nfs: kswapd must not block in nfs_release_page (Jeff Layton) [516490]\n- [fs] nfs: Prevent another deadlock in nfs_release_page (Jeff Layton) [516490]\n- [fs] nfs: Try commit unstable writes in nfs_release_page (Jeff Layton) [516490]\n- [fs] nfs: Add debugging facility for NFS aops (Jeff Layton) [516490]\n- [fs] nfs: Fix race in nfs_release_page() (Jeff Layton) [516490]\n- [fs] nfs: Fix nfs_release_page (Jeff Layton) [516490]\n- [fs] nfs: reduce number of unnecessary commit calls (Jeff Layton) [516490]\n- [fs] nfs: nfs_writepages() cleanup (Jeff Layton) [516490]\n[2.6.18-248.el5]\n- [virt] xen: make more room for event channel IRQs (Paolo Bonzini) [650838]\n- [message] mptfusion: fix msgContext in mptctl_hp_hostinfo (Tomas Henzl) [646513]\n- [net] ipv6: Add GSO support on forwarding path (Thomas Graf) [648572]\n- [net] tc: Ignore noqueue_qdisc default qdisc when dumping (Thomas Graf) [627850]\n- [serial] 8250_pci: add support for PowerPC PLX 8250 (Steve Best) [651431]\n- [scsi] ibmveth: Free irq on error path (Steve Best) [651872]\n- [scsi] ibmveth: Cleanup error handling in ibmveth_open (Steve Best) [651872]\n- [scsi] ibmveth: Remove some unnecessary include files (Steve Best) [651872]\n- [scsi] ibmveth: Convert driver specific assert to BUG_ON (Steve Best) [651872]\n- [scsi] ibmveth: Return -EINVAL on all ->probe errors (Steve Best) [651872]\n- [scsi] ibmveth: Some formatting fixes (Steve Best) [651872]\n- [scsi] ibmveth: Remove redundant function prototypes (Steve Best) [651872]\n- [scsi] ibmveth: Convert to netdev_alloc_skb (Steve Best) [651872]\n- [scsi] ibmveth: Remove dupe checksum offload setup code (Steve Best) [651872]\n- [scsi] ibmveth: Add optional flush of rx buffer (Steve Best) [651872]\n- [scsi] ibmveth: Add scatter-gather support (Steve Best) [651872]\n- [scsi] ibmveth: Add rx_copybreak (Steve Best) [651872]\n- [scsi] ibmveth: Add tx_copybreak (Steve Best) [651872]\n- [scsi] ibmveth: Remove LLTX (Steve Best) [651872]\n- [scsi] ibmveth: batch rx buffer replacement (Steve Best) [651872]\n- [scsi] ibmveth: Remove integer divide caused by modulus (Steve Best) [651872]\n- [fs] gfs2: creating large files suddenly slow to a crawl (Robert S Peterson) [683155]\n- [virt] xen: performance improvement for 32-bit domains (Paolo Bonzini) [390451]\n- [fs] nfs: fix use of slab allocd pages in skb frag list (Neil Horman) [682643] {CVE-2011-1090}\n- [net] af_packet: allow multicast traffic on bond ORIGDEV (Jiri Pirko) [579000]\n- [net] af_packet: option to return orig_dev to userspace (Jiri Pirko) [579000]\n- [fs] nfs: back out the FS-Cache patches (Jeff Layton) [631950]\n- [x86_64]: fix section mismatches in kernel setup (Frank Arnold) [683078]\n- [char] tty_audit: fi

(RHSA-2011:1090) Moderate: rhev-hypervisor security and bug fix update

Description

Affected Package

Related